JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.12.185.213

20.12.185.213 was found in our database!

This IP was reported 115 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.12.185.213

Whois 20.12.185.213

IP Abuse Reports for 20.12.185.213:

This IP address has been reported a total of 115 times from 105 distinct sources. 20.12.185.213 was first reported on June 21st 2026, and the most recent report was 1 minute ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Stefan Dreher	2026-06-21 18:46:13 (1 minute ago)	20.12.185.213 - - [21/Jun/2026:20:46:10 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.ph ... show more 20.12.185.213 - - [21/Jun/2026:20:46:10 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 153 "-" "-" 20.12.185.213 - - [21/Jun/2026:20:46:10 +0200] "GET /this_is_a_new_hello_world.php HTTP/1.1" 404 153 "-" "-" 20.12.185.213 - - [21/Jun/2026:20:46:11 +0200] "GET /op.php.php HTTP/1.1" 404 153 "-" "-" 20.12.185.213 - - [21/Jun/2026:20:46:11 +0200] "GET /OVO7xf.php HTTP/1.1" 404 153 "-" "-" 20.12.185.213 - - [21/Jun/2026:20:46:11 +0200] "GET /4PJcpMFsD8B.php HTTP/1.1" 404 153 "-" "-" ... show less	Hacking Brute-Force
🇫🇷 Catalin Negru	2026-06-21 18:29:02 (18 minutes ago)	2026-06-21 21:28:55,380 fail2ban.actions [2945670]: NOTICE [apache-404] Ban 20.12.185.213 20 ... show more 2026-06-21 21:28:55,380 fail2ban.actions [2945670]: NOTICE [apache-404] Ban 20.12.185.213 2026-06-21 21:28:55,665 fail2ban.actions [2945670]: NOTICE [apache-scan] Ban 20.12.185.213 2026-06-21 21:28:55,665 fail2ban.actions [2945670]: NOTICE [apache-security] Ban 20.12.185.213 2026-06-21 21:28:55,779 fail2ban.actions [2945670]: NOTICE [web-scanner] Ban 20.12.185.213 2026-06-21 21:29:01,681 fail2ban.actions [2945670]: NOTICE [wordpress] Ban 20.12.185.213 ... show less	Brute-Force Web App Attack
🇩🇰 ScamAware	2026-06-21 18:28:05 (19 minutes ago)	Detected by Cloudflare Security Events via WordPress automation. Detection: bad_bot_scanner (Bad bot ... show more Detected by Cloudflare Security Events via WordPress automation. Detection: bad_bot_scanner (Bad bot / scanner behavior). Hits from same IP in last 60 minutes: 129. Unique request paths counted internally: 129. Cloudflare action: managed_challenge. Cloudflare source: botFight. show less	Bad Web Bot
🇫🇷 phoenix1jl96	2026-06-21 18:25:38 (21 minutes ago)	2026/06/21 20:25:04 [error] 1346051#1346051: 215721 open() "/home/user-data/www/default/cgi-bin/ind ... show more 2026/06/21 20:25:04 [error] 1346051#1346051: 215721 open() "/home/user-data/www/default/cgi-bin/index.php" failed (2: No such file or directory), client: 20.12.185.213, server: optique-gravelines.fr, request: "GET //cgi-bin/index.php HTTP/1.1", host: "optique-gravelines.fr" 2026/06/21 20:25:07 [error] 1346051#1346051: *215721 open() "/home/user-data/www/default/cgi-bin/admin.php" failed (2: No such file or directory), client: 20.12.185.213, server: optique-gravelines.fr, request: "GET //cgi-bin/admin.php HTTP/1.1", host: "optique-gravelines.fr" ... show less	DNS Compromise DNS Poisoning DDoS Attack Ping of Death Web Spam Email Spam Blog Spam Port Scan Hacking Brute-Force Bad Web Bot SSH Web App Attack
