JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.215.65.22

20.215.65.22 was found in our database!

This IP was reported 258 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇵🇱 Poland
City	Warsaw, Mazovia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.215.65.22

Whois 20.215.65.22

IP Abuse Reports for 20.215.65.22:

This IP address has been reported a total of 258 times from 209 distinct sources. 20.215.65.22 was first reported on June 25th 2026, and the most recent report was 7 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-26 08:03:21 (7 minutes ago)	Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: PL, Attack patterns: Word ... show more Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: PL, Attack patterns: WordPress scanning, Malicious User-Agent show less	Bad Web Bot Web App Attack
🇬🇧 openstrike.co.uk	2026-06-26 05:16:26 (2 hours ago)	627 attacks on PHP URLs: GET /6.php HTTP/1.1	Web App Attack
🇲🇽 octageeks.com	2026-06-26 04:20:19 (3 hours ago)	Wordpress malicious attack:[octascan]	Web App Attack
Anonymous	2026-06-26 01:03:40 (7 hours ago)	20.215.65.22 - - [26/Jun/2026:09:03:27 +0800] "GET /wp-content/plugins/hellopress/wp_filemanager.php ... show more 20.215.65.22 - - [26/Jun/2026:09:03:27 +0800] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 299862 "-" "-" 20.215.65.22 - - [26/Jun/2026:09:03:30 +0800] "GET /this_is_a_new_hello_world.php HTTP/1.1" 404 299862 "-" "-" 20.215.65.22 - - [26/Jun/2026:09:03:32 +0800] "GET /c55cdler.php HTTP/1.1" 404 299862 "-" "-" 20.215.65.22 - - [26/Jun/2026:09:03:33 +0800] "GET /ingfo.php HTTP/1.1" 404 299862 "-" "-" 20.215.65.22 - - [26/Jun/2026:09:03:34 +0800] "GET /ops.php HTTP/1.1" 404 299862 "-" "-" 20.215.65.22 - - [26/Jun/2026:09:03:35 +0800] "GET /201.php HTTP/1.1" 404 299862 "-" "-" 20.215.65.22 - - [26/Jun/2026:09:03:36 +0800] "GET /ppp.php HTTP/1.1" 404 299862 "-" "-" 20.215.65.22 - - [26/Jun/2026:09:03:37 +0800] "GET /colay.php HTTP/1.1" 404 299862 "-" "-" 20.215.65.22 - - [26/Jun/2026:09:03:38 +0800] "GET /xocx.php HTTP/1.1" 404 299862 "-" "-" 20.215.65.22 - - [26/Jun/2026:09:03:40 +0800] "GET /aaf.php HTTP/1.1" 404 299862 "-" "-" ... show less	Bad Web Bot Web App Attack
🇬🇧 andypiper	2026-06-26 01:02:20 (7 hours ago)	CrowdSec ban for AbuseIPDB Top List	Brute-Force Web App Attack
🇩🇪 Stefan Dreher	2026-06-26 00:20:19 (7 hours ago)	20.215.65.22 - - [26/Jun/2026:02:20:17 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php ... show more 20.215.65.22 - - [26/Jun/2026:02:20:17 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 153 "-" "-" 20.215.65.22 - - [26/Jun/2026:02:20:17 +0200] "GET /this_is_a_new_hello_world.php HTTP/1.1" 404 153 "-" "-" 20.215.65.22 - - [26/Jun/2026:02:20:18 +0200] "GET /mass.php HTTP/1.1" 404 153 "-" "-" 20.215.65.22 - - [26/Jun/2026:02:20:18 +0200] "GET /spawns.php?p= HTTP/1.1" 404 153 "-" "-" 20.215.65.22 - - [26/Jun/2026:02:20:18 +0200] "GET /3PJcpMFsD8B.php HTTP/1.1" 404 153 "-" "-" ... show less	Hacking Brute-Force
🇩🇪 london2038.com	2026-06-26 00:05:40 (8 hours ago)	Probing for exploits 20.215.65.22 - - [26/Jun/2026:02:05:32 +0200] "GET /wp-content/plugins/hellopre ... show more Probing for exploits 20.215.65.22 - - [26/Jun/2026:02:05:32 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 301 169 "-" "-" 20.215.65.22 - - [26/Jun/2026:02:05:37 +0200] "GET /x.php HTTP/1.1" 422 0 "-" "-" show less	Hacking Web App Attack
