JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.57.206.145

20.57.206.145 was found in our database!

This IP was reported 34 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.57.206.145

Whois 20.57.206.145

IP Abuse Reports for 20.57.206.145:

This IP address has been reported a total of 34 times from 27 distinct sources. 20.57.206.145 was first reported on June 4th 2026, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 openstrike.co.uk	2026-06-05 05:13:56 (4 hours ago)	14 attacks on PHP URLs: POST /wp/xmlrpc.php HTTP/1.1	Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-06-04 14:07:01 (20 hours ago)	Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [ice01,wa01,wa02]	Bad Web Bot Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-06-04 13:08:01 (21 hours ago)	Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [ice02]	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 11:40:39 (22 hours ago)	(mod_security) mod_security (id:240335) triggered by 20.57.206.145 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 20.57.206.145 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 07:40:31.341700 2026] [security2:error] [pid 30299:tid 30299] [client 20.57.206.145:49058] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 20.57.206.145 (+1 hits since last alert)\|thewarmachineguns.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thewarmachineguns.com"] [uri "/wp/xmlrpc.php"] [unique_id "aiFkL8Bim5df7JgdTfFYaAAAAEI"] show less	Brute-Force Bad Web Bot Web App Attack
🇲🇹 Malta	2026-06-04 11:40:17 (22 hours ago)	20.57.206.145 - - [04/Jun/2026:13:40:16 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT ... show more 20.57.206.145 - - [04/Jun/2026:13:40:16 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" Brute-force password attempt show less	Hacking Web App Attack Brute-Force
🇩🇪 Hary74656	2026-06-04 11:36:57 (22 hours ago)	[Thu Jun 04 13:36:49.473514 2026] [core:info] [pid 302163:tid 302272] [client 20.57.206.145:49028] A ... show more [Thu Jun 04 13:36:49.473514 2026] [core:info] [pid 302163:tid 302272] [client 20.57.206.145:49028] AH00128: File does not exist: /home/divisio/www/wp/xmlrpc.php ... show less	Bad Web Bot
🇮🇩 Burayot	2026-06-04 10:49:45 (23 hours ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 20.57.206.145 (US/United States/-): ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 20.57.206.145 (US/United States/-): 1 in the last 3600 secs show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 10:47:54 (23 hours ago)	(mod_security) mod_security (id:240335) triggered by 20.57.206.145 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 20.57.206.145 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 06:47:48.413014 2026] [security2:error] [pid 6414:tid 6414] [client 20.57.206.145:47968] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 20.57.206.145 (+1 hits since last alert)\|bbproductionsonline.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bbproductionsonline.com"] [uri "/wp/xmlrpc.php"] [unique_id "aiFX1MsYe2jc-0NR89gQggAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 dklueh79	2026-06-04 10:44:21 (23 hours ago)	Probe for vulnerabilities. Path attempted: /wp/xmlrpc.php	Web App Attack
🇨🇦 polycoda	2026-06-04 10:34:19 (23 hours ago)	🔑 Probes for xmlrpc.php everywhere	Hacking Web App Attack
🇫🇮 inlink.ltd	2026-06-04 10:26:07 (23 hours ago)	Known malicious PHP file or CMS probe	Web App Attack
Anonymous	2026-06-04 10:17:46 (23 hours ago)	Scanning for CMS, test or dev directory: 20.57.206.145 - - [04/Jun/2026:11:17:46 +0100] "GET /wp/xm ... show more Scanning for CMS, test or dev directory: 20.57.206.145 - - [04/Jun/2026:11:17:46 +0100] "GET /wp/xmlrpc.php HTTP/1.1" 200 234 "https://richardgoodwin.net/wp/xmlrpc.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 10:16:44 (23 hours ago)	(mod_security) mod_security (id:240335) triggered by 20.57.206.145 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 20.57.206.145 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 06:16:37.160425 2026] [security2:error] [pid 17212:tid 17221] [client 20.57.206.145:48394] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 20.57.206.145 (+1 hits since last alert)\|cornell61.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cornell61.org"] [uri "/wp/xmlrpc.php"] [unique_id "aiFQhRDBQiEwUFr_2ePFaQAAAQY"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 bescared	2026-06-04 10:08:57 (1 day ago)	F2B - Malicious activity detected. URL Probing. -8ff06ede-	Hacking Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-04 10:07:12 (1 day ago)	Xmlrpc Caught (6)	Brute-Force Web App Attack

Showing 1 to 15 of 34 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇩 123.49.38.114

🇨🇳 111.26.69.160

🇺🇸 34.127.83.183

🇺🇸 209.199.81.223

🇧🇷 187.51.84.86

🇻🇳 183.80.41.233

🇮🇳 182.95.177.118

🇮🇹 172.226.15.59

🇺🇸 162.216.149.145

🇺🇸 104.28.213.40

🇸🇪 89.253.90.113

🇷🇺 87.225.108.138

🇸🇬 43.173.177.7

🇷🇴 2.57.122.238

🇮🇳 2405:201:5c3a:e137:65d3:e085:4bd3:2817

🇨🇳 223.105.71.106

🇹🇷 185.226.93.242

🇨🇳 183.197.4.202

🇮🇹 172.226.15.58

🇺🇸 162.216.16.109