JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 64.236.133.96

64.236.133.96 was found in our database!

This IP was reported 44 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Chicago, Illinois

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 64.236.133.96

Whois 64.236.133.96

IP Abuse Reports for 64.236.133.96:

This IP address has been reported a total of 44 times from 34 distinct sources. 64.236.133.96 was first reported on July 15th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 openstrike.co.uk	2026-06-03 05:14:34 (1 day ago)	8 attacks on PHP URLs: POST /wp/xmlrpc.php HTTP/1.1	Web App Attack
🇺🇸 octageeks.com	2026-06-03 04:07:03 (1 day ago)	Wordpress malicious attack:[octablocked]	Web App Attack
🇲🇹 Malta	2026-06-02 19:34:16 (1 day ago)	64.236.133.96 - - [02/Jun/2026:21:34:15 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT ... show more 64.236.133.96 - - [02/Jun/2026:21:34:15 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" Brute-force password attempt show less	Hacking Web App Attack Brute-Force
🇧🇾 lns.bz	2026-06-02 19:24:41 (1 day ago)	Banned for trying to access xmlrpc [BY]	Web App Attack
🇺🇸 etu brutus	2026-06-02 19:12:28 (1 day ago)	64.236.133.96 Blocked by [Attack Vector List] ...	Hacking Brute-Force Exploited Host
🇺🇸 TPI-Abuse	2026-06-02 19:11:25 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 64.236.133.96 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 64.236.133.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 15:11:20.251193 2026] [security2:error] [pid 11383:tid 11383] [client 64.236.133.96:36818] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 64.236.133.96 (+1 hits since last alert)\|limeroc.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "limeroc.com"] [uri "/wp/xmlrpc.php"] [unique_id "ah8q2HPpA0DZBN89keMQ2wAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 18:49:52 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 64.236.133.96 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 64.236.133.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 14:49:43.931519 2026] [security2:error] [pid 32352:tid 32380] [client 64.236.133.96:37745] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 64.236.133.96 (+1 hits since last alert)\|victorchiarizia.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "victorchiarizia.com"] [uri "/wp/xmlrpc.php"] [unique_id "ah8lxzRiu_UyQqvX4IfLjwAAANE"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ger-stg-sifi1	2026-06-02 18:35:14 (1 day ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 18:24:52 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 64.236.133.96 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 64.236.133.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 14:24:46.117100 2026] [security2:error] [pid 14470:tid 14470] [client 64.236.133.96:35981] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 64.236.133.96 (+1 hits since last alert)\|oximoron.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "oximoron.com"] [uri "/wp/xmlrpc.php"] [unique_id "ah8f7uC2XS5Ue_SEb6Tk_wAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 lakered	2026-06-02 18:03:23 (1 day ago)	Detectors: [NGINX] \| Reasons: Nginx Honeypot: Administration interface scan \| Tech Evidence: JA4H: 9 ... show more Detectors: [NGINX] \| Reasons: Nginx Honeypot: Administration interface scan \| Tech Evidence: JA4H: 96d55b010eea63fe63a208d5d7cdff72, Minimal-Browser-Profile, Lazy-Header-Accept, Fake-Chrome-Desktop (No-CH), TLS-JA4-Spoofing-Detected (UA claims Browser but JA4 reports No-HTTP/2: t13d131000), JA4: t13d131000 \| UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 show less	Port Scan Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 17:52:26 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 64.236.133.96 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 64.236.133.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 13:52:19.176929 2026] [security2:error] [pid 12016:tid 12041] [client 64.236.133.96:37714] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 64.236.133.96 (+1 hits since last alert)\|conceptsinammunition.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "conceptsinammunition.com"] [uri "/wp/xmlrpc.php"] [unique_id "ah8YU_2_j6XqzaJ1atNrigAAAZU"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 4server	2026-06-02 17:38:28 (1 day ago)	[TueJun0219:38:03.0992002026][security2:error][pid2988965:tid2989005][client64.236.133.96:0]ModSecur ... show more [TueJun0219:38:03.0992002026][security2:error][pid2988965:tid2989005][client64.236.133.96:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"367\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"ticino-host.ch\"][uri\"/wp/xmlrpc.php\"][unique_id\"ah8U-z_mOv17mpJCZrBe1gAAAVM\"] show less	Hacking Web App Attack
🇳🇱 ipoac.nl	2026-06-02 17:25:54 (1 day ago)	ipoac.nl:443 64.236.133.96 - - [02/Jun/2026:19:25:52 +0200] ipoac.nl "POST /wp/xmlrpc.php HTTP/1.1" ... show more ipoac.nl:443 64.236.133.96 - - [02/Jun/2026:19:25:52 +0200] ipoac.nl "POST /wp/xmlrpc.php HTTP/1.1" 404 7469 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" show less	Bad Web Bot
🇦🇺 paulshipley.com.au	2026-06-02 17:07:08 (1 day ago)	levellagiftware.com.au:443 64.236.133.96 - - [03/Jun/2026:03:07:05 +1000] "POST /wp/xmlrpc.php HTTP/ ... show more levellagiftware.com.au:443 64.236.133.96 - - [03/Jun/2026:03:07:05 +1000] "POST /wp/xmlrpc.php HTTP/1.1" 404 204026 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" ... show less	Web App Attack
🇺🇸 mnsf	2026-06-02 17:05:59 (1 day ago)	Xmlrpc Caught (6)	Brute-Force Web App Attack

Showing 1 to 15 of 44 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 206.221.176.60

🇨🇦 178.128.227.56

🇭🇰 103.52.153.215

🇫🇷 62.4.13.165

🇲🇾 49.125.203.170

🇬🇧 35.203.210.168

🇺🇸 207.90.244.6

🇺🇸 162.216.150.113

🇬🇧 139.59.190.193

🇮🇳 103.91.246.101

🇿🇦 102.219.170.30

🇰🇪 102.210.148.203

🇩🇪 91.99.210.171

🇮🇹 83.224.175.1

🇺🇸 67.20.76.98

🇺🇸 64.227.49.223

🇲🇾 49.124.149.54

🇦🇹 45.95.243.136

🇬🇧 35.203.210.146

🇸🇬 20.157.117.15