JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.195.192.35

20.195.192.35 was found in our database!

This IP was reported 306 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇧🇷 Brazil
City	Campinas, Sao Paulo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.195.192.35

Whois 20.195.192.35

IP Abuse Reports for 20.195.192.35:

This IP address has been reported a total of 306 times from 249 distinct sources. 20.195.192.35 was first reported on May 24th 2026, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-05-24 12:46:35 (1 week ago)	Repeated unauthorized connection attempts to restricted service observed.	Port Scan Hacking Bad Web Bot Web App Attack
Anonymous	2026-05-24 12:45:21 (1 week ago)	IP banned by Fail2Ban in jail nginx-abusive-ips	Web App Attack Brute-Force Bad Web Bot
🇮🇩 soc-yk	2026-05-24 12:45:09 (1 week ago)	Type: exploitation_attempt Threat: public_web_exploitation_scanner Risk: 100 Events: 162 Evidence: ... show more Type: exploitation_attempt Threat: public_web_exploitation_scanner Risk: 100 Events: 162 Evidence: - Repeated exploitation attempts detected - Malicious infrastructure behavior observed show less	Web App Attack Hacking
Anonymous	2026-05-24 12:45:04 (1 week ago)	20.195.192.35 - - [24/May/2026:07:44:43 -0500] "GET /wp-content/plugins/hellopress/wp_filemanager.ph ... show more 20.195.192.35 - - [24/May/2026:07:44:43 -0500] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.0" 403 199 "-" "-" 20.195.192.35 - - [24/May/2026:07:44:43 -0500] "GET /x.php HTTP/1.0" 403 199 "-" "-" 20.195.192.35 - - [24/May/2026:07:44:44 -0500] "GET /201.php HTTP/1.0" 403 199 "-" "-" 20.195.192.35 - - [24/May/2026:07:44:45 -0500] "GET /ops.php HTTP/1.0" 403 199 "-" "-" 20.195.192.35 - - [24/May/2026:07:44:45 -0500] "GET /samll.php HTTP/1.0" 403 199 "-" "-" 20.195.192.35 - - [24/May/2026:07:44:45 -0500] "GET /ingfo.php HTTP/1.0" 403 199 "-" "-" 20.195.192.35 - - [24/May/2026:07:44:46 -0500] "GET /c55cdler.php HTTP/1.0" 403 199 "-" "-" 20.195.192.35 - - [24/May/2026:07:44:46 -0500] "GET /xenon1337.php HTTP/1.0" 403 199 "-" "-" 20.195.192.35 - - [24/May/2026:07:44:47 -0500] "GET /alfa403.php HTTP/1.0" 403 199 "-" "-" 20.195.192.35 - - [24/May/2026:07:44:47 -0500] "GET /test11.php HTTP/1.0" 403 199 "-" "-" 20.195.192.35 - - [24/May/2026:07:44:47 -0500] "GET /koala.php HTTP/1 ... show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Trueforce Threat Report	2026-05-24 12:45:03 (1 week ago)	Automated report, trolling for resource vulnerabilities	Bad Web Bot Web App Attack
🇳🇱 ParaBug	2026-05-24 12:43:45 (1 week ago)	20.195.192.35 - - [24/May/2026:14:43:44 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.ph ... show more 20.195.192.35 - - [24/May/2026:14:43:44 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 403 384 "-" "-" ... show less	Phishing Brute-Force Web App Attack
🇵🇹 rncbc	2026-05-24 12:40:51 (1 week ago)	[Sun May 24 13:40:50.555977 2026] [authz_core:error] [pid 58394:tid 58394] [client 20.195.192.35:815 ... show more [Sun May 24 13:40:50.555977 2026] [authz_core:error] [pid 58394:tid 58394] [client 20.195.192.35:8155] AH01630: client denied by server configuration: /srv/www/vhosts/rncbc/wp-content [Sun May 24 13:40:50.763601 2026] [authz_core:error] [pid 58394:tid 58394] [client 20.195.192.35:8155] AH01630: client denied by server configuration: /srv/www/vhosts/rncbc/x.php [Sun May 24 13:40:50.964888 2026] [authz_core:error] [pid 58394:tid 58394] [client 20.195.192.35:8155] AH01630: client denied by server configuration: /srv/www/vhosts/rncbc/201.php ... show less	Brute-Force Bad Web Bot Web App Attack SSH
