JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.51.61.81

20.51.61.81 was found in our database!

This IP was reported 47 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Cheyenne, Wyoming

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.51.61.81

Whois 20.51.61.81

IP Abuse Reports for 20.51.61.81:

This IP address has been reported a total of 47 times from 35 distinct sources. 20.51.61.81 was first reported on May 24th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Holger	2026-06-13 12:34:23 (1 day ago)	WordPress WebAttack	Brute-Force Web App Attack
🇩🇪 Holger	2026-06-11 09:27:44 (3 days ago)	WordPress WebAttack	Brute-Force Web App Attack
🇨🇿 akac	2026-06-09 05:00:58 (5 days ago)	Web vulnerability scanning: HTTP/1.1 POST /wp/xmlrpc.php	Hacking Brute-Force Bad Web Bot Web App Attack
🇩🇪 Holger	2026-06-09 01:27:32 (5 days ago)	WordPress WebAttack	Brute-Force Web App Attack
🇩🇪 Vegascosmetics	2026-06-09 01:08:12 (5 days ago)	(Kingcopy.org-AI-IDS-Report):IP automatically blocked after PHP/webshell probe. Vegas Security	DDoS Attack Hacking Exploited Host
🇺🇸 etu brutus	2026-06-09 01:05:47 (5 days ago)	20.51.61.81 has been banned for [WebApp Attack] ...	Hacking Bad Web Bot Web App Attack
🇩🇪 4server	2026-06-09 00:56:36 (5 days ago)	[TueJun0902:56:31.2940592026][security2:error][pid2075236:tid2075375][client20.51.61.81:0]ModSecurit ... show more [TueJun0902:56:31.2940592026][security2:error][pid2075236:tid2075375][client20.51.61.81:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"orabonastudio.it\"][uri\"/wp/xmlrpc.php\"][unique_id\"aidkv99IQPHMTXyKQi8eqQAAAQg\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-09 00:44:17 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 20.51.61.81 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:240335) triggered by 20.51.61.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 20:44:12.043923 2026] [security2:error] [pid 5430:tid 5540] [client 20.51.61.81:2259] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 20.51.61.81 (+1 hits since last alert)\|toubaomaha.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "toubaomaha.com"] [uri "/wp/xmlrpc.php"] [unique_id "aidh3OONqRC8Of8EEu2sJgAAAlU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-09 00:20:14 (5 days ago)	Xmlrpc Caught (10)	Brute-Force Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-06-09 00:07:01 (5 days ago)	Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [wa01,wa02]	Bad Web Bot Web App Attack
🇮🇩 Burayot	2026-06-09 00:03:29 (5 days ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 20.51.61.81 (US/United States/-): 1 ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 20.51.61.81 (US/United States/-): 1 in the last 3600 secs show less	Web App Attack
🇺🇸 WellSpring	2026-06-08 23:47:58 (5 days ago)	xmlrpc exploit on tableoftheround.org/wp/xmlrpc.php — WellSpr.ing/NetSentinel civic-AI security laye ... show more xmlrpc exploit on tableoftheround.org/wp/xmlrpc.php — WellSpr.ing/NetSentinel civic-AI security layer show less	Brute-Force Web App Attack
🇳🇱 BlueWire Hosting	2026-06-08 23:40:10 (5 days ago)	Probing websites for vulnerabilities	Web App Attack
🇺🇸 xmission.com	2026-06-08 23:32:37 (6 days ago)	20.51.61.81 - - [08/Jun/2026:17:32:37 -0600] "POST /wp/xmlrpc.php HTTP/1.1" 302 138 "-" "Mozilla/5.0 ... show more 20.51.61.81 - - [08/Jun/2026:17:32:37 -0600] "POST /wp/xmlrpc.php HTTP/1.1" 302 138 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" ... show less	Web App Attack
🇧🇾 lns.bz	2026-06-08 23:27:10 (6 days ago)	Banned for trying to access xmlrpc [BY]	Web App Attack

Showing 1 to 15 of 47 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇩 222.124.177.148

🇧🇷 138.185.4.17

🇲🇾 65.181.24.23

🇮🇩 34.101.197.167

🇨🇳 14.103.131.92

🇦🇹 213.225.5.188

🇮🇩 202.162.35.3

🇳🇱 185.242.226.97

🇺🇸 138.197.93.235

🇯🇵 136.110.117.43

🇫🇷 45.81.243.62

🇨🇳 36.134.126.74

🇮🇳 34.93.237.130

🇲🇾 182.62.65.45

🇮🇩 103.93.162.220

🇨🇳 101.96.195.17

🇺🇸 23.234.95.222

🇻🇳 14.191.22.58

🇯🇵 206.237.127.69

🇺🇸 205.210.31.84