JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 13.94.120.43

13.94.120.43 was found in our database!

This IP was reported 91 times. Confidence of Abuse is 0%: ?

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇮🇪 Ireland
City	Dublin, Leinster

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 13.94.120.43

Whois 13.94.120.43

IP Abuse Reports for 13.94.120.43:

This IP address has been reported a total of 91 times from 84 distinct sources. 13.94.120.43 was first reported on December 15th 2025, and the most recent report was 5 months ago.

Old Reports: The most recent abuse report for this IP address is from 5 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 laietania.net	2025-12-24 16:46:00 (5 months ago)	Web-App Strong Attack	Web App Attack
🇯🇵 beon	2025-12-17 03:53:00 (6 months ago)	This IP was detected twice on my original honeypot and also performed automated reconnaissance and v ... show more This IP was detected twice on my original honeypot and also performed automated reconnaissance and vulnerability scanning against my server between 2025-12-16T04:46:36Z UTC and 2025-12-16T04:46:44Z UTC. The honeypot file: /wp-content/plugins/hellopress/wp_filemanager.php and /class-t.api.php. The targeted paths included examples such as: /an.php, /abcd.php, /wsd.php, /galex.php, /gifclass4.php, /webdb.php and others. Multiple requests used filenames that resemble PHP web shells or exploitation payloads. The behavior is consistent with an automated directory and CMS reconnaissance scan, not normal user browsing. This IP appears to be performing malicious probing and should be treated as suspicious or blocked. show less	Hacking Brute-Force Web App Attack
🇭🇺 DumaNet	2025-12-17 03:22:00 (6 months ago)	Web app attack attempts, scanning for vulnerability. Date: 2025 Dec 15. 14:35:42 Source IP: 13.94. ... show more Web app attack attempts, scanning for vulnerability. Date: 2025 Dec 15. 14:35:42 Source IP: 13.94.120.43 Portion of the log(s): 13.94.120.43 - [15/Dec/2025:14:35:42 +0100] "GET /sfcl.php HTTP/1.1" 404 153 "-" "-" 13.94.120.43 - [15/Dec/2025:14:35:42 +0100] "GET /666.php HTTP/1.1" 404 153 "-" "-" 13.94.120.43 - [15/Dec/2025:14:35:42 +0100] "GET /pu.php HTTP/1.1" 404 153 "-" "-" 13.94.120.43 - [15/Dec/2025:14:35:42 +0100] "GET /222.php HTTP/1.1" 404 153 "-" "-" 13.94.120.43 - [15/Dec/2025:14:35:42 +0100] "GET /buy.php HTTP/1.1" 404 153 "-" "-" 13.94.120.43 - [15/Dec/2025:14:35:42 +0100] "GET /css/sf9.php HTTP/1.1" 404 153 "-" "-" 13.94.120.43 - [15/Dec/2025:14:35:42 +0100] "GET /class-t.api.php HTTP/1.1" 404 153 "-" "-" 13.94.120.43 - [15/Dec/2025:14:35:41 +0100] "GET /webdb.php HTTP/1.1" 404 153 "-" "-" 13.94.120.43 - [15/Dec/2025:14:35:41 +0100] "GET /gifclass4.php HTTP/1.1" 404 153 "-" "-" 13.94.120.43 - [15/Dec/2025:14:35:41 +0100] "GET /galex.php HTTP/1.1" 404 153 "-" "-" show less	Web App Attack
🇹🇷 rtbh.com.tr	2025-12-16 20:10:31 (6 months ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
🇩🇪 ps-center	2025-12-16 10:37:37 (6 months ago)	DIS: Web Attack GET /wp-content/plugins/hellopress/wp_filemanager.php	Web Spam Hacking Bad Web Bot Web App Attack
