JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.119.95.16

20.119.95.16 was found in our database!

This IP was reported 32 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.119.95.16

Whois 20.119.95.16

IP Abuse Reports for 20.119.95.16:

This IP address has been reported a total of 32 times from 25 distinct sources. 20.119.95.16 was first reported on June 3rd 2026, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 Gem	2026-06-05 22:10:00 (3 days ago)	Unauthorized web scan.	Web App Attack
🇨🇴 adalbertoreyes.org	2026-06-04 17:30:39 (4 days ago)	CategoryPortScan	Port Scan
🇬🇧 openstrike.co.uk	2026-06-04 05:13:08 (5 days ago)	9 attacks on PHP URLs: POST /wp/xmlrpc.php HTTP/1.1	Web App Attack
🇬🇧 andypiper	2026-06-04 01:01:55 (5 days ago)	CrowdSec ban for AbuseIPDB Top List	Brute-Force Web App Attack
🇨🇦 polycoda	2026-06-04 00:12:59 (5 days ago)	🔑 Probes for xmlrpc.php everywhere	Hacking Web App Attack
🇳🇱 i-turnradio.nl	2026-06-03 23:34:05 (5 days ago)	2026-06-04 @ 01:34:05 (CET) ~ Blocked for trying to access: /wp/xmlrpc.php	Web App Attack
🇧🇾 lns.bz	2026-06-03 23:30:38 (5 days ago)	Banned for trying to access xmlrpc [BY]	Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 23:27:03 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 20.119.95.16 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 20.119.95.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 19:26:58.216019 2026] [security2:error] [pid 29936:tid 29936] [client 20.119.95.16:17899] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 20.119.95.16 (+1 hits since last alert)\|tactara.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tactara.net"] [uri "/wp/xmlrpc.php"] [unique_id "aiC4QqHhp73OWCyNv3j_OAAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 23:10:31 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 20.119.95.16 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 20.119.95.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 19:10:25.246357 2026] [security2:error] [pid 12671:tid 12671] [client 20.119.95.16:17772] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 20.119.95.16 (+1 hits since last alert)\|jerrylogoluso.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "jerrylogoluso.com"] [uri "/wp/xmlrpc.php"] [unique_id "aiC0Yc0cMffIPSM7yMVhogAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇲🇹 Malta	2026-06-03 22:52:19 (5 days ago)	20.119.95.16 - - [04/Jun/2026:00:52:18 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT 1 ... show more 20.119.95.16 - - [04/Jun/2026:00:52:18 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" Brute-force password attempt show less	Hacking Web App Attack Brute-Force
🇺🇸 TPI-Abuse	2026-06-03 22:51:54 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 20.119.95.16 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 20.119.95.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 18:51:50.145307 2026] [security2:error] [pid 11763:tid 11778] [client 20.119.95.16:17864] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 20.119.95.16 (+1 hits since last alert)\|travelusa.us\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "travelusa.us"] [uri "/wp/xmlrpc.php"] [unique_id "aiCwBv4Zyq-SQOom1EunJgAAAM0"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 ipoac.nl	2026-06-03 22:46:10 (5 days ago)	-:443 20.119.95.16 - - [04/Jun/2026:00:46:08 +0200] - "POST /wp/xmlrpc.php HTTP/1.1" 404 7429 "-" "M ... show more -:443 20.119.95.16 - - [04/Jun/2026:00:46:08 +0200] - "POST /wp/xmlrpc.php HTTP/1.1" 404 7429 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-03 22:36:51 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 20.119.95.16 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 20.119.95.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 18:36:44.044890 2026] [security2:error] [pid 5143:tid 5143] [client 20.119.95.16:17863] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 20.119.95.16 (+1 hits since last alert)\|kellermoving.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kellermoving.com"] [uri "/wp/xmlrpc.php"] [unique_id "aiCsfH2dPGdOL3muCwOQ-wAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇿 Tripwire	2026-06-03 22:35:11 (5 days ago)	Probing for Wordpress - /wp/xmlrpc.php	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 22:21:16 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 20.119.95.16 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 20.119.95.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 18:21:11.233797 2026] [security2:error] [pid 13587:tid 13587] [client 20.119.95.16:17857] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 20.119.95.16 (+1 hits since last alert)\|webuychesterfieldhouses.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "webuychesterfieldhouses.com"] [uri "/wp/xmlrpc.php"] [unique_id "aiCo108meIthdMQsDcggxwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 32 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 195.184.76.20

🇧🇷 179.51.153.37

🇺🇸 162.216.149.155

🇺🇸 157.245.141.140

🇷🇺 78.110.60.9

🇨🇳 219.151.22.113

🇺🇸 206.162.244.24

🇨🇳 180.97.221.123

🇳🇱 138.226.239.12

🇳🇱 128.199.44.215

🇨🇭 104.244.74.201

🇪🇬 102.40.55.150

🇺🇸 71.6.135.131

🇫🇮 46.8.64.51

🇺🇸 151.240.254.46

🇦🇱 130.49.189.41

🇿🇦 102.129.56.237

🇩🇪 85.203.15.239

🇮🇹 64.64.108.63

🇮🇳 59.182.87.129