JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.205.47.9

20.205.47.9 was found in our database!

This IP was reported 41 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇭🇰 Hong Kong
City	Hong Kong

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.205.47.9

Whois 20.205.47.9

IP Abuse Reports for 20.205.47.9:

This IP address has been reported a total of 41 times from 37 distinct sources. 20.205.47.9 was first reported on June 15th 2022, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 Site.eu	2026-06-29 15:50:57 (1 hour ago)	Excessive multi-domain requests	Brute-Force
Anonymous	2026-06-29 15:50:08 (1 hour ago)	Multiple web server 400 error codes from same source ip	Web App Attack
🇩🇪 paissangroup	2026-06-29 15:46:07 (1 hour ago)	Multiple WAF Violations	Web App Attack
🇦🇺 2000cn.com.au	2026-06-29 15:45:45 (1 hour ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-admin-interface-probing	Web App Attack Hacking
🇩🇪 updown.io	2026-06-29 15:21:20 (2 hours ago)	{"level":"info","ts":1782746139.9137871,"logger":"http.log.access.log0","msg":"handled request","req ... show more {"level":"info","ts":1782746139.9137871,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"20.205.47.9","remote_port":"5689","client_ip":"20.205.47.9","proto":"HTTP/1.1","method":"GET","host":"15xp.status.updown.io","uri":"/wp-content/plugins/hellopress/wp_filemanager.php","headers":{}},"bytes_read":0,"user_id":"","duration":0.000108757,"size":0,"status":308,"resp_headers":{"Content-Type":[],"Server":["Caddy"],"Connection":["close"],"Location":["https://15xp.status.updown.io/wp-content/plugins/hellopress/wp_filemanager.php"]}} {"level":"info","ts":1782746142.343251,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"20.205.47.9","remote_port":"14111","client_ip":"20.205.47.9","proto":"HTTP/1.1","method":"GET","host":"15xp.status.updown.io","uri":"/this_is_a_new_hello_world.php","headers":{}},"bytes_read":0,"user_id":"","duration":0.000080174,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location ... show less	DDoS Attack Web App Attack
Anonymous	2026-06-29 15:17:21 (2 hours ago)	20.205.47.9 - - [29/Jun/2026:17:16:47 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php ... show more 20.205.47.9 - - [29/Jun/2026:17:16:47 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 482 "-" "-" 20.205.47.9 - - [29/Jun/2026:17:16:48 +0200] "GET /this_is_a_new_hello_world.php HTTP/1.1" 404 482 "-" "-" 20.205.47.9 - - [29/Jun/2026:17:16:48 +0200] "GET /admin.php HTTP/1.1" 404 482 "-" "-" 20.205.47.9 - - [29/Jun/2026:17:16:48 +0200] "GET /goods.php HTTP/1.1" 404 482 "-" "-" 20.205.47.9 - - [29/Jun/2026:17:16:49 +0200] "GET /public/css.php HTTP/1.1" 404 482 "-" "-" 20.205.47.9 - - [29/Jun/2026:17:16:49 +0200] "GET /classwithtostring.php HTTP/1.1" 404 482 "-" "-" 20.205.47.9 - - [29/Jun/2026:17:16:49 +0200] "GET /wp-includes/block-supports/ HTTP/1.1" 404 482 "-" "-" 20.205.47.9 - - [29/Jun/2026:17:16:50 +0200] "GET /wp-content/admin.php HTTP/1.1" 404 482 "-" "-" 20.205.47.9 - - [29/Jun/2026:17:16:50 +0200] "GET /gelay.php HTTP/1.1" 404 482 "-" "-" 20.205.47.9 - - [29/Jun/2026:17:16:50 +0200] "GET /wp-admin/images/admin.php HTTP/1.1" 404 482 "-" "-" 20.205.47 ... show less	DDoS Attack
Anonymous	2026-06-29 15:15:08 (2 hours ago)	Bot / scanning and/or hacking attempts: GET /public/css.php HTTP/1.1, GET /goods.php HTTP/1.1, GET / ... show more Bot / scanning and/or hacking attempts: GET /public/css.php HTTP/1.1, GET /goods.php HTTP/1.1, GET /admin.php HTTP/1.1, GET /this_is_a_new_hello_world.php HTTP/1.1, GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1 show less	Hacking Web App Attack
🇦🇺 rubixstudios	2026-06-29 15:07:02 (2 hours ago)	Excessive HTTP requests consistent with automated attack behaviour detected by Imunify360	DDoS Attack Brute-Force Web App Attack
