JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.9.46.138

20.9.46.138 was found in our database!

This IP was reported 171 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.9.46.138

Whois 20.9.46.138

IP Abuse Reports for 20.9.46.138:

This IP address has been reported a total of 171 times from 148 distinct sources. 20.9.46.138 was first reported on June 1st 2026, and the most recent report was 21 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-01 08:01:00 (3 days ago)	Too many successive quick attempts with error status 301, 404, 405, 444, 403 or 400	Bad Web Bot
🇩🇪 Martin Lundstrom	2026-06-01 08:00:26 (3 days ago)	https://www.eagleeye-intelligence.com — Webshell scan (3+ hits). Automatically detected and blocked.	Web App Attack
🇩🇪 LRob.fr	2026-06-01 08:00:09 (3 days ago)	Repeated 403 errors, blocked by Fail2ban in custom-403 jail	Bad Web Bot
Anonymous	2026-06-01 08:00:06 (3 days ago)	(mod_security) mod_security triggered on hostname [redacted] 20.9.46.138 (US/United States/-)	SQL Injection
🇫🇷 mrcrassi	2026-06-01 07:55:22 (3 days ago)	Triggered Cloudflare WAF (botFight) from US. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET ... show more Triggered Cloudflare WAF (botFight) from US. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: /wp-content/themes/seotheme/mar.php UA: Empty string This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇦 URAN Publishing Service	2026-06-01 07:55:03 (3 days ago)	20.9.46.138 - - [01/Jun/2026:10:55:01 +0300] "GET /wp-content/plugins/hellopress/wp_filemanager.php ... show more 20.9.46.138 - - [01/Jun/2026:10:55:01 +0300] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 3328 "-" "-" 20.9.46.138 - - [01/Jun/2026:10:55:02 +0300] "GET /wp-includes/Text/Diff/Engine/index.php HTTP/1.1" 404 650 "-" "-" ... show less	Web App Attack
🇺🇸 Operator873	2026-06-01 07:54:30 (3 days ago)	2026/06/01 02:49:27 [error] 1423675#0: 3521793 access forbidden by rule, client: 20.9.46.138, serve ... show more 2026/06/01 02:49:27 [error] 1423675#0: 3521793 access forbidden by rule, client: 20.9.46.138, server: [OBFUSCATED], request: "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1", host: "[OBFUSCATED]" 2026/06/01 02:49:27 [error] 1423675#0: 3521793 access forbidden by rule, client: 20.9.46.138, server: [OBFUSCATED], request: "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1", host: "[OBFUSCATED]" 2026/06/01 02:49:27 [error] 1423675#0: 3521793 access forbidden by rule, client: 20.9.46.138, server: [OBFUSCATED], request: "GET /wk/index.php HTTP/1.1", host: "[OBFUSCATED]" 2026/06/01 02:49:27 [error] 1423675#0: 3521793 access forbidden by rule, client: 20.9.46.138, server: [OBFUSCATED], request: "GET /wk/index.php HTTP/1.1", host: "[OBFUSCATED]" 2026/06/01 02:54:27 [error] 1423675#0: 3521971 access forbidden by rule, client: 20.9.46.138, server: [OBFUSCATED], request: "GET /themes.php HTTP/1.1", host: "support.873gear. ... show less	Brute-Force Web App Attack
Anonymous	2026-06-01 07:54:03 (3 days ago)	Bot / scanning and/or hacking attempts: GET /wp-includes/admiin.php HTTP/1.1, GET /wp-content/wp-con ... show more Bot / scanning and/or hacking attempts: GET /wp-includes/admiin.php HTTP/1.1, GET /wp-content/wp-conflg.php HTTP/1.1, GET /xmlrpc.php HTTP/1.1, GET /upload/login.php HTTP/1.1, GET /css/admin.php HTTP/1.1, GET /wp-includes/SimplePie/about.php HTTP/1.1, GET /moon.php HTTP/1.1, GET /ini.php HTTP/1.1, GET /ab.php HTTP/1.1, GET /themes.php HTTP/1.1, GET /wp-content/uploads/about.php HTTP/1.1, GET /en HTTP/1.1 show less	Hacking Web App Attack
🇫🇷 masterguru	2026-06-01 07:52:14 (3 days ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 20.9.46.138 (US/United States/-): 1 i ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 20.9.46.138 (US/United States/-): 1 in the last 3600 secs (0-197) show less	Hacking
🇨🇦 Mediashaker	2026-06-01 07:52:12 (3 days ago)	(apache-scanners) Failed apache-scanners trigger with match [redacted] from 20.9.46.138 (US/United S ... show more (apache-scanners) Failed apache-scanners trigger with match [redacted] from 20.9.46.138 (US/United States/-) show less	Port Scan
Anonymous	2026-06-01 07:48:48 (3 days ago)	[ns65.kdns.gr] httpd-suspicious-path: sites=dconsultance.gr; logs=/var/log/httpd/domains/dconsultanc ... show more [ns65.kdns.gr] httpd-suspicious-path: sites=dconsultance.gr; logs=/var/log/httpd/domains/dconsultance.gr.log; samples=/wp-content/plugins/hellopress/wp_filemanager.php \| /wp-includes/Text/Diff/Engine/index.php \| /wp-includes/IXR/about.php show less	Hacking Web App Attack
🇫🇷 conseilgouz	2026-06-01 07:47:05 (3 days ago)	upe-7 : Trying access unauthorized files/dir=>/wp-content/plugins/hellopress/wp_filemanager.php	Hacking
🇨🇦 polycoda	2026-06-01 07:46:56 (3 days ago)	AutoBlock: 🎯 Vulnerability Scanner (Non Decay-Based) - ⚙️ Configuration File Access (Non Decay-Based ... show more AutoBlock: 🎯 Vulnerability Scanner (Non Decay-Based) - ⚙️ Configuration File Access (Non Decay-Based) - 📂 Directory Listings (Decay-Based) show less	Hacking Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2026-06-01 07:46:41 (3 days ago)	Attempted access to sensitive endpoint (/wp-content/plugins/hellopress/wp_filemanager.php) detected. ... show more Attempted access to sensitive endpoint (/wp-content/plugins/hellopress/wp_filemanager.php) detected. Automated scan or unauthorized probing. show less	Web App Attack
🇨🇭 4server	2026-06-01 07:45:29 (3 days ago)	[MonJun0109:45:23.2064982026][security2:error][pid3721264:tid3721668][client20.9.46.138:0]ModSecurit ... show more [MonJun0109:45:23.2064982026][security2:error][pid3721264:tid3721668][client20.9.46.138:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"367\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"webmail.hosting-ticino-svizzera.ch\"][uri\"/xmlrpc.php\"][unique_id\"ah04kzDoyo-yazXPxdUNEgAAANc\"] show less	Hacking Web App Attack

Showing 121 to 135 of 171 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 202.9.122.142

🇨🇳 175.178.163.18

🇺🇸 162.216.150.17

🇺🇸 129.121.102.3

🇧🇷 129.121.54.208

🇬🇦 102.142.103.32

🇷🇴 80.94.92.168

🇺🇸 216.25.89.67

🇲🇦 196.92.7.247

🇲🇽 187.190.35.163

🇨🇳 112.103.194.58

🇮🇳 106.192.70.30

🇮🇩 103.186.59.150

🇸🇬 8.222.174.150

🇨🇳 221.228.203.3

🇲🇽 186.96.145.241

🇺🇸 66.132.186.245

🇮🇱 62.219.224.219

🇩🇪 54.37.74.179

🇯🇵 45.252.188.23