JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.75.217.75

20.75.217.75 was found in our database!

This IP was reported 37 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.75.217.75

Whois 20.75.217.75

IP Abuse Reports for 20.75.217.75:

This IP address has been reported a total of 37 times from 20 distinct sources. 20.75.217.75 was first reported on June 28th 2026, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇸🇮 administrator	2026-06-29 22:02:55 (1 hour ago)	2026-06-28 19:12:43,302 fail2ban.actions [1196]: NOTICE [webadmin-badips] Ban 20.75.217.75 2 ... show more 2026-06-28 19:12:43,302 fail2ban.actions [1196]: NOTICE [webadmin-badips] Ban 20.75.217.75 2026-06-28 19:12:43,302 fail2ban.actions [1196]: NOTICE [webadmin-badips] Ban 20.75.217.75 2026-06-28 19:12:43,302 fail2ban.actions [1196]: NOTICE [webadmin-badips] Ban 20.75.217.75 ... show less	Bad Web Bot Web Spam Email Spam Blog Spam Port Scan Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-29 08:18:05 (14 hours ago)	(mod_security) mod_security (id:225170) triggered by 20.75.217.75 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 20.75.217.75 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 04:18:01.378455 2026] [security2:error] [pid 23845:tid 23845] [client 20.75.217.75:4633] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|321q.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "321q.com"] [uri "/wp-json/wp/v2/users/3"] [unique_id "akIqOaIvx9weSx5a8SP3BgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 taivas.nl	2026-06-29 04:32:47 (18 hours ago)	Many_bad_calls	Web App Attack
🇲🇽 octageeks.com	2026-06-29 04:14:50 (18 hours ago)	Wordpress malicious attack:[octawpauthor]	Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 19:27:24 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 20.75.217.75 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 20.75.217.75 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 15:27:16.341359 2026] [security2:error] [pid 24936:tid 24936] [client 20.75.217.75:11982] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|grexicon.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "grexicon.com"] [uri "/wp-json/wp/v2/users/4"] [unique_id "akF1lLjbmE9SEIRpuD83QQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇺 DZBOT	2026-06-28 19:09:11 (1 day ago)	DZBOT: Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
Anonymous	2026-06-28 19:05:40 (1 day ago)	2026-06-28T21:05:39.961859+02:00 aion wordpress[2246622]: Blocked user enumeration attempt from 20.7 ... show more 2026-06-28T21:05:39.961859+02:00 aion wordpress[2246622]: Blocked user enumeration attempt from 20.75.217.75 ... show less	Hacking Brute-Force
🇺🇸 TPI-Abuse	2026-06-28 18:56:27 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 20.75.217.75 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 20.75.217.75 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 14:56:23.909526 2026] [security2:error] [pid 7559:tid 7559] [client 20.75.217.75:10279] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|margroberts.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "margroberts.com"] [uri "/wp-json/wp/v2/users/6"] [unique_id "akFuV8p5qbuO_WoIvmi0KAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 18:34:20 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 20.75.217.75 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 20.75.217.75 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 14:34:13.053418 2026] [security2:error] [pid 15523:tid 15523] [client 20.75.217.75:9694] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|grasslakepizzatime.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "grasslakepizzatime.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akFpJdIhYjn6ynvNoxJb0gAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-28 18:05:27 (1 day ago)	WordPress: User enumeration. Pattern match "(author\\\\= (88030-197)	Hacking
🇩🇪 BlueWire Hosting	2026-06-28 17:47:52 (1 day ago)	Probing websites for vulnerabilities	Web App Attack SQL Injection
🇩🇪 Lino Project	2026-06-28 17:45:45 (1 day ago)	20.75.217.75 - - [28/Jun/2026:19:45:42 +0200] "GET /blog/xmlrpc.php HTTP/2.0" 404 135349 "-" "Mozill ... show more 20.75.217.75 - - [28/Jun/2026:19:45:42 +0200] "GET /blog/xmlrpc.php HTTP/2.0" 404 135349 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" ... show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 17:38:36 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 20.75.217.75 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 20.75.217.75 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 13:38:30.979898 2026] [security2:error] [pid 32065:tid 32065] [client 20.75.217.75:11420] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|sooperare.com.forefrontmusic.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "sooperare.com.forefrontmusic.com"] [uri "/wp-json/wp/v2/users/10"] [unique_id "akFcFuvRGwXMKi39-4bmwQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 4server	2026-06-28 17:37:46 (1 day ago)	[SunJun2819:37:41.7762042026][security2:error][pid1920772:tid1920865][client20.75.217.75:0]ModSecuri ... show more [SunJun2819:37:41.7762042026][security2:error][pid1920772:tid1920865][client20.75.217.75:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"restaurantgandria.ch.136-243-54-122.cpanel.site\"][uri\"/wp/xmlrpc.php\"][unique_id\"akFb5dOKFqpz26st7aXiBgAAAMU\"] show less	Port Scan Brute-Force Web App Attack
🇨🇿 plzenskypruvodce.cz	2026-06-28 17:13:21 (1 day ago)	2026-06-28T19:13:20.053981+02:00 web wordpress(varhanykolin.cz)[2150487]: Immediately block connecti ... show more 2026-06-28T19:13:20.053981+02:00 web wordpress(varhanykolin.cz)[2150487]: Immediately block connections from 20.75.217.75 ... show less	Brute-Force

Showing 1 to 15 of 37 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 211.198.128.124

🇸🇬 148.66.142.9

🇻🇳 103.78.0.229

🇲🇾 49.124.148.186

🇭🇰 43.132.150.89

🇷🇺 31.173.67.77

🇷🇴 2.57.121.112

🇬🇧 198.244.189.160

🇺🇸 195.184.76.111

🇮🇹 172.253.228.153

🇺🇸 162.216.150.183

🇫🇮 147.185.133.174

🇺🇸 23.94.92.98

🇺🇸 13.223.136.144

🇨🇳 220.189.209.18

🇵🇱 146.59.95.254

🇮🇳 110.225.255.179

🇵🇱 109.205.211.91

🇳🇱 91.92.40.31

🇺🇸 66.132.195.91