Anonymous	2026-06-29 15:03:57 (2 hours ago)	Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: HK, Attack patterns: Word ... show more Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: HK, Attack patterns: WordPress scanning, Webshell probing, Malicious User-Agent show less	Bad Web Bot Web App Attack
🇮🇩 Burayot	2026-06-29 15:02:53 (2 hours ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 20.205.47.9 (HK/Hong Kong/-): 2 in ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 20.205.47.9 (HK/Hong Kong/-): 2 in the last 3600 secs show less	Web App Attack
🇩🇪 LRob.fr	2026-06-29 14:45:16 (2 hours ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
🇳🇱 Mangelot Hosting	2026-06-29 14:45:14 (2 hours ago)	(upload_shell) srv104 Shell upload 20.205.47.9 (HK/Hong Kong/-): 1 in the last 3600 secs; Ports: ; ... show more (upload_shell) srv104 Shell upload 20.205.47.9 (HK/Hong Kong/-): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
Anonymous	2026-06-29 14:37:03 (2 hours ago)	20.205.47.9 - - [29/Jun/2026:16:36:47 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php ... show more 20.205.47.9 - - [29/Jun/2026:16:36:47 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 196 "-" "-" 20.205.47.9 - - [29/Jun/2026:16:36:48 +0200] "GET /this_is_a_new_hello_world.php HTTP/1.1" 404 196 "-" "-" 20.205.47.9 - - [29/Jun/2026:16:36:49 +0200] "GET /admin.php HTTP/1.1" 404 196 "-" "-" 20.205.47.9 - - [29/Jun/2026:16:36:49 +0200] "GET /goods.php HTTP/1.1" 404 196 "-" "-" 20.205.47.9 - - [29/Jun/2026:16:36:49 +0200] "GET /public/css.php HTTP/1.1" 404 196 "-" "-" 20.205.47.9 - - [29/Jun/2026:16:36:51 +0200] "GET /classwithtostring.php HTTP/1.1" 404 196 "-" "-" 20.205.47.9 - - [29/Jun/2026:16:36:51 +0200] "GET /wp-content/admin.php HTTP/1.1" 404 196 "-" "-" 20.205.47.9 - - [29/Jun/2026:16:36:52 +0200] "GET /gelay.php HTTP/1.1" 404 196 "-" "-" 20.205.47.9 - - [29/Jun/2026:16:36:54 +0200] "GET /wp-admin/images/admin.php HTTP/1.1" 404 196 "-" "-" 20.205.47.9 - - [29/Jun/2026:16:36:55 +0200] "GET /adminfuns.php HTTP/1.1" 404 196 "-" "-" 20.205.47.9 - - [29/Jun ... show less	Web App Attack
Anonymous	2026-06-29 14:35:01 (2 hours ago)	[redacted] 20.205.47.9 - - [29/Jun/2026:16:34:52 +0200] "GET /admin.php HTTP/1.1" 404 1873 "-" "-" ... show more [redacted] 20.205.47.9 - - [29/Jun/2026:16:34:52 +0200] "GET /admin.php HTTP/1.1" 404 1873 "-" "-" [redacted] 20.205.47.9 - - [29/Jun/2026:16:34:53 +0200] "GET /wp-content/admin.php HTTP/1.1" 404 1873 "-" "-" [redacted] 20.205.47.9 - - [29/Jun/2026:16:34:54 +0200] "GET /wp-admin/images/admin.php HTTP/1.1" 404 1873 "-" "-" [redacted] 20.205.47.9 - - [29/Jun/2026:16:34:54 +0200] "GET /adminfuns.php HTTP/1.1" 404 1873 "-" "-" [redacted] 20.205.47.9 - - [29/Jun/2026:16:34:54 +0200] "GET /wp-admin/css/ HTTP/1.1" 404 1873 "-" "-" [redacted] 20.205.47.9 - - [29/Jun/2026:16:34:55 +0200] "GET /admin/controller/extension/extension/ultra.php HTTP/1.1" 404 1873 "-" "-" [redacted] 20.205.47.9 - - [29/Jun/2026:16:34:55 +0200] "GET /wp-admin/css/colors/index.php HTTP/1.1" 404 1873 "-" "-" [redacted] 20.205.47.9 - - [29/Jun/2026:16:34:56 +0200] "GET /wp-admin/css/colors/ HTTP/1.1" 404 1873 "-" "-" [redacted] 20.205.47.9 - - [29/Jun/2026:16: ... show less	Hacking Web App Attack
🇮🇩 soc-yk	2026-06-29 14:30:12 (3 hours ago)	Type: web_scanning Risk: 100 Events: 232 Evidence: - Automated hostile web probing detected - Repea ... show more Type: web_scanning Risk: 100 Events: 232 Evidence: - Automated hostile web probing detected - Repeated web scanning activity observed - Multi-event operational persistence identified - Threat escalation behavior observed show less	Web App Attack

Showing 1 to 15 of 41 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 173.194.170.123

🇳🇱 173.194.170.80

🇺🇸 162.216.149.137

🇺🇿 95.130.227.33

🇳🇱 91.92.40.176

🇬🇧 37.143.61.84

🇬🇧 35.203.211.82

🇬🇲 197.255.197.194

🇺🇸 173.194.103.167

🇺🇸 173.194.103.85

🇺🇸 173.194.101.29

🇺🇸 162.216.149.240

🇱🇹 81.30.98.62

🇩🇪 45.145.56.122

🇱🇹 185.153.203.86

🇺🇸 173.194.101.209

🇺🇸 172.69.66.42

🇺🇸 167.89.79.122

🇭🇰 103.30.40.129

🇫🇷 91.196.152.97