JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.197.193.174

20.197.193.174 was found in our database!

This IP was reported 209 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇧🇷 Brazil
City	Campinas, Sao Paulo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.197.193.174

Whois 20.197.193.174

IP Abuse Reports for 20.197.193.174:

This IP address has been reported a total of 209 times from 176 distinct sources. 20.197.193.174 was first reported on May 31st 2026, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Hazzard	2026-05-31 19:47:35 (3 days ago)	(apache-empty-ua) Failed empty apache-ua trigger with match [redacted]): (CF_ENABLE)	Hacking
🇫🇷 LRNP	2026-05-31 19:46:46 (3 days ago)	_:80 20.197.193.174 - - [31/May/2026:19:46:44 +0000] "GET /wp-content/plugins/hellopress/wp_filemana ... show more _:80 20.197.193.174 - - [31/May/2026:19:46:44 +0000] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 146 "-" "-" _:80 20.197.193.174 - - [31/May/2026:19:46:44 +0000] "GET /ff.php HTTP/1.1" 404 146 "-" "-" _:80 20.197.193.174 - - [31/May/2026:19:46:44 +0000] "GET /x.php HTTP/1.1" 404 146 "-" "-" _:80 20.197.193.174 - - [31/May/2026:19:46:44 +0000] "GET /tires.php HTTP/1.1" 404 146 "-" "-" _:80 20.197.193.174 - - [31/May/2026:19:46:45 +0000] "GET /wp-block.php HTTP/1.1" 404 146 "-" "-" _:80 20.197.193.174 - - [31/May/2026:19:46:45 +0000] "GET /wp-der.php HTTP/1.1" 404 146 "-" "-" _:80 20.197.193.174 - - [31/May/2026:19:46:45 +0000] "GET /ah25.php HTTP/1.1" 404 146 "-" "-" _:80 20.197.193.174 - - [31/May/2026:19:46:45 +0000] "GET /inputs.php HTTP/1.1" 404 146 "-" "-" _:80 20.197.193.174 - - [31/May/2026:19:46:45 +0000] "GET /samll.php HTTP/1.1" 404 146 "-" "-" _:80 20.197.193.174 - - [31/May/2026:19:46:46 +0000] "GET /wp-admin/css/colors/blue/file.php HTTP/1.1" 404 14 ... show less	Bad Web Bot Web App Attack
Anonymous	2026-05-31 19:44:18 (3 days ago)	(PERMBLOCK) 20.197.193.174 (BR/Brazil/-) has had more than 4 temp blocks in the last 86400 secs; Por ... show more (PERMBLOCK) 20.197.193.174 (BR/Brazil/-) has had more than 4 temp blocks in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_PERMBLOCK_COUNT; Logs: show less	Port Scan
Anonymous	2026-05-31 19:39:06 (3 days ago)		DNS Compromise DDoS Attack
🇺🇸 Vianpyro	2026-05-31 19:37:43 (3 days ago)	Honeypot: 137 request(s) in 0 min. Paths: /wp-content/plugins/hellopress/wp_filemanager.php, /ff.php ... show more Honeypot: 137 request(s) in 0 min. Paths: /wp-content/plugins/hellopress/wp_filemanager.php, /ff.php, /x.php, /tires.php, /wp-block.php. Method(s): GET. ASN: 8075 (Microsoft Corporation). URL-encoding WAF evasion detected. show less	Web App Attack Bad Web Bot Brute-Force Hacking
Anonymous	2026-05-31 19:33:45 (3 days ago)	20.197.193.174 - - [01/Jun/2026:03:33:44 +0800] "GET /wp-links-opml.php HTTP/1.1" 200 69061 "-" "-" ... show more 20.197.193.174 - - [01/Jun/2026:03:33:44 +0800] "GET /wp-links-opml.php HTTP/1.1" 200 69061 "-" "-" ... show less	Bad Web Bot Web App Attack
🇩🇪 on-com	2026-05-31 19:31:30 (3 days ago)	URL scan	Brute-Force Web App Attack