🇩🇪 todix	2026-06-21 18:11:33 (35 minutes ago)	WebAttack or semilar from 20.12.185.213	Web App Attack
🇫🇷 bazter.pro	2026-06-21 18:10:22 (36 minutes ago)	Fail2Ban: plesk-scanner - 10 failures	Port Scan Hacking Brute-Force Web App Attack
🇫🇷 Baking333	2026-06-21 18:09:55 (37 minutes ago)	[redacted] 20.12.185.213 - - [21/Jun/2026:19:09:48 +0100] "GET /wp-content/plugins/hellopress/wp_fil ... show more [redacted] 20.12.185.213 - - [21/Jun/2026:19:09:48 +0100] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 200 147 0/23885 "-" "-" [redacted] 20.12.185.213 - - [21/Jun/2026:19:09:54 +0100] "GET /[redacted] HTTP/1.1" 200 147 0/23772 "-" "-" show less	Bad Web Bot Web App Attack
🇺🇸 Charlesiv	2026-06-21 18:07:37 (39 minutes ago)	Triggered Cloudflare WAF (botFight) from US. Action taken: MANAGED_CHALLENGE ASN: 8075 (Microsoft Co ... show more Triggered Cloudflare WAF (botFight) from US. Action taken: MANAGED_CHALLENGE ASN: 8075 (Microsoft Corporation) Protocol: HTTP/1.1 (GET method) Endpoint: /wp-admin/network/plugins.php Timestamp: 2026-06-21T17:32:34Z Ray ID: a0f4c0d8f828e417 UA: Empty string show less	Bad Web Bot
🇫🇮 NoaQT	2026-06-21 18:06:22 (40 minutes ago)	2026-06-21T18:06:20.517707+00:00 ingress-1 haproxy[290]: 20.12.185.213:64958 [21/Jun/2026:18:06:20.5 ... show more 2026-06-21T18:06:20.517707+00:00 ingress-1 haproxy[290]: 20.12.185.213:64958 [21/Jun/2026:18:06:20.517] https_in https_in/<NOSRV> 0/-1/-1/-1/0 429 225 - - PR-- 184/183/0/0/0 0/0 "GET /samll.php HTTP/1.1" 2026-06-21T18:06:20.783282+00:00 ingress-1 haproxy[290]: 20.12.185.213:64958 [21/Jun/2026:18:06:20.782] https_in https_in/<NOSRV> 0/-1/-1/-1/0 429 225 - - PR-- 184/183/0/0/0 0/0 "GET /jj.php HTTP/1.1" 2026-06-21T18:06:20.924410+00:00 ingress-1 haproxy[290]: 20.12.185.213:64958 [21/Jun/2026:18:06:20.924] https_in https_in/<NOSRV> 0/-1/-1/-1/0 429 225 - - PR-- 184/183/0/0/0 0/0 "GET /oka3u7.php HTTP/1.1" 2026-06-21T18:06:21.065427+00:00 ingress-1 haproxy[290]: 20.12.185.213:64958 [21/Jun/2026:18:06:21.065] https_in https_in/<NOSRV> 0/-1/-1/-1/0 429 225 - - PR-- 184/183/0/0/0 0/0 "GET /sx_pms.php HTTP/1.1" 2026-06-21T18:06:21.207663+00:00 ingress-1 haproxy[290]: 20.12.185.213:64958 [21/Jun/2026:18:06:21.207] https_in https_in/<NOSRV> 0/-1/-1/-1/0 429 225 - - PR-- 184/183/0/0/0 0/0 "GET /w ... show less	DDoS Attack
🇵🇱 lns.bz	2026-06-21 18:00:31 (46 minutes ago)	Web app attack [PL.Lu]	Exploited Host Web App Attack
🇳🇿 Antinson	2026-06-21 17:54:38 (52 minutes ago)	Scraping with a high error ratio and request rate	Bad Web Bot
