JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.203.168.197

20.203.168.197 was found in our database!

This IP was reported 371 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇨🇭 Switzerland
City	Zurich, Zurich

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.203.168.197

Whois 20.203.168.197

IP Abuse Reports for 20.203.168.197:

This IP address has been reported a total of 371 times from 218 distinct sources. 20.203.168.197 was first reported on August 8th 2022, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 Epimetheus	2026-05-25 12:44:46 (1 week ago)	Unauthorized access attempts: [GET] /404.php [GET] /wp-includes/images/ [GET] /wp-includes/PHPMaile ... show more Unauthorized access attempts: [GET] /404.php [GET] /wp-includes/images/ [GET] /wp-includes/PHPMailer/ [GET] /wp-content/themes/index.php [GET] /ws.php [GET] /wp-trackback.php [GET] /wp-content/plugins/WordPressCore/ [GET] /index/function.php [GET] /inputs.php [GET] /wp-good.php [GET] /admin.php [GET] /wp-content/uploads/index.php [GET] /an.php [GET] /chosen.php [GET] /randkeyword.PhP7 UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 show less	Web App Attack
🇫🇮 Christopher Hughes	2026-05-25 12:39:50 (1 week ago)	[Mon May 25 13:39:49.785506 2026] [proxy_fcgi:error] [pid 4191434:tid 139773670848064] [client 20.20 ... show more [Mon May 25 13:39:49.785506 2026] [proxy_fcgi:error] [pid 4191434:tid 139773670848064] [client 20.203.168.197:11498] AH01071: Got error 'Primary script unknown' [Mon May 25 13:39:49.822201 2026] [proxy_fcgi:error] [pid 4191434:tid 139774786520640] [client 20.203.168.197:11498] AH01071: Got error 'Primary script unknown' [Mon May 25 13:39:49.858785 2026] [proxy_fcgi:error] [pid 4191434:tid 139774811698752] [client 20.203.168.197:11498] AH01071: Got error 'Primary script unknown' [Mon May 25 13:39:49.904251 2026] [proxy_fcgi:error] [pid 4191434:tid 139774266435136] [client 20.203.168.197:11498] AH01071: Got error 'Primary script unknown' [Mon May 25 13:39:49.940849 2026] [proxy_fcgi:error] [pid 4191434:tid 139774258042432] [client 20.203.168.197:11498] AH01071: Got error 'Primary script unknown' ... show less	Web App Attack
🇧🇪 Saec	2026-05-25 12:27:38 (1 week ago)	Jarvis auto-ban: CF honeypot path /wp-login.php (2× on saec.me)	Port Scan Web App Attack
🇸🇦 ksa.f.m.s	2026-05-25 12:25:34 (1 week ago)	20.203.168.197 - - [25/May/2026:15:25:26 +0300] "GET /cgi-bin/ HTTP/1.1" 404 1782 "-" "Mozilla/5.0 ( ... show more 20.203.168.197 - - [25/May/2026:15:25:26 +0300] "GET /cgi-bin/ HTTP/1.1" 404 1782 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 20.203.168.197 - - [25/May/2026:15:25:30 +0300] "GET /wp-login.php HTTP/1.1" 404 1782 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 20.203.168.197 - - [25/May/2026:15:25:33 +0300] "GET /wp-login.php HTTP/1.1" 404 1784 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" ... show less	FTP Brute-Force Port Scan Hacking Brute-Force Bad Web Bot Web App Attack
🇫🇷 Delta-shop	2026-05-25 12:25:05 (1 week ago)	PrestaShop Security Module: Calls WordPress paths probing known vulnerabilities	Web App Attack
🇩🇪 Selckie	2026-05-25 12:22:55 (1 week ago)	fail2ban: NGINX unusual impact	Web App Attack
🇩🇪 Skyrider	2026-05-25 12:17:58 (1 week ago)	20.203.168.197 - - [25/May/2026:14:17:57 +0200] "GET /.well-known/ HTTP/2.0" 403 5401 "-" "Mozilla/5 ... show more 20.203.168.197 - - [25/May/2026:14:17:57 +0200] "GET /.well-known/ HTTP/2.0" 403 5401 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 20.203.168.197 - - [25/May/2026:14:17:57 +0200] "GET /404.php HTTP/2.0" 403 5401 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 20.203.168.197 - - [25/May/2026:14:17:57 +0200] "GET /abc.php HTTP/2.0" 403 5401 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 20.203.168.197 - - [25/May/2026:14:17:57 +0200] "GET /abcd.php HTTP/2.0" 403 5401 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 20.203.168.197 - - [25/May/2026:14:17:57 +0200] "GET /about.php HTTP/2.0" 403 5401 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" show less	Bad Web Bot Web App Attack
