JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.226.121.138

20.226.121.138 was found in our database!

This IP was reported 66 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇧🇷 Brazil
City	Campinas, Sao Paulo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.226.121.138

Whois 20.226.121.138

IP Abuse Reports for 20.226.121.138:

This IP address has been reported a total of 66 times from 54 distinct sources. 20.226.121.138 was first reported on June 16th 2026, and the most recent report was 15 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 pipeline.es	2026-06-17 13:52:12 (15 minutes ago)	Web scanning / probing for vulnerable paths	Port Scan Web App Attack
🇳🇱 JCB	2026-06-17 08:25:00 (5 hours ago)	20.226.121.138 - - [17/Jun/2026:01:53:02 +0300] "GET /d12.php HTTP/1.1" 404 236 "-" "-" 20.226.121. ... show more 20.226.121.138 - - [17/Jun/2026:01:53:02 +0300] "GET /d12.php HTTP/1.1" 404 236 "-" "-" 20.226.121.138 - - [17/Jun/2026:01:53:03 +0300] "GET /tx78.php HTTP/1.1" 404 236 "-" "-" ... show less	Web App Attack
🇬🇧 openstrike.co.uk	2026-06-17 05:13:52 (8 hours ago)	100 attacks on PHP URLs: GET /sid3.php HTTP/1.1	Web App Attack
🇬🇧 andypiper	2026-06-17 01:00:54 (13 hours ago)	CrowdSec ban for AbuseIPDB Top List	Brute-Force Web App Attack
🇺🇸 mnsf	2026-06-17 00:27:50 (13 hours ago)	Too many Status 40X (45)	Brute-Force Web App Attack
🇩🇪 Holger	2026-06-17 00:27:31 (13 hours ago)	WordPress WebAttack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 00:21:22 (13 hours ago)	(mod_security) mod_security (id:210492) triggered by 20.226.121.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 20.226.121.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 20:21:18.007212 2026] [security2:error] [pid 15940:tid 15940] [client 20.226.121.138:31159] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.ggisoft.com"] [uri "/consultantx/wp-config.php"] [unique_id "ajHofkjX6AxoQnvlbVVA6QAAADc"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Philister11	2026-06-17 00:21:12 (13 hours ago)	CrowdSec: crowdsecurity/http-crawl-non_statics (BR/AS8075)	Bad Web Bot Web App Attack
🇺🇸 WellSpring	2026-06-17 00:17:27 (13 hours ago)	wordpress scan on 803.today/wp-content/plugins/hellopress/wp_filemanager.php — WellSpr.ing/NetSentin ... show more wordpress scan on 803.today/wp-content/plugins/hellopress/wp_filemanager.php — WellSpr.ing/NetSentinel civic-AI security layer show less	Bad Web Bot Web App Attack
🇫🇷 ✨	2026-06-17 00:03:14 (14 hours ago)	Domain : casavacanzagallipoli.it Rule : hack 2026-06-17 00:01:25 *hidden-privacy* GET /public/vx ... show more Domain : casavacanzagallipoli.it Rule : hack 2026-06-17 00:01:25 *hidden-privacy* GET /public/vx.php - 80 - 20.226.121.138 HTTP/1.1 - - casavacanzagallipoli.it 301 0 0 416 62 255 - - show less	Hacking SQL Injection Brute-Force
🇺🇸 TPI-Abuse	2026-06-17 00:01:41 (14 hours ago)	(mod_security) mod_security (id:210492) triggered by 20.226.121.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 20.226.121.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 20:01:37.325376 2026] [security2:error] [pid 2499:tid 2499] [client 20.226.121.138:47756] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "linzylyne.com"] [uri "/consultantx/wp-config.php"] [unique_id "ajHj4eNyTCO_Qyu1gPnWywAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 AGEPCom	2026-06-16 23:51:48 (14 hours ago)	Smart-Ban: IP bannie via score AbuseIPDB	Brute-Force Web App Attack
Anonymous	2026-06-16 23:50:58 (14 hours ago)	20.226.121.138 - - [17/Jun/2026:01:50:26 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.p ... show more 20.226.121.138 - - [17/Jun/2026:01:50:26 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 487 "-" "-" 20.226.121.138 - - [17/Jun/2026:01:50:26 +0200] "GET /this_is_a_new_hello_world.php HTTP/1.1" 404 487 "-" "-" 20.226.121.138 - - [17/Jun/2026:01:50:26 +0200] "GET /jj.php HTTP/1.1" 404 487 "-" "-" 20.226.121.138 - - [17/Jun/2026:01:50:27 +0200] "GET /click.php HTTP/1.1" 404 487 "-" "-" 20.226.121.138 - - [17/Jun/2026:01:50:27 +0200] "GET /222.php HTTP/1.1" 404 487 "-" "-" 20.226.121.138 - - [17/Jun/2026:01:50:27 +0200] "GET /z60.php HTTP/1.1" 404 487 "-" "-" 20.226.121.138 - - [17/Jun/2026:01:50:27 +0200] "GET /xml.php HTTP/1.1" 404 487 "-" "-" 20.226.121.138 - - [17/Jun/2026:01:50:28 +0200] "GET /acp.php HTTP/1.1" 404 487 "-" "-" 20.226.121.138 - - [17/Jun/2026:01:50:28 +0200] "GET /wp-home.php HTTP/1.1" 404 487 "-" "-" 20.226.121.138 - - [17/Jun/2026:01:50:28 +0200] "GET /t.php HTTP/1.1" 404 487 "-" "-" 20.226.121.138 - - [17/Jun/2026:01:50:28 +0200] "GET / ... show less	DDoS Attack
🇺🇸 rsa	2026-06-16 23:36:00 (14 hours ago)	GET /wp-act.php HTTP/1.1	DDoS Attack Brute-Force Exploited Host Web App Attack Hacking
🇫🇷 Baking333	2026-06-16 23:19:46 (14 hours ago)	[redacted] 20.226.121.138 - - [17/Jun/2026:00:19:43 +0100] "GET /wp-content/plugins/hellopress/wp_fi ... show more [redacted] 20.226.121.138 - - [17/Jun/2026:00:19:43 +0100] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 301 614 0/571 "-" "-" [redacted] 20.226.121.138 - - [17/Jun/2026:00:19:45 +0100] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 302 5219 0/67014 "-" "-" show less	Bad Web Bot Web App Attack

Showing 1 to 15 of 66 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.227

🇬🇹 190.104.120.195

🇷🇺 46.39.239.86

🇺🇸 209.50.169.241

🇺🇸 172.174.5.146

🇰🇷 119.203.251.187

🇨🇳 115.236.127.217

🇺🇸 104.207.33.35

🇳🇬 102.91.73.102

🇺🇸 71.6.232.23

🇩🇪 65.111.22.43

🇩🇪 64.89.163.134

🇲🇾 49.124.146.45

🇩🇪 45.3.43.96

🇺🇸 3.225.44.56

🇺🇸 209.85.222.201

🇺🇸 207.241.173.18

🇺🇸 143.244.168.161

🇳🇱 85.146.183.78

🇷🇸 77.105.37.219