JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.197.232.12

20.197.232.12 was found in our database!

This IP was reported 703 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇧🇷 Brazil
City	Campinas, Sao Paulo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.197.232.12

Whois 20.197.232.12

IP Abuse Reports for 20.197.232.12:

This IP address has been reported a total of 703 times from 440 distinct sources. 20.197.232.12 was first reported on October 16th 2021, and the most recent report was 9 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 Site.eu	2026-06-20 07:33:39 (9 hours ago)	Excessive multi-domain requests	Brute-Force
🇮🇱 spd.co.il	2026-06-20 06:02:06 (11 hours ago)	Unauthorized access attempts on ports: 80	Port Scan
🇬🇧 openstrike.co.uk	2026-06-20 05:13:28 (12 hours ago)	139 attacks on PHP URLs: GET /wp-tivate.php HTTP/1.1	Web App Attack
🇧🇷 Peregrine	2026-06-20 03:13:30 (14 hours ago)	Fail2Ban ct101 Jail: tomcat-honeypot \| Evidence: 20.197.232.12 172.69.39.163 - - [17/Jun/2026:18:28: ... show more Fail2Ban ct101 Jail: tomcat-honeypot \| Evidence: 20.197.232.12 172.69.39.163 - - [17/Jun/2026:18:28:40 -0300] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 18193 show less	Bad Web Bot
🇩🇪 SiyCah	2026-06-20 03:00:02 (14 hours ago)	IP banned by fail2ban; banned in jail apache-auth. Report generated by fail2abuseipdb.	Hacking Brute-Force Web App Attack
🇫🇷 bellovacorp	2026-06-20 01:01:37 (16 hours ago)	[CrowdSec/Noliae] noliae-threat-intel	Hacking
🇪🇸 Gem	2026-06-19 22:13:11 (19 hours ago)	Unauthorized web scan.	Web App Attack
🇺🇸 Lezetho	2026-06-19 16:00:18 (1 day ago)	DDoS, WebSpam, Web Attack, and Brute-force blocked by Cloudflare	DDoS Attack Email Spam Hacking Brute-Force
🇸🇪 SkyDancer	2026-06-19 13:45:40 (1 day ago)	Multiple intrusion attempts via http/https on known vulnerable url offsets. Attack automatically blo ... show more Multiple intrusion attempts via http/https on known vulnerable url offsets. Attack automatically blocked by SkyDancer Ai(web-X). show less	Hacking Brute-Force
🇫🇷 geot	2026-06-19 12:00:00 (1 day ago)	WordPress scanning bot	Hacking Bad Web Bot Web App Attack
🇺🇸 Charlesiv	2026-06-19 08:13:05 (1 day ago)	Triggered Cloudflare WAF (botFight) from BR. Action taken: MANAGED_CHALLENGE ASN: 8075 (Microsoft Co ... show more Triggered Cloudflare WAF (botFight) from BR. Action taken: MANAGED_CHALLENGE ASN: 8075 (Microsoft Corporation) Protocol: HTTP/1.1 (GET method) Endpoint: /ey5.php Timestamp: 2026-06-19T06:49:47Z Ray ID: a0e09889cb4a621b UA: Empty string show less	Bad Web Bot
🇳🇱 JCB	2026-06-19 08:04:00 (1 day ago)	20.197.232.12 - - [18/Jun/2026:22:59:11 +0300] "GET /this_is_a_new_hello_world.php HTTP/1.1" 404 236 ... show more 20.197.232.12 - - [18/Jun/2026:22:59:11 +0300] "GET /this_is_a_new_hello_world.php HTTP/1.1" 404 236 "-" "-" 20.197.232.12 - - [18/Jun/2026:22:59:12 +0300] "GET /1.php HTTP/1.1" 404 236 "-" "-" ... show less	Web App Attack Hacking
🇬🇷 setupgr	2026-06-19 06:50:30 (1 day ago)	(mod_security) mod_security (id:1000001) triggered by 20.197.232.12 (BR/Brazil/SÃ£o Paulo/SÃ£o Paulo ... show more (mod_security) mod_security (id:1000001) triggered by 20.197.232.12 (BR/Brazil/SÃ£o Paulo/SÃ£o Paulo/-/[AS8075 MICROSOFT-CORP-MSN-AS-BLOCK]): 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Fri Jun 19 09:50:26.809814 2026] [security2:error] [pid 2321:tid 2514] [client 20.197.232.12:57804] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/wp-content/plugins/hellopress/wp_filemanager.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "93"] [id "1000001"] [msg "Bad file blocked: /wp-content/plugins/hellopress/wp_filemanager.php"] [severity "CRITICAL"] [tag "security"] [hostname "babis.photo"] [uri "/wp-content/plugins/hellopress/wp_filemanager.php"] [unique_id "ajTmstQ6GrQCM-JSBa98HwAAAQk"] show less	Port Scan
Anonymous	2026-06-19 06:47:31 (1 day ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-probing	Web App Attack Hacking
🇳🇱 middelkoopcc	2026-06-19 06:40:05 (1 day ago)	2026-06-19 08:35:37 [client 20.197.232.12:48511] AH01071: Got error 'Primary script unknown' && 2026 ... show more 2026-06-19 08:35:37 [client 20.197.232.12:48511] AH01071: Got error 'Primary script unknown' && 2026-06-19 08:35:37 [client 20.197.232.12:48511] AH01071: Got error 'Primary script unknown' && 2026-06-19 08:35:38 [client 20.197.232.12:48511] AH01071: Got error 'Primary script unknown' && 128 more within 20 minutes show less	Web App Attack

Showing 1 to 15 of 703 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.180.246.194

🇬🇧 188.240.59.46

🇨🇳 183.66.166.30

🇬🇧 178.128.36.92

🇩🇪 172.253.1.210

🇵🇭 161.49.89.39

🇰🇪 102.210.149.105

🇫🇷 85.217.140.51

🇩🇪 69.5.169.189

🇺🇸 64.62.156.35

🇸🇬 47.128.16.26

🇫🇷 217.69.5.75

🇺🇸 185.223.152.249

🇺🇸 184.105.247.230

🇨🇳 139.227.161.181

🇸🇬 103.250.10.18

🇬🇧 84.17.51.215

🇺🇸 66.132.172.213

🇧🇷 45.165.238.2

🇨🇳 39.129.41.254