JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 64.236.161.18

64.236.161.18 was found in our database!

This IP was reported 41 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Chicago, Illinois

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 64.236.161.18

Whois 64.236.161.18

IP Abuse Reports for 64.236.161.18:

This IP address has been reported a total of 41 times from 35 distinct sources. 64.236.161.18 was first reported on October 16th 2025, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇹 urnilxfgbez	2026-06-03 22:45:00 (2 days ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇯🇵 demonsword	2026-06-03 16:24:22 (2 days ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: ptlogin.4399.com:443 show less	Open Proxy Port Scan
🇳🇱 BIV	2026-06-03 07:39:33 (3 days ago)	Honeypot multi-source hit. Sources: tpot:Honeytrap,tpot:P0f,tpot:Suricata. Ports: 2082,2083,2086,443 ... show more Honeypot multi-source hit. Sources: tpot:Honeytrap,tpot:P0f,tpot:Suricata. Ports: 2082,2083,2086,443,80. Automated tiered (T-Pot+DShield). show less	Port Scan Hacking Bad Web Bot
🇵🇱 Yachiyo Runami	2026-06-03 07:31:40 (3 days ago)	Port Scan on Honeypot \| Ports: 8080/HTTP-proxy, 80/HTTP \| Proto: TCP(2) \| Flags: all SYN \| TTL: 40-4 ... show more Port Scan on Honeypot \| Ports: 8080/HTTP-proxy, 80/HTTP \| Proto: TCP(2) \| Flags: all SYN \| TTL: 40-41 \| Len: 60B(2x) \| Win: 64240(2) \| F2B/ufw-honeypot@2026-06-03T07:31:40Z show less	Port Scan Hacking
🇨🇭 pingusurmars	2026-06-03 07:23:51 (3 days ago)	Blocked by UFW on amperetwo [2087/tcp] Source port: 25600 TTL: 54 Packet length: 60 TOS: 0x00 This ... show more Blocked by UFW on amperetwo [2087/tcp] Source port: 25600 TTL: 54 Packet length: 60 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-03 06:24:25 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 64.236.161.18 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 64.236.161.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 02:24:20.343957 2026] [security2:error] [pid 21400:tid 21400] [client 64.236.161.18:53010] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.175"] [uri "/.git/HEAD"] [unique_id "ah_IlPTUuOTRLqb8PAzRxAAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 soverin	2026-06-03 06:23:04 (3 days ago)	Network scan on port 80	Email Spam
🇮🇩 sockominfo	2026-06-03 06:00:44 (3 days ago)	Access to sensitive files detected w/ specific boundary.. Threat Score: 5.1/10 (MEDIUM). Confidence: ... show more Access to sensitive files detected w/ specific boundary.. Threat Score: 5.1/10 (MEDIUM). Confidence: 40%. CVSS v3.1: 2.9/10 (Low). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Bayesian Probability: 40%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Web App Attack
🇹🇷 Threat.live	2026-06-03 05:45:05 (3 days ago)	Suspicious Connection Attempts	Brute-Force
🇫🇷 LRNP	2026-06-03 05:29:10 (3 days ago)	_:80 64.236.161.18 - - [03/Jun/2026:05:29:09 +0000] "GET /.env HTTP/1.1" 404 181 "-" "Mozilla/5.0 (W ... show more _:80 64.236.161.18 - - [03/Jun/2026:05:29:09 +0000] "GET /.env HTTP/1.1" 404 181 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" ... show less	Bad Web Bot Web App Attack
🇹🇼 ip4.tw	2026-06-03 05:16:01 (3 days ago)	Malicious web scan	Hacking Web App Attack
Anonymous	2026-06-03 05:07:03 (3 days ago)	Trying to access config files	Web App Attack
🇮🇩 sockominfo	2026-06-03 05:00:12 (3 days ago)	Access to sensitive files detected w/ specific boundary.. Threat Score: 7.1/10 (HIGH). Reported by T ... show more Access to sensitive files detected w/ specific boundary.. Threat Score: 7.1/10 (HIGH). Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Web App Attack
🇺🇸 technash	2026-06-03 04:50:00 (3 days ago)	Port scanning detection [Fortinet/Sentinel]. Deny/drop traffic.	Port Scan
🇩🇪 cloudmax	2026-06-03 04:39:29 (3 days ago)	Cloudmax IPS Block - Suspicious activity. Possible port scanning, service reconnaissance, or vulnera ... show more Cloudmax IPS Block - Suspicious activity. Possible port scanning, service reconnaissance, or vulnerability probing show less	Port Scan

Showing 1 to 15 of 41 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 118.212.120.193

🇨🇳 113.77.241.72

🇨🇳 111.26.6.111

🇷🇴 109.166.213.10

🇮🇪 108.129.179.249

🇸🇬 103.250.11.116

🇮🇳 103.211.18.128

🇷🇺 91.211.23.39

🇺🇸 64.62.156.198

🇳🇱 213.177.179.79

🇭🇰 199.45.154.127

🇺🇸 147.185.132.233

🇨🇳 122.226.38.134

🇩🇪 2.27.20.28

🇮🇳 125.21.235.18

🇷🇴 80.94.92.177

🇧🇷 23.129.253.86

🇬🇧 2a0a:ef40:6a8:6e01:216c:8d6a:d51:cdb8

🇪🇪 213.35.128.24

🇨🇭 209.99.189.177