JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 209.99.187.20

209.99.187.20 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 67%: ?

67%

ISP	SKN Subnet & Telecom Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS402253
Domain Name	skntelecom.com
Country	🇨🇭 Switzerland
City	Zurich, Zurich

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 209.99.187.20

Whois 209.99.187.20

IP Abuse Reports for 209.99.187.20:

This IP address has been reported a total of 12 times from 12 distinct sources. 209.99.187.20 was first reported on June 5th 2026, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 sdos.es	2026-06-07 11:36:06 (1 hour ago)	"Remote Command Execution: Windows Command Injection - Matched Data: { date download_url found withi ... show more "Remote Command Execution: Windows Command Injection - Matched Data: { date download_url found within ARGS:query: {customerDownloadableProducts { items { date download_url}} }" show less	Web App Attack
🇬🇧 consul.to	2026-06-07 00:41:25 (12 hours ago)	Web attack/malicious scanning detected	Web App Attack
🇬🇧 prime_fusion_ld	2026-06-07 00:28:49 (12 hours ago)	Blocked by CSF/LFD on vps.primefusion.co.uk. Trigger: 1 Ports: *	Port Scan
🇺🇸 VanKoh	2026-06-07 00:23:51 (12 hours ago)	209.99.187.20 - - [06/Jun/2026:18:23:50 -0600] "GET / HTTP/1.1" 200 627 "-" "Mozilla/5.0 (Macintosh; ... show more 209.99.187.20 - - [06/Jun/2026:18:23:50 -0600] "GET / HTTP/1.1" 200 627 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/601.4.4 (KHTML, like Gecko) Version/9.0.3 Safari/537.86.4" 209.99.187.20 - - [06/Jun/2026:18:23:50 -0600] "GET / HTTP/1.1" 200 627 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0" 209.99.187.20 - - [06/Jun/2026:18:23:50 -0600] "POST /s/sfsites/aura HTTP/1.1" 500 170 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:135.0) Gecko/20100101 Firefox/135.0" ... show less	Port Scan Web App Attack
🇺🇸 Rip	2026-06-06 13:03:48 (23 hours ago)	Joomla Admin Panel Probes	Port Scan Web App Attack
🇫🇷 bazter.pro	2026-06-06 09:04:29 (1 day ago)	Auto-Ban [2026-06-06 12:04:29]: CRITICAL: Exploit trap paths (4); DC: SKN Subnet & Telecom Ltd [Path ... show more Auto-Ban [2026-06-06 12:04:29]: CRITICAL: Exploit trap paths (4); DC: SKN Subnet & Telecom Ltd [Paths: 39] \| Details: Exploit trap paths: /wp-content/plugins/woocommerce-payments/readme.txt, /wp-content/plugins/woocommerce/readme.txt, /xmlrpc.php, /xmlrpc.php?rsd \| Sensitive files/paths: /xmlrpc.php, /xmlrpc.php?rsd \| 404 errors (37): /_fragment, /wp/, /bitrix/panel/, /wp-json/, /cart.php, /themes/classic/assets/js/app.js, /%3f, /OA_HTML/AppsLogin, /sitemap.xml, /api/status (and 26 more) \| Other paths: /?feed=rss2, /, /?rest_route=/ show less	Web App Attack Hacking
🇺🇸 abenage	2026-06-06 08:36:05 (1 day ago)	209.99.187.20 - - [06/Jun/2026:02:36:05 -0600] "GET /typo3/ HTTP/1.1" 404 564 "http://mailserver.[re ... show more 209.99.187.20 - - [06/Jun/2026:02:36:05 -0600] "GET /typo3/ HTTP/1.1" 404 564 "http://mailserver.[redacted]/typo3/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36" show less	Bad Web Bot Web App Attack
🇫🇷 Baking333	2026-06-06 08:30:07 (1 day ago)	[redacted] 209.99.187.20 - - [06/Jun/2026:09:27:34 +0100] "GET /wp-content/plugins/woocommerce-payme ... show more [redacted] 209.99.187.20 - - [06/Jun/2026:09:27:34 +0100] "GET /wp-content/plugins/woocommerce-payments/[redacted] HTTP/1.1" 200 166 0/45782 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:1.9.6.20) Gecko/ Firefox/3.6.6" [redacted] 209.99.187.20 - - [06/Jun/2026:09:30:06 +0100] "GET /wp-content/plugins/woocommerce/[redacted] HTTP/1.1" 200 166 0/34474 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15" show less	Bad Web Bot Web App Attack
🇺🇸 jfz-abuse	2026-06-06 08:29:59 (1 day ago)	fail2ban: apache-php-recon ...	Web App Attack
🇨🇭 Origon	2026-06-06 08:26:27 (1 day ago)	http-technology-probing - IP: 209.99.187.20 - time="2026-06-06T10:26:26+02:00" level=info msg="(555 ... show more http-technology-probing - IP: 209.99.187.20 - time="2026-06-06T10:26:26+02:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje) alert : crowdsecurity/http-technology-probing by ip 209.99.187.20 (US/0)" module=db show less	Web App Attack
🇳🇱 tmiland	2026-06-05 12:35:04 (2 days ago)	(wordpress_404) WordPress Plugins Honeypot Trap 209.99.187.20 (CH/Switzerland/-): 2 in the last 3600 ... show more (wordpress_404) WordPress Plugins Honeypot Trap 209.99.187.20 (CH/Switzerland/-): 2 in the last 3600 secs; IP: 209.99.187.20; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 209.99.187.20 - - [05/Jun/2026:14:29:28 +0200] "GET /wp-content/plugins/woocommerce-payments/readme.txt HTTP/1.1" 404 2992 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; WOW64; rv:41.0) Gecko/20100101 Firefox/140.0.2 (x64 de)" 209.99.187.20 - - [05/Jun/2026:14:35:00 +0200] "GET /wp-content/plugins/woocommerce/readme.txt HTTP/1.1" 404 2992 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:141.0) Gecko/20100101 Firefox/141.0" show less	Brute-Force
🇧🇪 Lunix	2026-06-05 12:23:34 (2 days ago)		Brute-Force Web App Attack

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2604:a880:400:d1:0:4:8bf8:2001

🇺🇸 195.184.76.122

🇺🇸 194.156.89.134

🇬🇧 193.163.125.35

🇺🇸 165.154.172.37

🇨🇳 106.12.215.233

🇧🇬 91.92.199.36

🇳🇱 45.148.10.152

🇳🇱 45.148.10.147

🇺🇸 40.124.173.160

🇨🇳 223.109.141.9

🇮🇩 203.2.151.28

🇩🇪 185.176.94.38

🇮🇶 185.166.25.150

🇨🇿 82.118.30.68

🇺🇸 47.251.55.135

🇳🇱 5.61.209.126

🇺🇸 2604:a880:400:d1:0:4:8bf8:7001

🇺🇸 2604:a880:400:d1:0:4:8bf3:7001

🇺🇸 2604:a880:400:d1:0:4:8bef:f001