JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.57.214.153

20.57.214.153 was found in our database!

This IP was reported 22 times. Confidence of Abuse is 84%: ?

84%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.57.214.153

Whois 20.57.214.153

IP Abuse Reports for 20.57.214.153:

This IP address has been reported a total of 22 times from 17 distinct sources. 20.57.214.153 was first reported on June 2nd 2026, and the most recent report was 6 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇹 urnilxfgbez	2026-06-03 22:45:00 (6 days ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇧🇷 SOC Blue Team	2026-06-03 05:26:09 (1 week ago)	IPs get by Hunting on SIEM	Phishing Web Spam Port Scan Hacking
🇨🇦 Bots.go.to.hell	2026-06-03 03:00:08 (1 week ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-probing	Web App Attack Hacking
🇷🇸 Scan	2026-06-03 02:20:07 (1 week ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇺🇸 MPL	2026-06-03 02:04:09 (1 week ago)	tcp port scan (6 or more attempts)	Port Scan
🇺🇸 TPI-Abuse	2026-06-03 01:55:23 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 20.57.214.153 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.57.214.153 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 21:55:19.452344 2026] [security2:error] [pid 1590:tid 1590] [client 20.57.214.153:60277] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.237"] [uri "/.git/config"] [unique_id "ah-Jh7ayOxpY5VyUrXNETQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇭🇰 pengpeng	2026-06-03 01:40:09 (1 week ago)	monitor: on ser162528253480 \| port: 2083 \| ttl: 127 script: github.com/sefinek/UFW-AbuseIPDB-Report ... show more monitor: on ser162528253480 \| port: 2083 \| ttl: 127 script: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇩🇪 wiredalter	2026-06-03 01:20:23 (1 week ago)	Blocked by UFW on dVPS [8080/tcp] Source Port: 60431 TTL: 38 Packet Length: 60 TOS: 0x00 Analyzed b ... show more Blocked by UFW on dVPS [8080/tcp] Source Port: 60431 TTL: 38 Packet Length: 60 TOS: 0x00 Analyzed by https://ip.wiredalter.com show less	Port Scan Brute-Force
🇺🇸 TPI-Abuse	2026-06-03 01:07:32 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 20.57.214.153 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.57.214.153 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 21:07:26.712778 2026] [security2:error] [pid 2309:tid 2309] [client 20.57.214.153:60043] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.170"] [uri "/.git/config"] [unique_id "ah9-TtQ5p_Dtho2INRpHoQAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 mediarama.com	2026-06-02 23:28:14 (1 week ago)	Banned by Fail2Ban	Web App Attack
Anonymous	2026-06-02 23:06:05 (1 week ago)	Trying to access config files	Web App Attack
🇺🇸 NXTwoThou	2026-06-02 22:50:27 (1 week ago)	/.git/config	Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 22:38:44 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 20.57.214.153 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.57.214.153 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 18:38:36.407277 2026] [security2:error] [pid 24102:tid 24102] [client 20.57.214.153:59869] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.93"] [uri "/.env"] [unique_id "ah9bbFNz0Xp9hFiToYD3PQAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2026-06-02 10:05:56 (1 week ago)	Attempted access to sensitive endpoint (/.git/HEAD) detected. Automated scan or unauthorized probing ... show more Attempted access to sensitive endpoint (/.git/HEAD) detected. Automated scan or unauthorized probing. show less	Web App Attack
🇦🇹 Starburst SysOp Team	2026-06-02 09:59:56 (1 week ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-vie6-1)	Hacking Bad Web Bot

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 213.177.179.174

🇧🇷 200.232.114.71

🇺🇸 173.255.160.184

🇺🇸 168.100.149.162

🇺🇸 152.32.233.100

🇫🇷 85.217.140.49

🇩🇪 43.228.157.10

🇲🇿 197.249.251.178

🇺🇸 172.237.156.206

🇺🇸 168.100.149.90

🇳🇱 142.93.224.178

🇨🇳 121.5.175.106

🇻🇳 103.162.31.159

🇺🇸 66.132.186.214

🇭🇰 45.249.246.196

🇷🇴 2.57.121.25

🇺🇸 168.100.149.232

🇨🇳 111.10.244.187

🇺🇸 66.132.186.253

🇮🇳 64.227.180.217