JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.169.74.96

20.169.74.96 was found in our database!

This IP was reported 47 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.169.74.96

Whois 20.169.74.96

IP Abuse Reports for 20.169.74.96:

This IP address has been reported a total of 47 times from 36 distinct sources. 20.169.74.96 was first reported on December 1st 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇦 zXero	2026-06-03 12:32:53 (1 day ago)	Fail2Ban automatic report - jail: no-wordpress	Brute-Force SSH DDoS Attack
Anonymous	2026-06-02 07:48:49 (2 days ago)	"POST /wp/xmlrpc.php HTTP/1.1"	Hacking Web App Attack
🇬🇧 openstrike.co.uk	2026-06-02 05:13:57 (2 days ago)	9 attacks on PHP URLs: GET /wp/xmlrpc.php HTTP/1.1	Web App Attack
🇩🇪 FutureFm	2026-06-02 03:09:00 (2 days ago)	20.169.74.96 - - [02/Jun/2026:01:34:11 +0200] "POST /wp/xmlrpc.php	Brute-Force Hacking
🇺🇸 TPI-Abuse	2026-06-01 23:38:37 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 20.169.74.96 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 20.169.74.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 19:38:32.336388 2026] [security2:error] [pid 16971:tid 16971] [client 20.169.74.96:58941] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 20.169.74.96 (+1 hits since last alert)\|poulsoncustomhomes.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "poulsoncustomhomes.com"] [uri "/wp/xmlrpc.php"] [unique_id "ah4X-L9uIq6Z7-_Wt0CI0wAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-01 23:36:02 (3 days ago)	20.169.74.96 - - [02/Jun/2026:01:36:01 +0200] "POST /wp/ HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows ... show more 20.169.74.96 - - [02/Jun/2026:01:36:01 +0200] "POST /wp/ HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" show less	Web App Attack
🇮🇩 Burayot	2026-06-01 23:29:20 (3 days ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 20.169.74.96 (US/United States/-): ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 20.169.74.96 (US/United States/-): 1 in the last 3600 secs show less	Web App Attack
🇳🇱 Roderic	2026-06-01 23:22:30 (3 days ago)	(apache_scanners-2) Failed apache-scanners trigger with match [redacted])	Port Scan
🇩🇪 ketovoila.pl	2026-06-01 23:19:13 (3 days ago)	ketovoila.pl WordPress login/xmlrpc probing: hits=1; unique_paths=1; sample_paths=/wp/xmlrpc.php; UA ... show more ketovoila.pl WordPress login/xmlrpc probing: hits=1; unique_paths=1; sample_paths=/wp/xmlrpc.php; UA="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"; window=2026-06-01T23:19:13Z..2026-06-01T23:19:13Z show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-01 23:18:45 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 20.169.74.96 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 20.169.74.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 19:18:38.338285 2026] [security2:error] [pid 19466:tid 19477] [client 20.169.74.96:58419] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 20.169.74.96 (+1 hits since last alert)\|curubin.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "curubin.com"] [uri "/wp/xmlrpc.php"] [unique_id "ah4TTjJPEqxS-15nLmjaYAAAAMg"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 zXero	2026-06-01 23:01:22 (3 days ago)	Fail2Ban automatic report - jail: no-wordpress	Brute-Force SSH DDoS Attack
🇦🇺 paulshipley.com.au	2026-06-01 22:54:55 (3 days ago)	valueaddedpromotions.com.au:443 20.169.74.96 - - [02/Jun/2026:08:54:52 +1000] "POST /wp/xmlrpc.php H ... show more valueaddedpromotions.com.au:443 20.169.74.96 - - [02/Jun/2026:08:54:52 +1000] "POST /wp/xmlrpc.php HTTP/1.1" 404 216543 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" ... show less	Web App Attack
🇩🇪 SCHAPPY	2026-06-01 22:49:28 (3 days ago)	Multiple attempts to attack Wordpress XMLRPC detected: access blocked.	Web App Attack
🇺🇸 TPI-Abuse	2026-06-01 22:47:28 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 20.169.74.96 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 20.169.74.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 18:47:22.781566 2026] [security2:error] [pid 23725:tid 23725] [client 20.169.74.96:58375] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 20.169.74.96 (+1 hits since last alert)\|chico2000.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "chico2000.com"] [uri "/wp/xmlrpc.php"] [unique_id "ah4L-hYC07x0vjG471s_OwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-01 22:30:21 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 20.169.74.96 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 20.169.74.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 18:30:17.999717 2026] [security2:error] [pid 17748:tid 17769] [client 20.169.74.96:58659] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 20.169.74.96 (+1 hits since last alert)\|doorways.dk\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "doorways.dk"] [uri "/wp/xmlrpc.php"] [unique_id "ah4H-bb0oE2FAhheARAv_QAAAIs"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 47 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 203.212.9.248

🇺🇸 173.252.87.39

🇨🇳 115.190.127.7

🇮🇹 93.92.76.239

🇷🇴 80.94.92.164

🇫🇷 51.68.247.214

🇺🇸 45.79.2.187

🇩🇪 45.3.54.86

🇨🇳 39.105.36.71

🇰🇿 2.134.15.12

🇨🇳 223.241.214.127

🇮🇩 202.169.232.194

🇺🇸 173.252.87.113

🇺🇸 136.49.53.226

🇯🇵 124.155.125.131

🇻🇳 113.173.23.122

🇺🇸 98.84.155.13

🇫🇷 91.231.89.49

🇨🇳 61.176.199.59

🇳🇱 45.142.193.53