🇺🇸 antlac1	2026-05-24 12:40:38 (1 week ago)	crowdsecurity/http-probing	Brute-Force Web App Attack
🇬🇧 venus.launch.bz	2026-05-24 12:40:01 (1 week ago)	(wpscan) WordPress probe detected from 20.195.192.35 (BR/Brazil/-)	Hacking
🇧🇷 Halux	2026-05-24 12:37:48 (1 week ago)	20.195.192.35 Probing protected path or service	Web App Attack
🇫🇷 viki53	2026-05-24 12:35:32 (1 week ago)	Website hacking attempt (path: /wp-content/plugins/hellopress/wp_filemanager.php)	Hacking Web App Attack
🇧🇪 taivas.nl	2026-05-24 12:32:09 (1 week ago)	Bad_requests	Bad Web Bot
🇩🇪 macrob	2026-05-24 12:32:08 (1 week ago)	2026/05/24 12:32:01 [error] 3436708#3436708: 252786899 access forbidden by rule, client: 20.195.192 ... show more 2026/05/24 12:32:01 [error] 3436708#3436708: 252786899 access forbidden by rule, client: 20.195.192.35, server: finami.es, request: "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/2.0", host: "finami.es" 2026/05/24 12:32:06 [error] 3436713#3436713: 252786922 access forbidden by rule, client: 20.195.192.35, server: finami.es, request: "GET /wp-includes/blocks/post-comments-form/ HTTP/2.0", host: "finami.es" 2026/05/24 12:32:06 [error] 3436713#3436713: 252786935 access forbidden by rule, client: 20.195.192.35, server: finami.es, request: "GET /wp-admin/js/ HTTP/2.0", host: "finami.es" ... show less	Web App Attack
🇩🇪 R.G.	2026-05-24 12:31:06 (1 week ago)	(ScanningForFiles) Scanning for files triggerd 20.195.192.35 (BR/Brazil/-): 10 in the last 600 secs; ... show more (ScanningForFiles) Scanning for files triggerd 20.195.192.35 (BR/Brazil/-): 10 in the last 600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
🇫🇷 phoenix1jl96	2026-05-24 12:30:40 (1 week ago)	2026/05/24 14:30:04 [error] 2308550#2308550: 278677 open() "/home/user-data/www/default/cgi-bin/ind ... show more 2026/05/24 14:30:04 [error] 2308550#2308550: 278677 open() "/home/user-data/www/default/cgi-bin/index.php" failed (2: No such file or directory), client: 20.195.192.35, server: mta-sts.hvn-pbs.ledemon.us, request: "GET //cgi-bin/index.php HTTP/1.1", host: "mta-sts.hvn-pbs.ledemon.us" 2026/05/24 14:30:08 [error] 2308550#2308550: *278677 open() "/home/user-data/www/default/cgi-bin/admin.php" failed (2: No such file or directory), client: 20.195.192.35, server: mta-sts.hvn-pbs.ledemon.us, request: "GET //cgi-bin/admin.php HTTP/1.1", host: "mta-sts.hvn-pbs.ledemon.us" ... show less	DNS Compromise DNS Poisoning DDoS Attack Ping of Death Web Spam Email Spam Blog Spam Port Scan Hacking Brute-Force Bad Web Bot SSH Web App Attack

Showing 211 to 225 of 306 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇪🇹 196.189.236.162

🇧🇷 179.184.242.48

🇳🇱 176.65.148.156

🇺🇸 147.185.132.158

🇮🇳 103.190.7.203

🇧🇪 198.235.24.215

🇧🇷 177.234.161.72

🇮🇹 158.47.242.106

🇩🇪 151.243.11.248

🇳🇱 89.21.67.169

🇱🇹 62.60.130.31

🇬🇧 35.203.210.113

🇵🇱 212.87.243.112

🇮🇳 125.99.178.4

🇨🇳 124.221.121.246

🇨🇭 85.5.148.125

🇺🇸 71.6.237.117

🇲🇾 47.250.151.47

🇺🇸 45.156.129.57

🇳🇱 45.148.10.147