🇵🇹 rncbc	2026-06-26 00:00:51 (8 hours ago)	[Fri Jun 26 01:00:46.345810 2026] [authz_core:error] [pid 1642896:tid 1642896] [client 20.215.65.22: ... show more [Fri Jun 26 01:00:46.345810 2026] [authz_core:error] [pid 1642896:tid 1642896] [client 20.215.65.22:54283] AH01630: client denied by server configuration: /srv/www/vhosts/rncbc/wp-content [Fri Jun 26 01:00:46.428325 2026] [authz_core:error] [pid 1642896:tid 1642896] [client 20.215.65.22:54283] AH01630: client denied by server configuration: /srv/www/vhosts/rncbc/this_is_a_new_hello_world.php [Fri Jun 26 01:00:46.496764 2026] [authz_core:error] [pid 1642896:tid 1642896] [client 20.215.65.22:54283] AH01630: client denied by server configuration: /srv/www/vhosts/rncbc/mass.php ... show less	Brute-Force Bad Web Bot Web App Attack SSH
🇩🇪 roxyapi	2026-06-25 23:36:18 (8 hours ago)	Honeypot: automated vulnerability scan / web app attack. Last probe: GET /c55cdler.php	Web App Attack Bad Web Bot
🇮🇳 dineshskt4all	2026-06-25 23:27:27 (8 hours ago)	[Thu Jun 25 23:27:23.589286 2026] [proxy_fcgi:error] [pid 2321491:tid 138343799035584] [client 20.21 ... show more [Thu Jun 25 23:27:23.589286 2026] [proxy_fcgi:error] [pid 2321491:tid 138343799035584] [client 20.215.65.22:0] AH01071: Got error 'Primary script unknown' ... show less	Brute-Force
🇺🇸 ph	2026-06-25 23:24:25 (8 hours ago)	Bad web bot attempting to run wp-content on non-WP site	Hacking Bad Web Bot Web App Attack
🇫🇷 tilellit.pro	2026-06-25 23:15:03 (8 hours ago)	Fail2Ban banned 20.215.65.22 for security violations in jail nginx-aggressive. Log: 2026/06/25 23:15 ... show more Fail2Ban banned 20.215.65.22 for security violations in jail nginx-aggressive. Log: 2026/06/25 23:15:02 [error] directory index of [REDACTED] is forbidden, client: 20.215.65.22, server: [REDACTED], request: "GET //wp-includes/js/jquery/ HTTP/2.0", host: [REDACTED] 2026/06/25 23:15:03 [error] directory index of [REDACTED] is forbidden, client: 20.215.65.22, server: [REDACTED], request: "GET //wp-includes/css/dist/ HTTP/2.0", host: [REDACTED] ... show less	Bad Web Bot Web App Attack
🇩🇪 netclix.gr	2026-06-25 23:07:49 (9 hours ago)	(aggressive_scan) Aggressive Web Exploit Scan 20.215.65.22 (PL/Poland/-): 5 in the last 4600 secs; P ... show more (aggressive_scan) Aggressive Web Exploit Scan 20.215.65.22 (PL/Poland/-): 5 in the last 4600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 20.215.65.22 - - [26/Jun/2026:02:05:28 +0300] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 808 "-" "-" 20.215.65.22 - - [26/Jun/2026:02:05:29 +0300] "GET /this_is_a_new_hello_world.php HTTP/1.1" 404 808 "-" "-" 20.215.65.22 - - [26/Jun/2026:02:05:29 +0300] "GET /mass.php HTTP/1.1" 404 808 "-" "-" 20.215.65.22 - - [26/Jun/2026:02:05:29 +0300] "GET /spawns.php?p= HTTP/1.1" 404 808 "-" "-" 20.215.65.22 - - [26/Jun/2026:02:05:30 +0300] "GET /3PJcpMFsD8B.php HTTP/1.1" 404 808 "-" "-" show less	Port Scan
🇳🇱 Roderic	2026-06-25 23:01:05 (9 hours ago)	(wordpress-404) Searching for non-existent wordpress installs from 20.215.65.22 (PL/Poland/Mazovia/W ... show more (wordpress-404) Searching for non-existent wordpress installs from 20.215.65.22 (PL/Poland/Mazovia/Warsaw/-/[redacted]) show less	Brute-Force
🇨🇿 huginet	2026-06-25 22:58:10 (9 hours ago)	20.215.65.22 - - [26/Jun/2026:00:58:02 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php ... show more 20.215.65.22 - - [26/Jun/2026:00:58:02 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 82727 "-" "-" 20.215.65.22 - - [26/Jun/2026:00:58:09 +0200] "GET /this_is_a_new_hello_world.php HTTP/1.1" 404 82705 "-" "-" ... show less	Web Spam Web App Attack

Showing 1 to 15 of 258 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 74.124.170.99

🇷🇺 217.12.75.108

🇨🇳 175.178.64.153

🇺🇬 154.72.201.206

🇨🇳 139.170.73.149

🇮🇩 125.166.118.193

🇵🇰 124.29.226.235

🇸🇬 47.84.30.250

🇸🇨 41.86.34.139

🇦🇷 38.183.82.178

🇨🇴 38.156.13.6

🇨🇳 222.176.200.160

🇨🇳 202.46.62.117

🇯🇵 160.248.75.84

🇺🇸 147.185.132.233

🇰🇷 121.184.144.232

🇨🇳 120.36.16.61

🇨🇳 118.212.120.217

🇸🇬 116.88.116.62

🇺🇸 96.236.32.198