JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.120.115.157

20.120.115.157 was found in our database!

This IP was reported 118 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.120.115.157

Whois 20.120.115.157

IP Abuse Reports for 20.120.115.157:

This IP address has been reported a total of 118 times from 99 distinct sources. 20.120.115.157 was first reported on June 5th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 larse99	2026-06-08 20:57:21 (1 week ago)	Detected Scanning / Hacking activity	Port Scan Hacking
🇹🇷 zadmind	2026-06-08 16:34:39 (1 week ago)	Blocked by automated 404 tracking monitoring system.	Hacking Web App Attack
🇭🇺 DumaNet	2026-06-07 04:19:00 (1 week ago)	Web app attack attempts, scanning for vulnerability. Date: 2026 Jun 06. 03:42:39 Source IP: 20.120 ... show more Web app attack attempts, scanning for vulnerability. Date: 2026 Jun 06. 03:42:39 Source IP: 20.120.115.157 Portion of the log(s): 20.120.115.157 - [06/Jun/2026:03:40:44 +0200] "GET /wp-mail.php HTTP/1.1" 404 153 "-" "-" 20.120.115.157 - [06/Jun/2026:03:40:44 +0200] "GET /test1.php HTTP/1.1" 404 153 "-" "-" 20.120.115.157 - [06/Jun/2026:03:40:44 +0200] "GET /222.php HTTP/1.1" 404 153 "-" "-" 20.120.115.157 - [06/Jun/2026:03:40:44 +0200] "GET /about.php HTTP/1.1" 404 153 "-" "-" 20.120.115.157 - [06/Jun/2026:03:40:44 +0200] "GET /bb.php HTTP/1.1" 404 153 "-" "-" 20.120.115.157 - [06/Jun/2026:03:40:44 +0200] "GET /as.php HTTP/1.1" 404 153 "-" "-" 20.120.115.157 - [06/Jun/2026:03:40:40 +0200] "GET /info.php HTTP/1.1" 404 153 "-" "-" 20.120.115.157 - [06/Jun/2026:03:40:40 +0200] "GET /goods.php HTTP/1.1" 404 153 "-" "-" 20.120.115.157 - [06/Jun/2026:03:40:39 +0200] "GET /class.php HTTP/1.1" 404 153 "-" "-" 20.120.115.157 - [06/Jun/2026:03:40:39 +0200] "GET /xmrlpc.php HTTP/1.1" 404 153 "-" "-" show less	Web App Attack
Anonymous	2026-06-06 22:03:38 (1 week ago)	Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: US, Attack patterns: Word ... show more Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: US, Attack patterns: WordPress scanning, Webshell probing, Malicious User-Agent show less	Bad Web Bot Web App Attack
🇨🇦 polycoda	2026-06-06 11:03:49 (1 week ago)	🔥 VERY AGGRESSIVE SCANNER probed over 200 inexistent files and PHP scripts in less than an hour.	Hacking Web App Attack
🇮🇩 sockominfo	2026-06-06 11:00:39 (1 week ago)	Webshell discovery success (Response: 200), Specific webshell backdoor names detected, Mixed case PH ... show more Webshell discovery success (Response: 200), Specific webshell backdoor names detected, Mixed case PHP extension detected (PhP, PhP5, Phtml, etc), Indonesian - Webshell Detected - Specific Enchanced, Potential webshell scan access detected - Suspicious filename pattern. Threat Score: 9.1/10 (CRITICAL). Confidence: 85%. CVSS v3.1: 10/10 (Critical). CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. Bayesian Probability: 99%. MITRE ATT&CK: T1046 (Network Service Scanning). Tactic: TA0007. Freshness: Moderate. Source Reputation: KNOWN_MALICIOUS. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Email Spam
🇨🇦 polycoda	2026-06-06 10:46:40 (1 week ago)	🔥 VERY AGGRESSIVE SCANNER probed over 100 inexistent files and PHP scripts in less than an hour.	Hacking Web App Attack
🇮🇩 sockominfo	2026-06-06 09:00:39 (1 week ago)	Webshell discovery success (Response: 200), Specific webshell backdoor names detected, Mixed case PH ... show more Webshell discovery success (Response: 200), Specific webshell backdoor names detected, Mixed case PHP extension detected (PhP, PhP5, Phtml, etc), Indonesian - Webshell Detected - Specific Enchanced, Potential webshell scan access detected - Suspicious filename pattern. Threat Score: 9.4/10 (CRITICAL). Confidence: 85%. CVSS v3.1: 10/10 (Critical). CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. Bayesian Probability: 99%. MITRE ATT&CK: T1046 (Network Service Scanning). Tactic: TA0007. Freshness: Moderate. Source Reputation: KNOWN_MALICIOUS. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Email Spam
