JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.240.198.51

20.240.198.51 was found in our database!

This IP was reported 32 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇸🇪 Sweden
City	Gavle, Gavleborg

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.240.198.51

Whois 20.240.198.51

IP Abuse Reports for 20.240.198.51:

This IP address has been reported a total of 32 times from 21 distinct sources. 20.240.198.51 was first reported on June 19th 2026, and the most recent report was 20 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 Site.eu	2026-06-19 23:03:52 (20 hours ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇸🇪 vaia.cloud	2026-06-19 20:30:04 (23 hours ago)	trying wp-login.php/xmlrpc.php 43 times in 1 minutes	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 20:10:28 (23 hours ago)	(mod_security) mod_security (id:225170) triggered by 20.240.198.51 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 20.240.198.51 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 16:10:22.788538 2026] [security2:error] [pid 16033:tid 16033] [client 20.240.198.51:56797] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|vzan.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "vzan.org"] [uri "/wp-json/wp/v2/users"] [unique_id "ajWiLqUPiEXYlbXOELpElQAAACM"], referer: https://www.facebook.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 19:52:34 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 20.240.198.51 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 20.240.198.51 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 15:52:30.262486 2026] [security2:error] [pid 28948:tid 28948] [client 20.240.198.51:52049] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|frenosilent.com.ar\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "frenosilent.com.ar"] [uri "/wp-json/wp/v2/users"] [unique_id "ajWd_hUtekgXEFwmjEmkygAAAAE"], referer: https://t.co/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Dolphi	2026-06-19 19:40:04 (1 day ago)	Excessive POST /wp-login.php requests	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 19:24:43 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 20.240.198.51 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 20.240.198.51 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 15:24:36.652068 2026] [security2:error] [pid 21998:tid 21998] [client 20.240.198.51:50517] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|zeetec.nl\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "zeetec.nl"] [uri "/wp-json/wp/v2/users"] [unique_id "ajWXdFh8p18Ehk0HGio1TgAAAAM"], referer: https://www.facebook.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-19 19:19:50 (1 day ago)	(PERMBLOCK) 20.240.198.51 (SE/Sweden/-) has had more than 4 temp blocks in the last 86400 secs (0-19 ... show more (PERMBLOCK) 20.240.198.51 (SE/Sweden/-) has had more than 4 temp blocks in the last 86400 secs (0-195) show less	Hacking
🇺🇸 TPI-Abuse	2026-06-19 18:51:00 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 20.240.198.51 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 20.240.198.51 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 14:50:52.397885 2026] [security2:error] [pid 10372:tid 10372] [client 20.240.198.51:60302] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|boaredraven.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "boaredraven.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajWPjMz3pl6g4j3h7o7PDgAAAAE"], referer: https://www.facebook.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 2000cn.com.au	2026-06-19 18:37:08 (1 day ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-wordpress_user-enum	Web App Attack Hacking
🇺🇸 TPI-Abuse	2026-06-19 18:33:09 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 20.240.198.51 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 20.240.198.51 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 14:33:05.160431 2026] [security2:error] [pid 9913:tid 9913] [client 20.240.198.51:52894] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|eileensharaga.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "eileensharaga.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajWLYfmRA-qzmjWqC16YxQAAAAc"], referer: https://wordpress.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 BlueWire Hosting	2026-06-19 18:06:03 (1 day ago)	Probing websites for vulnerabilities	Web App Attack SQL Injection
🇪🇸 alferez	2026-06-19 17:46:17 (1 day ago)	Multiple WP Login Attack	Hacking Exploited Host Web App Attack
🇨🇦 Dunham Support	2026-06-19 17:30:29 (1 day ago)	(wordpress) Failed wordpress login from 20.240.198.51 (SE/Sweden/-)	Brute-Force
🇳🇱 Alboweb B.V.	2026-06-19 17:11:09 (1 day ago)	WordPress login brute-force detected by Fail2Ban in plesk-wordpress jail	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 17:11:05 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 20.240.198.51 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 20.240.198.51 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 13:11:01.833615 2026] [security2:error] [pid 10827:tid 10827] [client 20.240.198.51:55830] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|ardath.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ardath.net"] [uri "/wp-json/wp/v2/users"] [unique_id "ajV4JXQjt0NMkyhEQ3y9LgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 32 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 180.164.45.181

🇻🇳 125.212.244.35

🇺🇸 162.216.149.49

🇧🇬 79.124.56.210

🇧🇷 20.226.73.88

🇨🇳 14.103.117.105

🇩🇪 213.209.159.56

🇫🇷 185.177.72.49

🇺🇸 66.132.195.123

🇪🇹 196.191.54.206

🇺🇸 147.185.132.90

🇺🇸 135.119.96.68

🇰🇷 115.68.208.117

🇺🇸 91.230.168.224

🇫🇷 85.217.140.12

🇱🇹 45.227.254.170

🇺🇸 205.210.31.17

🇵🇱 172.253.255.52

🇫🇮 147.185.133.194

🇨🇳 112.22.10.78