JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.214.156.172

20.214.156.172 was found in our database!

This IP was reported 132 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇰🇷 Korea (the Republic of)
City	Seoul, Seoul

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.214.156.172

Whois 20.214.156.172

IP Abuse Reports for 20.214.156.172:

This IP address has been reported a total of 132 times from 121 distinct sources. 20.214.156.172 was first reported on June 24th 2026, and the most recent report was 8 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 mnsf	2026-06-25 21:20:50 (8 hours ago)	Too many Status 40X (22)	Brute-Force Web App Attack
Anonymous	2026-06-25 17:03:56 (12 hours ago)	Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: KR, Attack patterns: Word ... show more Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: KR, Attack patterns: WordPress scanning, Malicious User-Agent show less	Bad Web Bot Web App Attack
🇫🇷 IRISIO	2026-06-25 10:32:44 (19 hours ago)	scans/SQL injection/spam posts : 167 queries	Web App Attack SQL Injection
🇫🇷 guillaume illien	2026-06-24 23:39:20 (1 day ago)	20.214.156.172 - - [24/Jun/2026:23:39:14 +0000] "GET /wp-content/plugins/hellopress/wp_filemanager.p ... show more 20.214.156.172 - - [24/Jun/2026:23:39:14 +0000] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 301 178 "-" "-" 20.214.156.172 - - [24/Jun/2026:23:39:16 +0000] "GET /this_is_a_new_hello_world.php HTTP/1.1" 301 178 "-" "-" 20.214.156.172 - - [24/Jun/2026:23:39:16 +0000] "GET /get.php HTTP/1.1" 301 178 "-" "-" 20.214.156.172 - - [24/Jun/2026:23:39:17 +0000] "GET /wp-admin/maint/admin.php HTTP/1.1" 301 178 "-" "-" 20.214.156.172 - - [24/Jun/2026:23:39:18 +0000] "GET /mosty.php HTTP/1.1" 301 178 "-" "-" 20.214.156.172 - - [24/Jun/2026:23:39:19 +0000] "GET /mac.php HTTP/1.1" 301 178 "-" "-" 20.214.156.172 - - [24/Jun/2026:23:39:19 +0000] "GET /k.php HTTP/1.1" 301 178 "-" "-" ... show less	Hacking Brute-Force Web App Attack SSH
🇮🇹 madaello	2026-06-24 23:27:24 (1 day ago)	20.214.156.172 - - [25/Jun/2026:01:27:15 +0200] "GET /this_is_a_new_hello_world.php?password-protect ... show more 20.214.156.172 - - [25/Jun/2026:01:27:15 +0200] "GET /this_is_a_new_hello_world.php?password-protected=login&redirect_to=https%3A%2F%2Fseprian.imperatrice.to.it%2Fthis_is_a_new_hello_world.php HTTP/1.1" 404 4948 "-" "-" 20.214.156.172 - - [25/Jun/2026:01:27:16 +0200] "GET /get.php?password-protected=login&redirect_to=https%3A%2F%2Fseprian.imperatrice.to.it%2Fget.php HTTP/1.1" 404 4882 "-" "-" 20.214.156.172 - - [25/Jun/2026:01:27:17 +0200] "GET /wp-admin/maint/admin.php?password-protected=login&redirect_to=https%3A%2F%2Fseprian.imperatrice.to.it%2Fwp-admin%2Fmaint%2Fadmin.php HTTP/1.1" 404 4937 "-" "-" 20.214.156.172 - - [25/Jun/2026:01:27:18 +0200] "GET /mosty.php?password-protected=login&redirect_to=https%3A%2F%2Fseprian.imperatrice.to.it%2Fmosty.php HTTP/1.1" 404 4888 "-" "-" 20.214.156.172 - - [25/Jun/2026:01:27:19 +0200] "GET /mac.php?password-protected=login&redirect_to=https%3A%2F%2Fseprian.imperatrice.to.it%2Fmac.php HTTP/1.1" 404 4882 "-" "-" 20.214.156.172 - - [25/Jun/2026:01 ... show less	Web App Attack
🇺🇦 URAN Publishing Service	2026-06-24 23:24:14 (1 day ago)	20.214.156.172 - - [25/Jun/2026:02:24:13 +0300] "GET /wp-content/plugins/hellopress/wp_filemanager.p ... show more 20.214.156.172 - - [25/Jun/2026:02:24:13 +0300] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 710 "-" "-" ... show less	Web App Attack
🇦🇺 nzhost.co.nz	2026-06-24 23:15:57 (1 day ago)	$f2bV_matches	Hacking Brute-Force
🇩🇪 Nevermind	2026-06-24 22:43:24 (1 day ago)	20.214.156.172 - - [25/Jun/2026:00:43:22 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.p ... show more 20.214.156.172 - - [25/Jun/2026:00:43:22 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 808 "-" "-" 20.214.156.172 - - [25/Jun/2026:00:43:23 +0200] "GET /this_is_a_new_hello_world.php HTTP/1.1" 404 808 "-" "-" 20.214.156.172 - - [25/Jun/2026:00:43:23 +0200] "GET /get.php HTTP/1.1" 404 808 "-" "-" 20.214.156.172 - - [25/Jun/2026:00:43:24 +0200] "GET /wp-admin/maint/admin.php HTTP/1.1" 404 808 "-" "-" ... show less	Web App Attack
🇵🇱 strefapi_com	2026-06-24 22:41:46 (1 day ago)	Brute-force, web ...	Hacking Brute-Force Web App Attack
Anonymous	2026-06-24 22:19:13 (1 day ago)	20.214.156.172 - - [24/Jun/2026:22:19:12 +0000] "GET /wp-content/plugins/hellopress/wp_filemanager.p ... show more 20.214.156.172 - - [24/Jun/2026:22:19:12 +0000] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 3010 "-" "-" ... show less	Bad Web Bot Web App Attack
Anonymous	2026-06-24 22:05:07 (1 day ago)	PHP file probing detected by Fail2Ban	Web App Attack
🇳🇿 Tripwire	2026-06-24 22:02:30 (1 day ago)	Scanning for exploits - /wp-content/plugins/hellopress/wp_filemanager.php	Hacking Web App Attack
🇳🇱 homeshowdomain.nl	2026-06-24 22:01:56 (1 day ago)	Auto-ban: >3000 req/min op 2026-06-24	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-06-24 21:51:33 (1 day ago)	(mod_security) mod_security (id:210730) triggered by 20.214.156.172 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 20.214.156.172 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 17:51:26.850415 2026] [security2:error] [pid 13576:tid 13576] [client 20.214.156.172:33060] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|xtrl.com\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "xtrl.com"] [uri "/home/tancedi1/public_html/xtrl.com"] [unique_id "ajxRXu07E0O3vbSoyA-B8QAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ghostwarriors	2026-06-24 21:50:28 (1 day ago)	Webpage scraping	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 132 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇴 193.32.162.84

🇲🇽 189.189.13.48

🇧🇷 187.62.87.27

🇺🇸 107.175.94.125

🇻🇳 103.200.22.216

🇺🇸 64.62.156.68

🇰🇷 61.76.112.4

🇺🇸 47.251.80.96

🇰🇷 211.63.214.90

🇧🇷 189.54.16.171

🇳🇱 176.65.148.244

🇩🇪 167.94.145.17

🇺🇸 92.204.138.198

🇺🇸 64.62.156.20

🇷🇺 46.39.254.221

🇫🇷 2001:41d0:33d:9200::40a

🇭🇰 199.45.154.189

🇩🇪 193.124.20.252

🇺🇸 128.203.201.155

🇨🇳 117.50.199.249