Anonymous	2026-06-21 17:44:28 (1 hour ago)	20.12.185.213 - - [21/Jun/2026:19:44:26 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.ph ... show more 20.12.185.213 - - [21/Jun/2026:19:44:26 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 301 162 "-" "-" "-" "X" 20.12.185.213 - - [21/Jun/2026:19:44:27 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 403 190 "-" "-" "-" "X" 20.12.185.213 - - [21/Jun/2026:19:44:27 +0200] "GET /this_is_a_new_hello_world.php HTTP/1.1" 403 190 "-" "-" "-" "X" 20.12.185.213 - - [21/Jun/2026:19:44:27 +0200] "GET /this_is_a_new_hello_world.php HTTP/1.1" 301 162 "-" "-" "-" "X" 20.12.185.213 - - [21/Jun/2026:19:44:28 +0200] "GET /op.php.php HTTP/1.1" 301 162 "-" "-" "-" "X" 20.12.185.213 - - [21/Jun/2026:19:44:28 +0200] "GET /op.php.php HTTP/1.1" 403 190 "-" "-" "-" "X" show less	Brute-Force
🇺🇸 WellSpring	2026-06-21 17:34:00 (1 hour ago)	wordpress scan on 760.today/wp-includes/sodium_compat/ — WellSpr.ing/NetSentinel civic-AI security l ... show more wordpress scan on 760.today/wp-includes/sodium_compat/ — WellSpr.ing/NetSentinel civic-AI security layer show less	Bad Web Bot Web App Attack
🇺🇸 SANYALnet Labs	2026-06-21 17:30:02 (1 hour ago)	Jun 21 17:29:41 hecnet-us-east-gw lighttpd[1017]: 20.12.185.213 impvax.duckdns.org - [21/Jun/2026:17 ... show more Jun 21 17:29:41 hecnet-us-east-gw lighttpd[1017]: 20.12.185.213 impvax.duckdns.org - [21/Jun/2026:17:29:41 +0000] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 341 "-" "-" Jun 21 17:29:42 hecnet-us-east-gw lighttpd[1017]: 20.12.185.213 impvax.duckdns.org - [21/Jun/2026:17:29:41 +0000] "GET /this_is_a_new_hello_world.php HTTP/1.1" 404 341 "-" "-" Jun 21 17:29:45 hecnet-us-east-gw lighttpd[1017]: 20.12.185.213 impvax.duckdns.org - [21/Jun/2026:17:29:45 +0000] "GET /op.php.php HTTP/1.1" 404 341 "-" "-" Jun 21 17:29:52 hecnet-us-east-gw lighttpd[1017]: 20.12.185.213 impvax.duckdns.org - [21/Jun/2026:17:29:52 +0000] "GET /OVO7xf.php HTTP/1.1" 404 341 "-" "-" Jun 21 17:29:54 hecnet-us-east-gw lighttpd[1017]: 20.12.185.213 impvax.duckdns.org - [21/Jun/2026:17:29:54 +0000] "GET /4PJcpMFsD8B.php HTTP/1.1" 404 341 "-" "-" Jun 21 17:29:58 hecnet-us-east-gw lighttpd[1017]: 20.12.185.213 impvax.duckdns.org - [21/Jun/2026:17:29:57 +0000] "GET /3PJcpMFsD8B.php HTTP/1.1" 404 341 ... show less	Brute-Force
🇷🇴 INTEQ	2026-06-21 17:26:27 (1 hour ago)	Web attack from 20.12.185.213	Web App Attack

Showing 1 to 15 of 115 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇯🇵 207.56.228.128

🇧🇷 205.210.31.233

🇨🇱 200.120.30.165

🇳🇱 195.178.110.30

🇦🇷 181.15.235.223

🇬🇧 167.99.199.1

🇺🇸 165.154.254.143

🇨🇳 120.48.154.88

🇳🇱 85.11.167.11

🇱🇹 62.60.130.14

🇧🇷 43.164.194.33

🇺🇸 216.25.89.104

🇹🇼 210.209.237.43

🇧🇷 179.189.205.241

🇮🇶 169.224.65.9

🇺🇸 159.223.169.92

🇺🇸 147.185.132.9

🇺🇸 146.190.149.252

🇰🇷 110.14.190.221

🇬🇷 79.127.175.71