JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.57.198.224

20.57.198.224 was found in our database!

This IP was reported 30 times. Confidence of Abuse is 77%: ?

77%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.57.198.224

Whois 20.57.198.224

IP Abuse Reports for 20.57.198.224:

This IP address has been reported a total of 30 times from 22 distinct sources. 20.57.198.224 was first reported on June 4th 2026, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 openstrike.co.uk	2026-06-05 05:13:32 (2 weeks ago)	11 attacks on PHP URLs: POST /wp/xmlrpc.php HTTP/1.1	Web App Attack
🇲🇽 octageeks.com	2026-06-05 04:17:31 (2 weeks ago)	Wordpress malicious attack:[octaxmlrpc]	Web App Attack
🇩🇪 4server	2026-06-04 12:07:32 (2 weeks ago)	[ThuJun0414:07:26.5591812026][security2:error][pid3322052:tid3322106][client20.57.198.224:0]ModSecur ... show more [ThuJun0414:07:26.5591812026][security2:error][pid3322052:tid3322106][client20.57.198.224:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"ponzellini.ch\"][uri\"/wp/xmlrpc.php\"][unique_id\"aiFqfk3y6g4NOyCry9e-hQAAAAA\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 ipblock.com	2026-06-04 12:05:00 (2 weeks ago)	IPBlock protected site ID [3390-wh]. Exploit request, vulnerability scanner.	Hacking Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 11:56:56 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 20.57.198.224 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 20.57.198.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 07:56:48.808002 2026] [security2:error] [pid 20146:tid 20146] [client 20.57.198.224:3694] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 20.57.198.224 (+1 hits since last alert)\|instepdogobedience.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "instepdogobedience.com"] [uri "/wp/xmlrpc.php"] [unique_id "aiFoALh7P0xl3j-4c3xjkwAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 findlab	2026-06-04 11:30:01 (2 weeks ago)	Backdrop CMS module - malicious activity detected	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 11:18:06 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 20.57.198.224 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 20.57.198.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 07:18:01.611502 2026] [security2:error] [pid 27854:tid 27854] [client 20.57.198.224:3461] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 20.57.198.224 (+1 hits since last alert)\|bluemarineboats.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bluemarineboats.com"] [uri "/wp/xmlrpc.php"] [unique_id "aiFe6UeI3ragwuU6bIpBBgAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-04 11:15:31 (2 weeks ago)	20.57.198.224 - - [04/Jun/2026:11:15:30 +0000] "POST /wp/xmlrpc.php HTTP/1.1" 302 3338 "-" "Mozilla/ ... show more 20.57.198.224 - - [04/Jun/2026:11:15:30 +0000] "POST /wp/xmlrpc.php HTTP/1.1" 302 3338 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" ... show less	Bad Web Bot Web App Attack
🇵🇾 SecOpsSL	2026-06-04 11:07:32 (2 weeks ago)	20.57.198.224 - - [04/Jun/2026:08:07:31 -0300] "POST /wp/xmlrpc.php HTTP/1.1" 404 97916 "-" "Mozilla ... show more 20.57.198.224 - - [04/Jun/2026:08:07:31 -0300] "POST /wp/xmlrpc.php HTTP/1.1" 404 97916 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" show less	Brute-Force Web App Attack
Anonymous	2026-06-04 11:02:30 (2 weeks ago)	Backdrop CMS module - malicious activity detected	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 11:02:22 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 20.57.198.224 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 20.57.198.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 07:02:15.332163 2026] [security2:error] [pid 16903:tid 16903] [client 20.57.198.224:3460] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 20.57.198.224 (+1 hits since last alert)\|aavondalervstorage.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "aavondalervstorage.com"] [uri "/wp/xmlrpc.php"] [unique_id "aiFbN2DQBKhdsAG5oKMU2gAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 pltcldvlpr	2026-06-04 10:55:07 (2 weeks ago)	CMS/framework probe: 20.57.198.224 - - [04/Jun/2026:12:55:07 +0200] "POST /wp/xmlrpc.php HTTP/1.1" 4 ... show more CMS/framework probe: 20.57.198.224 - - [04/Jun/2026:12:55:07 +0200] "POST /wp/xmlrpc.php HTTP/1.1" 404 564 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" asn=8075 org="Microsoft Corporation" country=US ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 10:44:29 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 20.57.198.224 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 20.57.198.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 06:44:22.071738 2026] [security2:error] [pid 30796:tid 30796] [client 20.57.198.224:3477] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 20.57.198.224 (+1 hits since last alert)\|kotelbarmitzvah.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kotelbarmitzvah.com"] [uri "/wp/xmlrpc.php"] [unique_id "aiFXBhtEfjhKm0BNKalA8QAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Hazzard	2026-06-04 10:29:21 (2 weeks ago)	(wordpress) Failed wordpress login from 20.57.198.224 (US/United States/California/San Jose/-/[redac ... show more (wordpress) Failed wordpress login from 20.57.198.224 (US/United States/California/San Jose/-/[redacted]): (CF_ENABLE) show less	Brute-Force
Anonymous	2026-06-04 10:26:22 (2 weeks ago)		Web App Attack

Showing 1 to 15 of 30 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 216.26.249.22

🇨🇳 182.32.144.59

🇵🇭 180.190.171.117

🇰🇷 119.207.63.208

🇨🇳 116.5.128.9

🇺🇸 74.125.179.29

🇺🇸 66.132.195.27

🇻🇳 14.176.34.242

🇺🇸 2a04:c300:400::1b0

🇳🇱 192.178.118.155

🇨🇴 191.95.163.188

🇩🇪 151.243.150.222

🇺🇸 134.209.65.153

🇮🇩 103.253.245.115

🇺🇸 71.6.232.22

🇺🇸 50.116.72.139

🇳🇱 45.148.10.200

🇧🇪 34.76.70.213

🇺🇸 17.22.245.202

🇩🇪 216.26.249.114