JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.197.227.41

20.197.227.41 was found in our database!

This IP was reported 178 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇧🇷 Brazil
City	Campinas, Sao Paulo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.197.227.41

Whois 20.197.227.41

IP Abuse Reports for 20.197.227.41:

This IP address has been reported a total of 178 times from 160 distinct sources. 20.197.227.41 was first reported on June 26th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 oisecnet	2026-06-27 21:01:39 (1 day ago)	Automated report: Unauthorized vulnerability scanning detected on 2026-06-27. 117 requests from this ... show more Automated report: Unauthorized vulnerability scanning detected on 2026-06-27. 117 requests from this IP. show less	Brute-Force Web App Attack SSH
Anonymous	2026-06-27 19:03:56 (1 day ago)	Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: BR, Attack patterns: Word ... show more Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: BR, Attack patterns: WordPress scanning, Backup file probing, Malicious User-Agent show less	Bad Web Bot Web App Attack
Anonymous	2026-06-27 08:32:00 (2 days ago)	"GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1"	Hacking Web App Attack
🇬🇧 andypiper	2026-06-27 01:02:04 (2 days ago)	CrowdSec ban for AbuseIPDB Top List	Brute-Force Web App Attack
🇩🇪 NewGastroline	2026-06-27 00:12:08 (2 days ago)	Malicious request blocked by CrowdSec on gastro-prod1.boreus.de	Bad Web Bot Web App Attack
🇺🇸 WizardsToolkit	2026-06-27 00:11:02 (2 days ago)	attempted to access /wp-content/plugins/hellopress/wp_filemanager.php	Web App Attack
🇩🇪 london2038.com	2026-06-27 00:09:26 (2 days ago)	Probing for exploits 20.197.227.41 - - [27/Jun/2026:02:09:23 +0200] "GET /wp-content/plugins/hellopr ... show more Probing for exploits 20.197.227.41 - - [27/Jun/2026:02:09:23 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 301 169 "-" "-" 20.197.227.41 - - [27/Jun/2026:02:09:26 +0200] "GET //sql.php HTTP/1.1" 301 169 "-" "-" show less	Hacking Web App Attack
🇨🇭 dalslab ltd	2026-06-27 00:07:17 (2 days ago)	[27/Jun/2026:02:07:15 +0200] - 404 404 - GET https auth.dalslab.com "/wp-content/plugins/hellopress/ ... show more [27/Jun/2026:02:07:15 +0200] - 404 404 - GET https auth.dalslab.com "/wp-content/plugins/hellopress/wp_filemanager.php" [Client 20.197.227.41] [Length 5431] [Gzip -] [Sent-to 10.1.1.240] "-" "-" [27/Jun/2026:02:07:15 +0200] - 404 404 - GET https auth.dalslab.com "/this_is_a_new_hello_world.php" [Client 20.197.227.41] [Length 5431] [Gzip -] [Sent-to 10.1.1.240] "-" "-" [27/Jun/2026:02:07:16 +0200] - 404 404 - GET https auth.dalslab.com "/sql.php" [Client 20.197.227.41] [Length 5431] [Gzip -] [Sent-to 10.1.1.240] "-" "-" [27/Jun/2026:02:07:17 +0200] - 404 404 - GET https auth.dalslab.com "/1index.php" [Client 20.197.227.41] [Length 5431] [Gzip -] [Sent-to 10.1.1.240] "-" "-" [27/Jun/2026:02:07:17 +0200] - 404 404 - GET https auth.dalslab.com "/xxx.php" [Client 20.197.227.41] [Length 5431] [Gzip -] [Sent-to 10.1.1.240] "-" "-" ... show less	Web Spam Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-27 00:07:02 (2 days ago)	Automated web scanner. Requested suspicious paths: /this_is_a_new_hello_world.php \| /wp-content/plug ... show more Automated web scanner. Requested suspicious paths: /this_is_a_new_hello_world.php \| /wp-content/plugins/hellopress/wp_filemanager.php \| /1index.php \| //sql.php \| /file11.php \| /xxx.php \| /dropdown.php \| /wp-slss.php \| /ah25.php \| /1.php \| /png.php \| /900.php \| /ccou.php \| /file59.php. UTC: 2026-06-26 23:36:44. show less	Web App Attack
🇺🇸 deskpass.com	2026-06-27 00:04:40 (2 days ago)	GET /aa.php	Web App Attack
🇱🇻 garmtech.com	2026-06-27 00:03:14 (2 days ago)	Attempted access to sensitive endpoint (/wp-content/plugins/hellopress/wp_filemanager.php) detected. ... show more Attempted access to sensitive endpoint (/wp-content/plugins/hellopress/wp_filemanager.php) detected. Automated scan or unauthorized probing. show less	Web App Attack
🇫🇮 Christopher Hughes	2026-06-27 00:01:26 (2 days ago)	[Sat Jun 27 01:01:25.482200 2026] [proxy_fcgi:error] [pid 1198185:tid 139822660318784] [client 20.19 ... show more [Sat Jun 27 01:01:25.482200 2026] [proxy_fcgi:error] [pid 1198185:tid 139822660318784] [client 20.197.227.41:46540] AH01071: Got error 'Primary script unknown' [Sat Jun 27 01:01:25.698042 2026] [proxy_fcgi:error] [pid 1198185:tid 139821779510848] [client 20.197.227.41:46540] AH01071: Got error 'Primary script unknown' [Sat Jun 27 01:01:25.920281 2026] [proxy_fcgi:error] [pid 1198185:tid 139822775862848] [client 20.197.227.41:46540] AH01071: Got error 'Primary script unknown' [Sat Jun 27 01:01:26.141958 2026] [proxy_fcgi:error] [pid 1198185:tid 139822792648256] [client 20.197.227.41:46540] AH01071: Got error 'Primary script unknown' [Sat Jun 27 01:01:26.574006 2026] [proxy_fcgi:error] [pid 1198185:tid 139821762725440] [client 20.197.227.41:46540] AH01071: Got error 'Primary script unknown' ... show less	Web App Attack
🇩🇪 on-com	2026-06-26 23:57:02 (2 days ago)	URL scan	Brute-Force Web App Attack
🇳🇱 informedclearly.com	2026-06-26 23:52:32 (2 days ago)	WAF_BAN reason=PHP_SCANNER rule=PHP_PATH hits=10 path=/ccou.php? ua=-	Port Scan Hacking
🇫🇷 Feelautom	2026-06-26 23:44:46 (2 days ago)	[FeelAutom Auto-Ban] SuspiciousExtension: /ah25.php (Score: 200)	Port Scan

Showing 1 to 15 of 178 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 167.94.145.25

🇩🇪 165.154.138.123

🇺🇸 144.208.72.90

🇺🇸 20.169.105.57

🇨🇳 222.174.242.2

🇳🇱 176.65.139.231

🇸🇬 172.188.89.41

🇵🇰 111.68.111.124

🇳🇱 77.83.39.27

🇩🇪 69.5.169.200

🇺🇸 66.132.195.46

🇺🇸 20.169.105.52

🇺🇸 20.169.105.51

🇸🇪 195.178.191.5

🇳🇱 176.65.139.235

🇧🇷 170.150.252.53

🇸🇰 158.173.242.17

🇨🇳 106.35.128.118

🇧🇬 91.92.199.36

🇳🇱 91.92.42.61