JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.57.198.165

20.57.198.165 was found in our database!

This IP was reported 26 times. Confidence of Abuse is 76%: ?

76%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.57.198.165

Whois 20.57.198.165

IP Abuse Reports for 20.57.198.165:

This IP address has been reported a total of 26 times from 17 distinct sources. 20.57.198.165 was first reported on June 2nd 2026, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇹 urnilxfgbez	2026-06-15 22:45:00 (5 days ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇺🇸 TPI-Abuse	2026-06-15 06:55:10 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 20.57.198.165 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.57.198.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 02:55:03.803253 2026] [security2:error] [pid 20274:tid 20274] [client 20.57.198.165:21794] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.228"] [uri "/.git/HEAD"] [unique_id "ai-hx7vVt2BmbAi1qohP2QAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇷 SOC PR	2026-06-15 04:06:02 (5 days ago)	IPS: WordPress Sensitive System Files Information Disclosure.	Hacking
🇷🇸 Scan	2026-06-15 01:38:48 (6 days ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇺🇸 TPI-Abuse	2026-06-15 01:38:07 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 20.57.198.165 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.57.198.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 21:38:00.662421 2026] [security2:error] [pid 22762:tid 22762] [client 20.57.198.165:21834] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.187"] [uri "/.git/config"] [unique_id "ai9XeEDcPnGeNlyR_T7z-AAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 sid3windr	2026-06-06 20:27:37 (2 weeks ago)	GET /.env (Tarpitted for 11h26m17s, wasted 2.36MB)	Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 14:32:57 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.57.198.165 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.57.198.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 10:32:49.913635 2026] [security2:error] [pid 5302:tid 5302] [client 20.57.198.165:17622] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.139"] [uri "/.git/HEAD"] [unique_id "aiQvkWfd9G0UxIUKSmqv5gAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇿 Countryman	2026-06-06 14:14:50 (2 weeks ago)	IPS detection: HTPasswd.Access	Hacking
🇺🇸 TPI-Abuse	2026-06-06 14:14:37 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.57.198.165 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.57.198.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 10:14:32.407472 2026] [security2:error] [pid 7576:tid 7576] [client 20.57.198.165:17653] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.64"] [uri "/.git/HEAD"] [unique_id "aiQrSEuejKGmDQUF7OBvSQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 13:58:16 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.57.198.165 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.57.198.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 09:58:08.393309 2026] [security2:error] [pid 18559:tid 18559] [client 20.57.198.165:18200] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.34"] [uri "/.git/HEAD"] [unique_id "aiQncEEtrljAd8eYImscaAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 RAP	2026-06-06 13:29:30 (2 weeks ago)	2026-06-06 13:29:30 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇺🇸 Som1ght3n	2026-06-06 12:37:42 (2 weeks ago)	The IP attempted to access sensitive application files like /.git/HEAD, indicating a web application ... show more The IP attempted to access sensitive application files like /.git/HEAD, indicating a web application reconnaissance or exploitation attempt. show less	Web App Attack
🇺🇸 xmission.com	2026-06-06 11:02:39 (2 weeks ago)	Blocked by UFW (TCP on 2087) Source port: 16586 TTL: 52 Packet length: 60 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 2087) Source port: 16586 TTL: 52 Packet length: 60 TOS: 0x00 This report (for 20.57.198.165) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇩🇪 ghostwarriors	2026-06-06 10:20:35 (2 weeks ago)	Webpage scraping	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 10:14:50 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.57.198.165 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.57.198.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 06:14:47.409015 2026] [security2:error] [pid 11906:tid 11906] [client 20.57.198.165:18030] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.227"] [uri "/.git/HEAD"] [unique_id "aiPzF8e-0KELb2u79NZcRwAAABI"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 26 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 2a06:a880:5:9e66::1

🇫🇮 216.40.72.226

🇫🇮 212.18.113.36

🇨🇳 183.242.64.111

🇮🇳 182.95.182.138

🇺🇸 173.255.225.25

🇺🇸 173.255.221.189

🇺🇸 172.110.223.179

🇩🇪 167.94.146.33

🇺🇸 165.154.163.148

🇺🇸 159.65.161.124

🇵🇰 153.117.9.53

🇺🇸 136.119.178.163

🇳🇿 125.236.193.110

🇨🇳 124.221.163.189

🇲🇦 105.77.192.234

🇮🇳 103.143.39.43

🇷🇺 81.211.72.167

🇺🇸 66.132.186.231

🇳🇱 45.148.10.67