JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.9.25.20

20.9.25.20 was found in our database!

This IP was reported 291 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.9.25.20

Whois 20.9.25.20

IP Abuse Reports for 20.9.25.20:

This IP address has been reported a total of 291 times from 235 distinct sources. 20.9.25.20 was first reported on June 16th 2026, and the most recent report was 5 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇱🇹 NotACaptcha	2026-06-18 01:15:39 (5 minutes ago)	webserver:80 [18/Jun/2026] "GET /z60.php HTTP/1.1" 404 155 webserver:80 [18/Jun/2026] "GET /222.ph ... show more webserver:80 [18/Jun/2026] "GET /z60.php HTTP/1.1" 404 155 webserver:80 [18/Jun/2026] "GET /222.php HTTP/1.1" 404 155 webserver:80 [18/Jun/2026] "GET /click.php HTTP/1.1" 404 155 webserver:80 [18/Jun/2026] "GET /jj.php HTTP/1.1" 404 155 webserver:80 [18/Jun/2026] "GET /this_is_a_new_hello_world.php HTTP/1.1" 404 155 webserver:80 [18/Jun/2026] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 341 show less	Web App Attack
🇭🇺 IloGus	2026-06-18 01:13:57 (7 minutes ago)	[Laravel HoneypotPlus] Automated report - Honeypot access detected on path: /wp-content/uploads/ via ... show more [Laravel HoneypotPlus] Automated report - Honeypot access detected on path: /wp-content/uploads/ via rule: /wp-content show less	Web App Attack Brute-Force Port Scan
🇫🇷 EDSL	2026-06-18 01:11:51 (9 minutes ago)	[mail.edsl.fr] Blocked by SysWarden Firewall (Web Attack)	Web App Attack Hacking Port Scan
🇺🇸 masterguru	2026-06-18 01:10:51 (10 minutes ago)	Too much 404 requests in 1 hour. Operator GE matched 50 at IP:block_script. (4002-169)	Hacking Web App Attack
🇺🇸 mnsf	2026-06-18 01:09:20 (12 minutes ago)	Too many Status 40X (60) Request Overload (127)	Brute-Force Web App Attack
🇮🇪 AutosOnShow	2026-06-18 00:46:04 (35 minutes ago)	blocked for webapp attack \| path requested: /x.php \| seen at 2026-06-18 00:45:26.062 \|	Web App Attack
🇩🇪 webanyone	2026-06-18 00:45:31 (35 minutes ago)	Apache web server attack detected by Fail2Ban in plesk-apache jail	Web App Attack
🇳🇱 cybertailor	2026-06-18 00:35:11 (46 minutes ago)	20.9.25.20 - - [18/Jun/2026:05:35:08 +0500] "GET /wp-content/plugins/hellopress/wp_filemanager.php H ... show more 20.9.25.20 - - [18/Jun/2026:05:35:08 +0500] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 146 "-" "-" 20.9.25.20 - - [18/Jun/2026:05:35:08 +0500] "GET /this_is_a_new_hello_world.php HTTP/1.1" 404 146 "-" "-" 20.9.25.20 - - [18/Jun/2026:05:35:08 +0500] "GET /jj.php HTTP/1.1" 404 146 "-" "-" 20.9.25.20 - - [18/Jun/2026:05:35:09 +0500] "GET /click.php HTTP/1.1" 404 146 "-" "-" 20.9.25.20 - - [18/Jun/2026:05:35:09 +0500] "GET /222.php HTTP/1.1" 404 146 "-" "-" ... show less	Port Scan
🇬🇧 cybersteve99	2026-06-18 00:32:08 (49 minutes ago)	Too many 4xx Requests -	Brute-Force Web App Attack
🇷🇴 iulianh	2026-06-18 00:32:05 (49 minutes ago)	*	Brute-Force SSH
🇪🇸 alferez	2026-06-18 00:18:41 (1 hour ago)	Searching hacked php files	Hacking Exploited Host Web App Attack
🇫🇷 bellovacorp	2026-06-18 00:18:06 (1 hour ago)	[CrowdSec/Noliae] noliae-threat-intel	Hacking
🇩🇪 Philister11	2026-06-18 00:18:00 (1 hour ago)	CrowdSec: crowdsecurity/http-probing (US/AS8075)	Web App Attack Hacking
🇫🇷 guillaume illien	2026-06-18 00:07:50 (1 hour ago)	20.9.25.20 - - [18/Jun/2026:00:07:42 +0000] "GET //a1.php HTTP/1.1" 301 178 "-" "-" 20.9.25.20 - - [ ... show more 20.9.25.20 - - [18/Jun/2026:00:07:42 +0000] "GET //a1.php HTTP/1.1" 301 178 "-" "-" 20.9.25.20 - - [18/Jun/2026:00:07:45 +0000] "GET /wp-includes/Text/Diff/Engine/about.php HTTP/1.1" 301 178 "-" "-" 20.9.25.20 - - [18/Jun/2026:00:07:46 +0000] "GET /bal.php HTTP/1.1" 301 178 "-" "-" 20.9.25.20 - - [18/Jun/2026:00:07:47 +0000] "GET //cgi-bin/admin.php HTTP/1.1" 301 178 "-" "-" 20.9.25.20 - - [18/Jun/2026:00:07:48 +0000] "GET /gettest.php HTTP/1.1" 301 178 "-" "-" 20.9.25.20 - - [18/Jun/2026:00:07:49 +0000] "GET //wp-content/BypassBest.php HTTP/1.1" 301 178 "-" "-" 20.9.25.20 - - [18/Jun/2026:00:07:49 +0000] "GET /wp-content/ HTTP/1.1" 301 178 "-" "-" ... show less	Hacking Brute-Force Web App Attack SSH
Anonymous	2026-06-18 00:04:06 (1 hour ago)	Web probing activity	Hacking Web App Attack

Showing 1 to 15 of 291 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇵🇰 202.69.36.158

🇺🇸 165.154.182.230

🇺🇸 144.202.92.17

🇸🇬 144.48.6.26

🇺🇸 135.237.127.82

🇸🇬 107.155.56.47

🇰🇪 102.210.149.105

🇫🇷 85.217.140.38

🇺🇸 66.132.153.48

🇸🇬 47.82.8.174

🇲🇦 41.250.170.159

🇺🇸 18.119.209.50

🇷🇴 2.57.122.177

🇧🇷 201.17.133.138

🇺🇸 198.62.3.155

🇧🇷 187.110.233.23

🇨🇦 149.88.98.5

🇨🇳 113.140.22.110

🇧🇬 79.124.62.230

🇺🇸 54.193.126.38