JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.168.108.224

20.168.108.224 was found in our database!

This IP was reported 38 times. Confidence of Abuse is 91%: ?

91%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.168.108.224

Whois 20.168.108.224

IP Abuse Reports for 20.168.108.224:

This IP address has been reported a total of 38 times from 28 distinct sources. 20.168.108.224 was first reported on November 18th 2025, and the most recent report was 15 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇷🇸 Scan	2026-06-28 00:02:01 (15 minutes ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇸🇪 KIDOS	2026-06-27 12:35:22 (11 hours ago)	CrowdSec detected malicious activity	DDoS Attack
🇬🇧 openstrike.co.uk	2026-06-10 05:14:31 (2 weeks ago)	8 attacks on PHP URLs: POST /wp/xmlrpc.php HTTP/1.1	Web App Attack
🇲🇽 octageeks.com	2026-06-10 04:40:19 (2 weeks ago)	Wordpress malicious attack:[octablocked]	Web App Attack
🇫🇷 IRISIO	2026-06-09 13:28:52 (2 weeks ago)	scans/SQL injection/spam posts : 28 queries	Web App Attack SQL Injection
🇺🇸 TPI-Abuse	2026-06-09 13:14:46 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 20.168.108.224 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 20.168.108.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 09:14:39.762517 2026] [security2:error] [pid 26331:tid 26331] [client 20.168.108.224:17253] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 20.168.108.224 (+1 hits since last alert)\|hppagewideflorida.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "hppagewideflorida.com"] [uri "/wp/xmlrpc.php"] [unique_id "aigRv6EGkyM046FCnzlwkwAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 sefinek.net	2026-06-09 13:04:24 (2 weeks ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action: MANAGED_CHALLENGE \| Protocol: HTTP/1.1 (P ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action: MANAGED_CHALLENGE \| Protocol: HTTP/1.1 (POST) \| Endpoint: /wp/xmlrpc.php \| UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 • Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇩🇪 bescared	2026-06-09 12:51:05 (2 weeks ago)	F2B - Malicious activity detected. URL Probing. -8ff06ede-	Hacking Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-09 12:42:50 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 20.168.108.224 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 20.168.108.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 08:42:45.102576 2026] [security2:error] [pid 32270:tid 32270] [client 20.168.108.224:17398] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 20.168.108.224 (+1 hits since last alert)\|avrknives.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "avrknives.com"] [uri "/wp/xmlrpc.php"] [unique_id "aigKRTnJQEO1wmMzHHheWgAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 inlink.ltd	2026-06-09 12:38:18 (2 weeks ago)	Known malicious PHP file or CMS probe	Web App Attack
🇲🇹 Malta	2026-06-09 12:35:22 (2 weeks ago)	20.168.108.224 - - [09/Jun/2026:14:35:22 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT ... show more 20.168.108.224 - - [09/Jun/2026:14:35:22 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" Brute-force password attempt show less	Hacking Web App Attack Brute-Force
Anonymous	2026-06-09 12:22:15 (2 weeks ago)	Attac	Brute-Force
🇺🇸 TPI-Abuse	2026-06-09 12:17:28 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 20.168.108.224 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 20.168.108.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 08:17:22.653872 2026] [security2:error] [pid 8333:tid 8333] [client 20.168.108.224:17313] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 20.168.108.224 (+1 hits since last alert)\|pattifox.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "pattifox.com"] [uri "/wp/xmlrpc.php"] [unique_id "aigEUl5zT6Jwp8PyUFPezwAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-09 12:01:02 (2 weeks ago)	...	Web App Attack
🇺🇸 TPI-Abuse	2026-06-09 11:44:28 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 20.168.108.224 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 20.168.108.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 07:44:24.146520 2026] [security2:error] [pid 7490:tid 7507] [client 20.168.108.224:17364] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 20.168.108.224 (+1 hits since last alert)\|latinofederation.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "latinofederation.org"] [uri "/wp/xmlrpc.php"] [unique_id "aif8mItc2BqobXNTFh7YegAAAI4"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 38 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇭🇰 199.45.154.180

🇷🇴 92.118.39.77

🇮🇳 206.1.62.191

🇧🇷 205.210.31.231

🇧🇷 205.210.31.209

🇺🇸 205.210.31.66

🇬🇧 195.96.139.214

🇧🇴 189.28.95.232

🇧🇷 187.108.1.142

🇵🇾 186.33.35.200

🇫🇮 178.20.210.208

🇺🇸 172.212.149.53

🇬🇧 159.65.30.40

🇨🇳 121.43.159.161

🇨🇳 115.48.142.46

🇨🇦 85.217.149.36

🇺🇸 74.82.47.38

🇺🇸 66.132.186.224

🇲🇾 49.124.153.35

🇺🇸 47.251.66.209