🇩🇪 4server	2026-05-31 19:09:55 (3 days ago)	[SunMay3121:09:49.1563822026][security2:error][pid1582102:tid1582206][client20.197.193.174:0]ModSecu ... show more [SunMay3121:09:49.1563822026][security2:error][pid1582102:tid1582206][client20.197.193.174:0]ModSecurity:Accessdeniedwithcode403$phase2$.Matchof\"rx/index\\\\\\\\.php\$\"against\"REQUEST_FILENAME\"required.[file\"/etc/apache2/conf.d/modsec_rules/51_asl_wordpress_extra.conf\"][line\"33\"][id\"333149\"][rev\"21\"][msg\"Atomicorp.comWAFRules:PossiblePHPwebshelldetectedandblocked\"][severity\"CRITICAL\"][hostname\"autodiscover.bicycleambulance.ch\"][uri\"/wp-content/uploads/admin.php\"][unique_id\"ahyHfY3TtLnH8fS1jtod3wAAAMA\"] show less	Port Scan Brute-Force Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-05-31 19:07:02 (3 days ago)	Fail2Ban - [WEB]Custom exploit pattern detected on customexploits ... [ice01,wa01,wa02]	Hacking Brute-Force Bad Web Bot Web App Attack
🇦🇺 paulshipley.com.au	2026-05-31 19:06:34 (3 days ago)	indigi-print-merch.com.au:443 20.197.193.174 - - [01/Jun/2026:05:06:31 +1000] "GET /inputs.php HTTP/ ... show more indigi-print-merch.com.au:443 20.197.193.174 - - [01/Jun/2026:05:06:31 +1000] "GET /inputs.php HTTP/1.1" 404 182435 "-" "-" ... show less	Web App Attack
🇺🇦 URAN Publishing Service	2026-05-31 19:03:53 (3 days ago)	20.197.193.174 - - [31/May/2026:22:03:52 +0300] "GET /wp-content/plugins/hellopress/wp_filemanager.p ... show more 20.197.193.174 - - [31/May/2026:22:03:52 +0300] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 717 "-" "-" ... show less	Web App Attack
🇮🇩 sockominfo	2026-05-31 19:00:48 (3 days ago)	Reported by TangerangKota-CSIRT. Status: MALICIOUS	Hacking Email Spam
🇺🇸 Gabriel Camargo	2026-05-31 19:00:42 (3 days ago)	20.197.193.174 - - [31/May/2026:14:00:35 -0500] "GET /wp-content/plugins/hellopress/wp_filemanager.p ... show more 20.197.193.174 - - [31/May/2026:14:00:35 -0500] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 301 178 "-" "-" 20.197.193.174 - - [31/May/2026:14:00:39 -0500] "GET /ff.php HTTP/1.1" 301 178 "-" "-" 20.197.193.174 - - [31/May/2026:14:00:42 -0500] "GET /x.php HTTP/1.1" 301 178 "-" "-" ... show less	Brute-Force SSH
🇫🇮 Christopher Hughes	2026-05-31 19:00:36 (3 days ago)	[Sun May 31 19:50:34.094365 2026] [proxy_fcgi:error] [pid 259330:tid 139774224471616] [client 20.197 ... show more [Sun May 31 19:50:34.094365 2026] [proxy_fcgi:error] [pid 259330:tid 139774224471616] [client 20.197.193.174:20828] AH01071: Got error 'Primary script unknown' [Sun May 31 19:50:34.329210 2026] [proxy_fcgi:error] [pid 259330:tid 139774249649728] [client 20.197.193.174:20828] AH01071: Got error 'Primary script unknown' [Sun May 31 20:00:35.431334 2026] [proxy_fcgi:error] [pid 259330:tid 139774266435136] [client 20.197.193.174:25297] AH01071: Got error 'Primary script unknown' [Sun May 31 20:00:35.646392 2026] [proxy_fcgi:error] [pid 259330:tid 139773628884544] [client 20.197.193.174:25297] AH01071: Got error 'Primary script unknown' [Sun May 31 20:00:35.861250 2026] [proxy_fcgi:error] [pid 259330:tid 139774258042432] [client 20.197.193.174:25297] AH01071: Got error 'Primary script unknown' ... show less	Web App Attack
🇺🇸 Lezetho	2026-05-31 19:00:18 (3 days ago)	DDoS, WebSpam, Web Attack, and Brute-force blocked by Cloudflare	DDoS Attack Email Spam Hacking Brute-Force

Showing 76 to 90 of 209 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇵🇰 2400:adc5:18b:2c00:d19:e65f:5f3d:47d6

🇨🇳 223.167.75.86

🇭🇰 199.45.155.76

🇧🇪 198.235.24.252

🇳🇱 185.242.226.126

🇺🇸 162.216.149.247

🇺🇸 162.216.149.18

🇺🇸 143.198.11.245

🇺🇸 47.251.47.151

🇳🇱 45.156.128.54

🇳🇱 45.156.128.51

🇳🇱 45.148.10.147

🇺🇸 20.118.227.20

🇬🇧 213.166.84.43

🇨🇭 213.55.197.141

🇶🇦 212.70.118.76

🇳🇱 185.242.226.104

🇩🇪 172.70.248.25

🇺🇸 165.227.188.42

🇨🇴 161.18.250.157