JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.20.45.1

185.20.45.1 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 0%: ?

ISP	OOO NECSTEL
Usage Type	Fixed Line ISP
ASN	AS61068
Domain Name	nextel.net
Country	🇷🇺 Russian Federation
City	Chekhov, Moscow Oblast

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.20.45.1

Whois 185.20.45.1

IP Abuse Reports for 185.20.45.1:

This IP address has been reported a total of 19 times from 14 distinct sources. 185.20.45.1 was first reported on July 9th 2025, and the most recent report was 7 months ago.

Old Reports: The most recent abuse report for this IP address is from 7 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 ipoac.nl	2025-10-30 19:38:49 (7 months ago)	- - - - - - [30/Oct/2025:20:38:48 +0100] - - "GET /shell.php HTTP/1.1" 302 823 "-" "Mozilla/5.0 (Win ... show more - - - - - - [30/Oct/2025:20:38:48 +0100] - - "GET /shell.php HTTP/1.1" 302 823 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/- YaBrowser/- Safari/537.36" show less	Bad Web Bot
🇬🇧 secopsUK	2025-10-28 17:00:00 (7 months ago)	web attack over nessus, crawling and vulnerability scannings.	Web Spam Port Scan Hacking SQL Injection Brute-Force Bad Web Bot Web App Attack
🇮🇹 Progetto1	2025-10-28 10:35:02 (7 months ago)	Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
🇩🇪 KiekerJan	2025-10-28 00:47:44 (7 months ago)	185.20.45.1 - - [28/Oct/2025:01:47:43 +0100] "GET /wp-content/plugins/drag-and-drop-multiple-file-up ... show more 185.20.45.1 - - [28/Oct/2025:01:47:43 +0100] "GET /wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/assets/js/codedropz-uploader-min.js HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.7204.93 Safari/537.36" 185.20.45.1 - - [28/Oct/2025:01:47:43 +0100] "GET /wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/assets/js/codedropz-uploader-min.js HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.7204.93 Safari/537.36" ... show less	Web App Attack
🇱🇻 garmtech.com	2025-10-27 21:44:14 (7 months ago)	IM360 WAF: Interaction with fake plugin MV:/wp-content/plugins/WordPressCore/include.php	Web App Attack
Anonymous	2025-10-26 20:32:07 (7 months ago)	wordpress-trap	Web App Attack
🇩🇪 todix	2025-10-25 20:12:09 (7 months ago)	WebAttack or semilar from 185.20.45.1	Web App Attack
🇵🇱 ketovoila.pl	2025-10-25 03:06:45 (7 months ago)	ketovoila.pl HONEYPOT traffic: count=2, paths=2; sample_path=ketovoila.pl/wp-cli.phar; UA=Mozilla/5. ... show more ketovoila.pl HONEYPOT traffic: count=2, paths=2; sample_path=ketovoila.pl/wp-cli.phar; UA=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36; window=2025-10-25T02:38:43Z..2025-10-25T02:38:42Z show less	Port Scan Hacking Brute-Force
🇺🇸 TPI-Abuse	2025-10-24 10:42:09 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 185.20.45.1 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:225170) triggered by 185.20.45.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 24 06:42:03.411523 2025] [security2:error] [pid 10144:tid 10144] [client 185.20.45.1:11604] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|babylontravelone.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "babylontravelone.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aPtX-wEfTtoabc_EPwg-NgAAACI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-24 07:24:32 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 185.20.45.1 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:225170) triggered by 185.20.45.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 24 03:24:24.971917 2025] [security2:error] [pid 15293:tid 15293] [client 185.20.45.1:12467] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|protection4allsecurity.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "protection4allsecurity.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aPspqP3pUNv_amxHgJIMnAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-24 06:20:00 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 185.20.45.1 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:225170) triggered by 185.20.45.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 24 02:19:54.955842 2025] [security2:error] [pid 23919:tid 23919] [client 185.20.45.1:12473] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|fusionrep.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "fusionrep.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aPsaimLAXrJHZPaFW9NiUQAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2025-10-23 22:09:09 (7 months ago)	Blocking for trying to access an exploit file: /test.php	Hacking
🇺🇸 TPI-Abuse	2025-10-23 20:08:51 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 185.20.45.1 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:225170) triggered by 185.20.45.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 23 16:08:45.732261 2025] [security2:error] [pid 642141:tid 642141] [client 185.20.45.1:14760] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|sharawi-gum.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "sharawi-gum.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aPqLTUU4Z4VqUoK1zBIDTAAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-10-23 17:13:29 (7 months ago)	wordpress-trap	Web App Attack
🇺🇸 TPI-Abuse	2025-10-23 13:50:56 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 185.20.45.1 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:225170) triggered by 185.20.45.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 23 09:50:43.606791 2025] [security2:error] [pid 30657:tid 30657] [client 185.20.45.1:10522] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|fattoria-rendena.it\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "fattoria-rendena.it"] [uri "/wp-json/wp/v2/users"] [unique_id "aPoyszx_qvi2skcn1-oLJgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 198.235.24.91

🇵🇱 87.251.64.157

🇺🇸 216.25.89.123

🇧🇷 205.210.31.183

🇳🇱 185.223.235.26

🇳🇱 185.223.235.15

🇸🇬 172.188.218.162

🇺🇸 142.93.60.246

🇫🇮 94.183.234.128

🇺🇸 69.127.233.121

🇱🇹 62.60.130.251

🇰🇷 106.243.155.71

🇭🇰 103.158.29.100

🇮🇳 103.139.191.60

🇩🇪 69.5.169.236

🇺🇸 152.32.235.90

🇷🇴 80.94.92.171

🇺🇸 65.49.1.24

🇺🇸 64.227.30.58

🇺🇸 57.141.0.65