JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.168.119.240

20.168.119.240 was found in our database!

This IP was reported 38 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.168.119.240

Whois 20.168.119.240

IP Abuse Reports for 20.168.119.240:

This IP address has been reported a total of 38 times from 26 distinct sources. 20.168.119.240 was first reported on December 28th 2025, and the most recent report was 58 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇪 cmbplf	2026-06-25 20:03:34 (58 minutes ago)	4.271 requests from abuseipdb.com blacklisted IP (1yr10mos3w)	Brute-Force Bad Web Bot
🇳🇱 javierin	2026-06-25 19:30:21 (1 hour ago)	20.168.119.240 - regalo-personalizado.es - - [25/Jun/2026:19:29:15 +0000] "POST /xmlrpc.php HTTP/1.1 ... show more 20.168.119.240 - regalo-personalizado.es - - [25/Jun/2026:19:29:15 +0000] "POST /xmlrpc.php HTTP/1.1" 200 4272 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15" 20.168.119.240 - regalo-personalizado.es - - [25/Jun/2026:19:29:17 +0000] "POST /xmlrpc.php HTTP/1.1" 503 19284 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 OPR/109.0.0.0" 20.168.119.240 - regalo-personalizado.es - - [25/Jun/2026:19:29:24 +0000] "POST /xmlrpc.php HTTP/1.1" 503 18271 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" 20.168.119.240 - regalo-personalizado.es - - [25/Jun/2026:19:29:38 +0000] "POST /xmlrpc.php HTTP/1.1" 503 18271 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" 20.168.119.240 - regalo-personalizado.es - - [25/Jun/2026:19:29:45 +0000] "POST / ... show less	Brute-Force Web App Attack
🇺🇸 ArturShelby	2026-06-25 19:20:18 (1 hour ago)	Honeypot triggered: /wp-json/wp/v2/users/	Web App Attack
🇺🇸 lostswordfish.com	2026-06-25 19:20:05 (1 hour ago)	Wordfence waf block on fairregistry	Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 19:19:32 (1 hour ago)	(mod_security) mod_security (id:225170) triggered by 20.168.119.240 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 20.168.119.240 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 15:19:28.497672 2026] [security2:error] [pid 5866:tid 5866] [client 20.168.119.240:30754] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|i4agency.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "i4agency.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aj1_QDVJ5AhjkzAisARbegAAACI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-25 19:02:49 (1 hour ago)	Malicious activity	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 18:54:42 (2 hours ago)	(mod_security) mod_security (id:225170) triggered by 20.168.119.240 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 20.168.119.240 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 14:54:37.919673 2026] [security2:error] [pid 17925:tid 17925] [client 20.168.119.240:31113] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|presucad.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "presucad.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aj15bWcsilWL45k6aqwL4gAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 AvonleaConsulting	2026-06-25 18:48:49 (2 hours ago)	Scanning unused Default website or suspicious access to valid sites from IP marked as abusive	Bad Web Bot Web App Attack
🇸🇪 vaia.cloud	2026-06-25 18:42:02 (2 hours ago)	trying wp-login.php/xmlrpc.php 31 times in 1 minutes	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 18:21:13 (2 hours ago)	(mod_security) mod_security (id:225170) triggered by 20.168.119.240 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 20.168.119.240 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 14:21:08.193030 2026] [security2:error] [pid 10248:tid 10248] [client 20.168.119.240:29939] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|footballxp.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "footballxp.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aj1xlM6sgM5AScTmOjTsSAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 18:03:34 (2 hours ago)	(mod_security) mod_security (id:225170) triggered by 20.168.119.240 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 20.168.119.240 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 14:03:31.479716 2026] [security2:error] [pid 22321:tid 22321] [client 20.168.119.240:31122] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|patriotstorageworld.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "patriotstorageworld.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aj1tcyilqdvV3GCimZfoEQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-25 18:00:13 (3 hours ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 20.168.119.240 (US/United States/-): 1 in the ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 20.168.119.240 (US/United States/-): 1 in the last 3600 secs (0-196) show less	Hacking
🇺🇸 kosada.com	2026-06-25 17:53:57 (3 hours ago)	Web vulnerability probing: /wp-json/wp/v2/users/	Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 17:38:35 (3 hours ago)	(mod_security) mod_security (id:225170) triggered by 20.168.119.240 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 20.168.119.240 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 13:38:27.146119 2026] [security2:error] [pid 25781:tid 25781] [client 20.168.119.240:30888] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|catzpaw.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "catzpaw.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aj1nkw0O4MkwH6kq-rjhRQAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-25 17:20:18 (3 hours ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack

Showing 1 to 15 of 38 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇾 185.174.237.206

🇺🇸 216.25.89.157

🇵🇪 181.65.117.66

🇫🇷 173.212.254.87

🇮🇩 103.144.132.102

🇻🇪 38.159.49.89

🇬🇧 192.248.150.180

🇨🇱 190.163.9.153

🇳🇱 176.65.139.36

🇺🇸 152.32.182.41

🇫🇷 128.116.13.3

🇸🇦 78.95.57.114

🇧🇷 205.210.31.169

🇮🇱 205.188.95.125

🇲🇦 196.115.36.199

🇧🇷 179.111.185.65

🇧🇷 172.71.11.66

🇧🇷 172.71.10.164

🇮🇩 163.227.52.50

🇺🇸 135.237.124.223