JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.9.46.138

20.9.46.138 was found in our database!

This IP was reported 171 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.9.46.138

Whois 20.9.46.138

IP Abuse Reports for 20.9.46.138:

This IP address has been reported a total of 171 times from 148 distinct sources. 20.9.46.138 was first reported on June 1st 2026, and the most recent report was 22 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇦 URAN Publishing Service	2026-06-01 12:24:43 (2 days ago)	20.9.46.138 - - [01/Jun/2026:15:24:42 +0300] "GET /wp-content/plugins/hellopress/wp_filemanager.php ... show more 20.9.46.138 - - [01/Jun/2026:15:24:42 +0300] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 704 "-" "-" ... show less	Web App Attack
🇩🇪 yvoictra	2026-06-01 12:17:49 (2 days ago)	20.9.46.138 - - [01/Jun/2026:14:12:38 +0200] "GET /wp-includes/IXR/about.php HTTP/1.1" 404 25769 "-" ... show more 20.9.46.138 - - [01/Jun/2026:14:12:38 +0200] "GET /wp-includes/IXR/about.php HTTP/1.1" 404 25769 "-" "-" 20.9.46.138 - - [01/Jun/2026:14:12:39 +0200] "GET /403.php HTTP/1.1" 404 25769 "-" "-" 20.9.46.138 - - [01/Jun/2026:14:12:39 +0200] "GET /123.php HTTP/1.1" 404 25769 "-" "-" 20.9.46.138 - - [01/Jun/2026:14:12:40 +0200] "GET /dropdown.php HTTP/1.1" 404 25769 "-" "-" 20.9.46.138 - - [01/Jun/2026:14:12:41 +0200] "GET /wp-admin/user/xmrlpc.php HTTP/1.1" 404 25769 "-" "-" 20.9.46.138 - - [01/Jun/2026:14:12:41 +0200] "GET /mar.php HTTP/1.1" 404 25769 "-" "-" 20.9.46.138 - - [01/Jun/2026:14:12:43 +0200] "GET /wp-includes/css.php HTTP/1.1" 404 25769 "-" "-" 20.9.46.138 - - [01/Jun/2026:14:12:44 +0200] "GET /wp-content/uploads/about.php HTTP/1.1" 404 25769 "-" "-" 20.9.46.138 - - [01/Jun/2026:14:12:45 +0200] "GET /xml.php HTTP/1.1" 404 25746 "-" "-" 20.9.46.138 - - [01/Jun/2026:14:12:46 +0200] "GET /wp-admin/images/profile.php HTTP/1.1" 404 25769 "-" "-" 20.9.46.138 - - [01/Jun/2026:14:12:47 ... show less	Brute-Force Web App Attack
🇩🇪 bescared	2026-06-01 12:03:00 (2 days ago)	WAF (2)	Bad Web Bot Web App Attack
🇩🇪 rico-j.de	2026-06-01 11:53:27 (2 days ago)	2026/06/01 13:53:24 [error] 2024507#2024507: 712465 open() "/var/www/rico-j.de/cgi-bin/xmrlpc.php" ... show more 2026/06/01 13:53:24 [error] 2024507#2024507: 712465 open() "/var/www/rico-j.de/cgi-bin/xmrlpc.php" failed (2: No such file or directory), client: 20.9.46.138, server: rico-j.de, request: "GET /cgi-bin/xmrlpc.php HTTP/1.1", host: "smtp.rico-j.de" 2026/06/01 13:53:27 [error] 2024507#2024507: *712465 "/var/www/rico-j.de/cgi-bin/index.html" is not found (2: No such file or directory), client: 20.9.46.138, server: rico-j.de, request: "GET /cgi-bin/ HTTP/1.1", host: "smtp.rico-j.de" ... show less	Bad Web Bot
🇩🇪 tvipper.com	2026-06-01 11:51:47 (2 days ago)	Auto reported by IDS	Brute-Force
Anonymous	2026-06-01 11:47:22 (2 days ago)	20.9.46.138 - - [01/Jun/2026:19:47:21 +0800] "GET /xmlrpc.php HTTP/1.1" 200 69061 "-" "-" ...	Bad Web Bot Web App Attack
🇫🇷 GoodOldTOS	2026-06-01 11:28:42 (2 days ago)	Bad keywords detected in request: /wp-content/	Web App Attack
🇫🇷 ELYAZ	2026-06-01 11:28:10 (2 days ago)	(y3) Failed access -byebye- from 20.9.46.138 (US/United States/-): (CF_ENABLE)	Hacking
Anonymous	2026-06-01 11:28:10 (2 days ago)	20.9.46.138 - - [01/Jun/2026:11:28:07 +0000] "GET /cgi-bin/xmrlpc.php HTTP/1.1" 404 146 "-" "-" "-" ... show more 20.9.46.138 - - [01/Jun/2026:11:28:07 +0000] "GET /cgi-bin/xmrlpc.php HTTP/1.1" 404 146 "-" "-" "-" 20.9.46.138 - - [01/Jun/2026:11:28:09 +0000] "GET /cgi-bin/ HTTP/1.1" 404 146 "-" "-" "-" ... show less	Port Scan Hacking Bad Web Bot
🇺🇸 lavnet.net	2026-06-01 11:28:08 (2 days ago)	20.9.46.138 - - [01/Jun/2026:11:28:04 +0000] "GET /wp-content/plugins/hellopress/wp_filemanager.php ... show more 20.9.46.138 - - [01/Jun/2026:11:28:04 +0000] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 332 "-" "-" 20.9.46.138 - - [01/Jun/2026:11:28:06 +0000] "GET /wk/index.php HTTP/1.1" 404 332 "-" "-" 20.9.46.138 - - [01/Jun/2026:11:28:08 +0000] "GET /wp-includes/Text/Diff/Engine/index.php HTTP/1.1" 404 332 "-" "-" ... show less	Web App Attack
🇩🇪 paissangroup	2026-06-01 11:18:39 (2 days ago)	Multiple WAF Violations	Web App Attack
Anonymous	2026-06-01 11:16:26 (2 days ago)	XSS Attempt	Hacking
🇮🇹 alessio loto	2026-06-01 11:13:39 (2 days ago)	WAF Detection: Empty_UserAgent (High Risk IP). AI Confirmed Attack Payload.	Web App Attack
🇦🇹 penguin-solutions.at	2026-06-01 11:07:47 (2 days ago)	Excessive 403/404 errors ...	Brute-Force Web App Attack
🇩🇪 R.G.	2026-06-01 11:05:40 (2 days ago)	(ScanningForFiles) Scanning for files triggerd 20.9.46.138 (US/United States/-): 10 in the last 900 ... show more (ScanningForFiles) Scanning for files triggerd 20.9.46.138 (US/United States/-): 10 in the last 900 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack

Showing 31 to 45 of 171 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇻🇪 190.198.19.198

🇮🇳 103.91.246.101

🇬🇧 2a06:4880:c000::e6

🇲🇽 189.182.241.59

🇺🇸 185.96.37.47

🇺🇸 138.59.6.129

🇸🇬 129.227.69.202

🇲🇾 121.122.119.170

🇨🇳 120.48.141.101

🇨🇳 106.13.122.214

🇨🇦 85.217.149.19

🇷🇴 80.94.92.171

🇧🇷 45.179.216.18

🇳🇱 45.148.10.152

🇳🇱 45.94.31.222

🇦🇿 5.178.10.59

🇩🇪 185.110.191.212

🇮🇳 160.238.73.9

🇨🇳 116.168.33.91

🇳🇬 102.88.137.213