🇩🇪 ger-stg-sifi1	2025-12-16 10:34:56 (6 months ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇬🇧 openstrike.co.uk	2025-12-16 06:14:12 (6 months ago)	16 attacks on PHP URLs: GET /cro.php HTTP/1.1	Web App Attack
🇩🇪 london2038.com	2025-12-16 05:48:07 (6 months ago)	Probing for exploits 13.94.120.43 - - [16/Dec/2025:05:18:26 +0100] "GET /wp-content/plugins/hellopre ... show more Probing for exploits 13.94.120.43 - - [16/Dec/2025:05:18:26 +0100] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 301 169 "-" "-" 13.94.120.43 - - [16/Dec/2025:06:48:02 +0100] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 301 169 "-" "-" show less	Hacking Web App Attack
🇺🇸 octageeks.com	2025-12-16 05:06:30 (6 months ago)	Wordpress malicious attack:[octascan]	Web App Attack
Anonymous	2025-12-16 04:15:04 (6 months ago)	IP banned by Fail2Ban in jail nginx-abusive-ips	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-12-16 04:14:11 (6 months ago)	13.94.120.43 - - [16/Dec/2025:05:14:10 +0100] "GET /wp-content/plugins/hellopress/wp_filemanager.php ... show more 13.94.120.43 - - [16/Dec/2025:05:14:10 +0100] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 403 3708 ... show less	Web App Attack
🇮🇩 Burayot	2025-12-16 04:04:10 (6 months ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 13.94.120.43 (IE/Ireland/-): 1 in t ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 13.94.120.43 (IE/Ireland/-): 1 in the last 3600 secs show less	Web App Attack
🇫🇷 Savoie	2025-12-16 03:37:00 (6 months ago)	13.94.120.43 *.* - [16/Dec/2025:04:37:27 +0100] "GET /wp-content/plugins/hellopress/wp_filemanag ... show more 13.94.120.43 *.* - [16/Dec/2025:04:37:27 +0100] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 302 250 "-" "-" AND : GET /an.php HTTP/1.1 GET /abcd.php HTTP/1.1 GET /wsd.php HTTP/1.1 GET /galex.php HTTP/1.1 GET /gifclass4.php HTTP/1.1 GET /webdb.php HTTP/1.1 GET /class-t.api.php HTTP/1.1 GET /css/sf9.php HTTP/1.1 GET /buy.php HTTP/1.1 GET /222.php HTTP/1.1 GET /pu.php HTTP/1.1 GET /666.php HTTP/1.1 GET /sfcl.php HTTP/1.1 GET /npcs7k.php HTTP/1.1 GET /cro.php HTTP/1.1 show less	Bad Web Bot Web App Attack
🇩🇪 Mr-Money	2025-12-16 03:28:30 (6 months ago)	scenario: crowdsecurity/http-probing - events: 11	Hacking Web App Attack
🇩🇪 kranem	2025-12-16 03:00:14 (6 months ago)	Triggered Cloudflare WAF from IE. Action taken: BLOCK ASN: 8075 (MICROSOFT-CORP-MSN-AS-BLOCK) Protoc ... show more Triggered Cloudflare WAF from IE. Action taken: BLOCK ASN: 8075 (MICROSOFT-CORP-MSN-AS-BLOCK) Protocol: HTTP/1.1 (GET method) Endpoint: /wp-content/plugins/hellopress/wp_filemanager.php Timestamp: 2025-12-16T00:12:29Z User-Agent: empty show less	Bad Web Bot

Showing 1 to 15 of 91 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇪 198.235.24.222

🇧🇷 187.62.87.27

🇪🇸 185.176.8.77

🇺🇸 164.92.82.91

🇺🇸 147.90.234.41

🇺🇸 66.132.195.119

🇦🇷 45.162.21.23

🇺🇸 40.119.40.156

🇷🇺 5.164.26.191

🇳🇱 2a06:a880:5:74ca::1

🇺🇸 2001:470:1:fb5::1b5

🇺🇸 205.210.31.22

🇧🇷 200.236.200.140

🇲🇾 180.73.151.247

🇮🇩 179.65.193.140

🇺🇸 172.206.226.233

🇱🇦 103.240.243.101

🇬🇧 84.69.20.134

🇳🇱 81.19.216.93

🇺🇦 37.221.131.113