JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.120.84.80

20.120.84.80 was found in our database!

This IP was reported 47 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.120.84.80

Whois 20.120.84.80

IP Abuse Reports for 20.120.84.80:

This IP address has been reported a total of 47 times from 34 distinct sources. 20.120.84.80 was first reported on April 10th 2026, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇮 tjs	2026-06-14 22:20:00 (4 days ago)	web attack, SQL injection attempt	Hacking SQL Injection Web App Attack
🇨🇦 polycoda	2026-06-14 10:57:38 (5 days ago)	💉 URL GET parameter and/or SQL injection attempts trying to pass quotes, backslashes, %20AND%201=1%2 ... show more 💉 URL GET parameter and/or SQL injection attempts trying to pass quotes, backslashes, %20AND%201=1%20OR%20, etc... show less	Hacking SQL Injection Web App Attack
🇬🇧 openstrike.co.uk	2026-06-10 05:14:29 (1 week ago)	11 attacks on PHP URLs: POST /wp/xmlrpc.php HTTP/1.1	Web App Attack
🇲🇽 octageeks.com	2026-06-10 04:32:30 (1 week ago)	Wordpress malicious attack:[octaxmlrpc]	Web App Attack
🇺🇸 TPI-Abuse	2026-06-09 14:55:48 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 20.120.84.80 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 20.120.84.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 10:55:43.858979 2026] [security2:error] [pid 11182:tid 11182] [client 20.120.84.80:29153] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 20.120.84.80 (+1 hits since last alert)\|agrisea.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "agrisea.net"] [uri "/wp/xmlrpc.php"] [unique_id "aigpbxDPyvrNiHSaoj4cgAAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 iNetWorker	2026-06-09 14:34:23 (1 week ago)	trolling for resource vulnerabilities	Web App Attack
🇺🇸 TPI-Abuse	2026-06-09 14:26:54 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 20.120.84.80 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 20.120.84.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 10:26:50.136444 2026] [security2:error] [pid 10644:tid 10644] [client 20.120.84.80:28861] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 20.120.84.80 (+1 hits since last alert)\|effectivefirearms.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "effectivefirearms.com"] [uri "/wp/xmlrpc.php"] [unique_id "aigiqgSMooGaQqqrG6s_TQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇪 Jim Keir	2026-06-09 14:15:49 (1 week ago)	2026-06-09 14:15:48 20.120.84.80 File scanning, blocking 20.120.84.80 for 5 minutes	Web App Attack
🇳🇱 BlueWire Hosting	2026-06-09 14:11:07 (1 week ago)	Probing websites for vulnerabilities	Web App Attack
🇬🇧 Artelis	2026-06-09 14:04:31 (1 week ago)	20.120.84.80 - - [09/Jun/2026:14:04:31 +0000] "POST /wp/xmlrpc.php HTTP/1.1" 404 178 "-" "Mozilla/5. ... show more 20.120.84.80 - - [09/Jun/2026:14:04:31 +0000] "POST /wp/xmlrpc.php HTTP/1.1" 404 178 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" ... show less	Web App Attack
🇺🇸 lnklnx	2026-06-09 13:19:25 (1 week ago)	www.lincolnclan.com:443 20.120.84.80 - - [09/Jun/2026:08:19:23 -0500] "POST /wp/xmlrpc.php HTTP/1.1" ... show more www.lincolnclan.com:443 20.120.84.80 - - [09/Jun/2026:08:19:23 -0500] "POST /wp/xmlrpc.php HTTP/1.1" 401 5141 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" ... show less	Web App Attack
🇮🇩 Burayot	2026-06-09 13:19:11 (1 week ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 20.120.84.80 (US/United States/-): ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 20.120.84.80 (US/United States/-): 1 in the last 3600 secs show less	Web App Attack
🇩🇪 findlab	2026-06-09 13:00:02 (1 week ago)	Backdrop CMS module - malicious activity detected	Bad Web Bot Web App Attack
🇧🇾 lns.bz	2026-06-09 12:58:38 (1 week ago)	Banned for trying to access xmlrpc [BY]	Web App Attack
🇺🇸 rsiddall	2026-06-09 12:52:51 (1 week ago)	20.120.84.80 - - [09/Jun/2026:08:45:34 -0400] "POST /wp/xmlrpc.php HTTP/1.1" 404 21314 "-" "Mozilla/ ... show more 20.120.84.80 - - [09/Jun/2026:08:45:34 -0400] "POST /wp/xmlrpc.php HTTP/1.1" 404 21314 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 20.120.84.80 - - [09/Jun/2026:08:52:50 -0400] "POST /wp/xmlrpc.php HTTP/1.1" 404 1806 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" ... show less	Brute-Force

Showing 1 to 15 of 47 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 205.210.31.176

🇮🇳 175.100.177.195

🇩🇪 156.236.31.86

🇺🇸 44.241.111.162

🇺🇸 44.3.4.150

🇩🇪 2.26.64.64

🇺🇸 216.250.250.204

🇰🇷 211.105.129.57

🇩🇪 206.81.30.62

🇲🇾 202.165.29.123

🇨🇱 200.28.163.33

🇨🇳 106.75.185.227

🇳🇱 94.102.49.125

🇳🇱 45.148.10.147

🇺🇸 44.24.211.235

🇺🇸 173.239.218.3

🇺🇸 173.56.211.67

🇩🇪 159.195.39.90

🇺🇸 154.83.197.14

🇷🇸 77.105.29.83