🇺🇸 Epimetheus	2026-05-25 12:14:45 (1 week ago)	Zombie network / Bot scanner detected: [GET] /wp-includes/phpmailer/ [GET] /wp-login.php [GET] /wp- ... show more Zombie network / Bot scanner detected: [GET] /wp-includes/phpmailer/ [GET] /wp-login.php [GET] /wp-includes/requests/src/response/about.php [GET] /wp-includes/images/ [GET] /wp-content/uploads/index.php [GET] /wp-includes/html-api/ [GET] /adminfuns.php [GET] /wp-admin/css/colors/ectoplasm/ [GET] /file.php [GET] /inputs.php [GET] /wp-good.php [GET] /404.php [GET] /wp-trackback.php [GET] /admin.php [GET] /file.php [GET] /wp-admin/css/colors/ectoplasm/ [GET] /wp-login.php [GET] /wp-content/plugins/index.php [GET] /wp-content/admin.php [GET] /.well-known/ [GET] /.well-known/ [GET] /as.php [GET] /abcd.php UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 show less	Bad Web Bot Exploited Host Web App Attack
🇺🇦 URAN Publishing Service	2026-05-25 12:13:35 (1 week ago)	20.203.168.197 - - [25/May/2026:15:13:35 +0300] "GET /cgi-bin/ HTTP/1.1" 404 514 "-" "Mozilla/5.0 (W ... show more 20.203.168.197 - - [25/May/2026:15:13:35 +0300] "GET /cgi-bin/ HTTP/1.1" 404 514 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" ... show less	Web App Attack
🇹🇭 thaizone.com	2026-05-25 12:05:33 (1 week ago)	Hacking attempts against websites (D1) #3	Web App Attack Hacking
Anonymous	2026-05-25 11:58:28 (1 week ago)	"GET /wp-admin/css/colors/ectoplasm/ HTTP/1.1"	Hacking Web App Attack
🇺🇸 Epimetheus	2026-05-25 11:44:46 (1 week ago)	Unauthorized access attempts: [GET] /autoload_classmap.php [GET] /about.php [GET] /class-t.api.php ... show more Unauthorized access attempts: [GET] /autoload_classmap.php [GET] /about.php [GET] /class-t.api.php [GET] /wp-content/admin.php [GET] /wp-trackback.php [GET] /wp-content/plugins/index.php [GET] /chosen.php [GET] /abc.php [GET] /ws.php [GET] /wp-admin/css/colors/ectoplasm/ [GET] /goods.php [GET] /admin.php [GET] /ioxi-o.php [GET] /wp-content/themes/hideo/network.php [GET] /index/function.php [GET] /class-t.api.php [GET] /.well-known/ [GET] /404.php [GET] /adminfuns.php [GET] /abc.php [GET] /an.php UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 show less	Web App Attack
🇨🇦 Mediashaker	2026-05-25 11:44:29 (1 week ago)	(apache-scanners) Failed apache-scanners trigger with match [redacted] from 20.203.168.197 (CH/Switz ... show more (apache-scanners) Failed apache-scanners trigger with match [redacted] from 20.203.168.197 (CH/Switzerland/-) show less	Port Scan
🇺🇦 URAN Publishing Service	2026-05-25 11:44:07 (1 week ago)	20.203.168.197 - - [25/May/2026:14:44:07 +0300] "GET /cgi-bin/ HTTP/1.1" 404 560 "-" "Mozilla/5.0 (W ... show more 20.203.168.197 - - [25/May/2026:14:44:07 +0300] "GET /cgi-bin/ HTTP/1.1" 404 560 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" ... show less	Web App Attack
🇳🇿 Antinson	2026-05-25 11:44:07 (1 week ago)	Scraping with a high error ratio and request rate Requests to unauthorized or suspicious endpoints ( ... show more Scraping with a high error ratio and request rate Requests to unauthorized or suspicious endpoints (.git, .well-known, .php, etc.) show less	Bad Web Bot

Showing 61 to 75 of 371 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 202.53.94.246

🇨🇦 148.113.190.153

🇸🇬 129.212.237.224

🇨🇳 124.89.118.6

🇨🇳 120.198.138.185

🇮🇳 117.215.222.16

🇲🇾 47.250.114.237

🇳🇱 45.148.10.157

🇮🇹 213.136.164.97

🇬🇾 190.80.51.146

🇮🇳 182.95.182.166

🇳🇱 176.65.149.212

🇨🇳 121.239.149.32

🇳🇱 80.82.65.84

🇺🇸 72.10.32.138

🇰🇷 43.164.190.124

🇮🇳 2001:4490:4ca1:6fc8:c86c:d7b7:e3c4:3079

🇺🇸 216.245.181.227

🇳🇱 192.42.116.94

🇨🇳 113.231.39.203