🇮🇩 sockominfo	2026-06-06 08:00:38 (1 week ago)	Webshell discovery success (Response: 200), Specific webshell backdoor names detected, Mixed case PH ... show more Webshell discovery success (Response: 200), Specific webshell backdoor names detected, Mixed case PHP extension detected (PhP, PhP5, Phtml, etc), Indonesian - Webshell Detected - Specific Enchanced, Potential webshell scan access detected - Suspicious filename pattern. Threat Score: 9.4/10 (CRITICAL). Confidence: 85%. CVSS v3.1: 10/10 (Critical). CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. Bayesian Probability: 99%. MITRE ATT&CK: T1046 (Network Service Scanning). Tactic: TA0007. Freshness: Fresh. Source Reputation: KNOWN_MALICIOUS. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Email Spam
🇺🇦 URAN Publishing Service	2026-06-06 07:10:38 (1 week ago)	20.120.115.157 - - [06/Jun/2026:10:10:35 +0300] "GET /wp-content/plugins/hellopress/wp_filemanager.p ... show more 20.120.115.157 - - [06/Jun/2026:10:10:35 +0300] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 251 "-" "-" ... show less	Web App Attack
🇮🇩 sockominfo	2026-06-06 07:00:12 (1 week ago)	Webshell discovery success (Response: 200). Threat Score: 9/10 (CRITICAL). Reported by TangerangKota ... show more Webshell discovery success (Response: 200). Threat Score: 9/10 (CRITICAL). Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Email Spam
🇩🇪 cloudmax	2026-06-06 06:58:11 (1 week ago)	Cloudmax Protect [WEB BLOCK] - Too many 400/500 requests. Possible attack or hacking attempt	Hacking Web App Attack
🇫🇷 Savoie	2026-06-06 06:56:00 (1 week ago)	20.120.115.157 www.*.* - [06/Jun/2026:08:56:47 +0200] "GET /wp-content/plugins/hellopress/wp_fil ... show more 20.120.115.157 www.*.* - [06/Jun/2026:08:56:47 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 302 250 "-" "-" AND : GET /this_is_a_new_hello_world.php HTTP/1.1 GET /core/init.php HTTP/1.1 GET /aa.php HTTP/1.1 GET /xmrlpc.php HTTP/1.1 GET /class.php HTTP/1.1 etc. etc. etc. show less	Bad Web Bot Web App Attack
🇨🇦 electronico	2026-06-06 06:47:17 (1 week ago)	20.120.115.157 - - [06/Jun/2026:17:47:16 +1100] "GET /wp-content/plugins/hellopress/wp_filemanager.p ... show more 20.120.115.157 - - [06/Jun/2026:17:47:16 +1100] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 5882 "-" "-" 20.120.115.157 - - [06/Jun/2026:17:47:16 +1100] "GET /this_is_a_new_hello_world.php HTTP/1.1" 404 2049 "-" "-" 20.120.115.157 - - [06/Jun/2026:17:47:16 +1100] "GET /core/init.php HTTP/1.1" 404 2049 "-" "-" 20.120.115.157 - - [06/Jun/2026:17:47:16 +1100] "GET /aa.php HTTP/1.1" 404 2049 "-" "-" 20.120.115.157 - - [06/Jun/2026:17:47:16 +1100] "GET /xmrlpc.php HTTP/1.1" 404 2049 "-" "-" 20.120.115.157 - - [06/Jun/2026:17:47:16 +1100] "GET /class.php HTTP/1.1" 404 2049 "-" "-" 20.120.115.157 - - [06/Jun/2026:17:47:16 +1100] "GET /goods.php HTTP/1.1" 404 2049 "-" "-" 20.120.115.157 - - [06/Jun/2026:17:47:17 +1100] "GET /as.php HTTP/1.1" 404 2049 "-" "-" 20.120.115.157 - - [06/Jun/2026:17:47:17 +1100] "GET /bb.php HTTP/1.1" 404 2049 "-" "-" 20.120.115.157 - - [06/Jun/2026:17:47:17 +1100] "GET /about.php HTTP/1.1" 404 2049 "-" "-" ... show less	Brute-Force Web App Attack
🇩🇪 Phenix Info	2026-06-06 06:43:39 (1 week ago)	SmallGuard.fr - Empty User Agent	Web App Attack

Showing 1 to 15 of 118 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇻🇳 171.252.188.166

🇩🇪 138.199.19.168

🇹🇼 111.70.33.193

🇸🇬 103.189.235.114

🇫🇷 85.217.140.52

🇳🇱 45.142.193.169

🇩🇪 45.139.104.54

🇻🇳 2402:800:63a7:8df5:b0b9:bb61:b4a:779c

🇨🇳 223.64.222.30

🇦🇷 190.111.238.163

🇺🇸 104.243.37.202

🇳🇱 91.92.40.13

🇷🇴 80.94.95.211

🇱🇹 79.98.27.7

🇨🇳 58.213.107.138

🇺🇸 44.250.62.98

🇻🇳 203.205.37.233

🇵🇰 203.135.42.52

🇹🇳 197.10.135.32

🇺🇸 185.226.196.30