JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.226.2.52

20.226.2.52 was found in our database!

This IP was reported 238 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇧🇷 Brazil
City	Campinas, Sao Paulo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.226.2.52

Whois 20.226.2.52

IP Abuse Reports for 20.226.2.52:

This IP address has been reported a total of 238 times from 192 distinct sources. 20.226.2.52 was first reported on May 27th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 paissangroup	2026-05-27 14:58:08 (1 week ago)	Multiple WAF Violations	Web App Attack
🇫🇷 dynamix	2026-05-27 14:51:16 (1 week ago)	Multiple WAF Violations	Web App Attack
Anonymous	2026-05-27 14:41:48 (1 week ago)	(caddyscan) Scanner path probe from 20.226.2.52 (BR/Brazil/-): 5 in the last 3600 secs; Ports: ; Di ... show more (caddyscan) Scanner path probe from 20.226.2.52 (BR/Brazil/-): 5 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 20.226.2.52 - - [27/May/2026:14:41:25 +0000] "GET /wp-admin/css/colors/blue/ HTTP/1.1" [REDACTED] 200 2627 20.226.2.52 - - [27/May/2026:14:41:28 +0000] "GET /wp-admin/js/index.php HTTP/1.1" [REDACTED] 200 2627 20.226.2.52 - - [27/May/2026:14:41:28 +0000] "GET /wp-admin/css/index.php HTTP/1.1" [REDACTED] 200 2627 20.226.2.52 - - [27/May/2026:14:41:44 +0000] "GET /wp-admin/css/colors/blue/ HTTP/1.1" [REDACTED] 200 2627 20.226.2.52 - - [27/May/2026:14:41:45 +0000] "GET /wp-admin/js/admin.php HTTP/1.1" show less	Port Scan
🇩🇪 barbarella	2026-05-27 14:41:35 (1 week ago)	Multiple (249) times attack on https port 443: unauthorized access to Wordpress files (GET /wp-conte ... show more Multiple (249) times attack on https port 443: unauthorized access to Wordpress files (GET /wp-content/plugins/hellopress/wp_filemanager.php) 16:41:36 Hacking attempt of vulnerable PHP Script (GET /aaa.php) 16:41:36 Hacking attempt (GET /admin.php) 16:41:36 Hacking attempt of Wordpress (GET /wp-includes/Text/Diff/index.php) 16:41:37 Hacking attempt of vulnerable PHP Script (GET /aa.php) 16:41:37 Hacking attempt (GET /server.php) 16:41:38 Hacking attempt of Wordpress (GET /wp-includes/index.php) 16:41:38 Hacking attempt (GET /wp-content/themes/admin.php) 16:41:39 Hacking attempt (GET /wp-content/plugins/admin.php) show less	Hacking Web App Attack
🇩🇪 jasperedv.de	2026-05-27 14:28:37 (1 week ago)	Apache Login - Brutforcing	Web App Attack Brute-Force
🇩🇪 [email protected]	2026-05-27 14:18:13 (1 week ago)	Brute force 76 attempts	DDoS Attack SQL Injection Brute-Force SSH
🇧🇷 vfAcceloReporter	2026-05-27 14:12:53 (1 week ago)	20.226.2.52 - - [27/May/2026:11:12:52 -0300] "GET /atomlib.php HTTP/1.1" 404 110 "-" "-" 20.226.2.52 ... show more 20.226.2.52 - - [27/May/2026:11:12:52 -0300] "GET /atomlib.php HTTP/1.1" 404 110 "-" "-" 20.226.2.52 - - [27/May/2026:11:12:52 -0300] "GET /wp-signup.php HTTP/1.1" 404 112 "-" "-" 20.226.2.52 - - [27/May/2026:11:12:52 -0300] "GET /wp-conflg.php HTTP/1.1" 404 112 "-" "-" 20.226.2.52 - - [27/May/2026:11:12:52 -0300] "GET /.well-known/pki-validation/index.php HTTP/1.1" 404 135 "-" "-" 20.226.2.52 - - [27/May/2026:11:12:52 -0300] "GET /wp-links-opml.php HTTP/1.1" 404 116 "-" "-" ... show less	Brute-Force Web App Attack Exploited Host
🇬🇧 myintarweb	2026-05-27 14:12:35 (1 week ago)	20.226.2.52 - - [27/May/2026:15:12:34 +0100] 80 "GET /wp-content/plugins/hellopress/wp_filemanager.p ... show more 20.226.2.52 - - [27/May/2026:15:12:34 +0100] 80 "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 410 1506 "-" "-" ... show less	Hacking Bad Web Bot Web App Attack
🇩🇪 ecs.ge	2026-05-27 14:08:32 (1 week ago)	Automatic Fail2Ban report from jail plesk-modsecurity: multiple matching events detected.	Web App Attack Hacking
🇩🇪 Aufpasser_1973	2026-05-27 14:05:11 (1 week ago)	Fail2Ban: Attack from 20.226.2.52 with <uri>	Port Scan Bad Web Bot SSH
Anonymous	2026-05-27 14:04:20 (1 week ago)	(mod_security) mod_security triggered on hostname [redacted] 20.226.2.52 (BR/Brazil/-)	SQL Injection
🇮🇩 sockominfo	2026-05-27 14:00:16 (1 week ago)	Mixed case PHP extension detected (PhP, PhP5, Phtml, etc). Threat Score: 7.8/10 (HIGH). Reported by ... show more Mixed case PHP extension detected (PhP, PhP5, Phtml, etc). Threat Score: 7.8/10 (HIGH). Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Web App Attack
🇳🇱 i-turnradio.nl	2026-05-27 13:59:30 (1 week ago)	2026-05-27 @ 15:59:30 (CET) ~ Blocked for trying to access: /wp-content/plugins/hellopress/wp_filema ... show more 2026-05-27 @ 15:59:30 (CET) ~ Blocked for trying to access: /wp-content/plugins/hellopress/wp_filemanager.php show less	Web App Attack
🇧🇷 vfAcceloReporter	2026-05-27 13:52:44 (1 week ago)	20.226.2.52 - - [27/May/2026:10:52:42 -0300] "GET /defaults.php HTTP/1.1" 404 111 "-" "-" 20.226.2.5 ... show more 20.226.2.52 - - [27/May/2026:10:52:42 -0300] "GET /defaults.php HTTP/1.1" 404 111 "-" "-" 20.226.2.52 - - [27/May/2026:10:52:42 -0300] "GET /wp-file.php HTTP/1.1" 404 110 "-" "-" 20.226.2.52 - - [27/May/2026:10:52:43 -0300] "GET /403.php HTTP/1.1" 404 106 "-" "-" 20.226.2.52 - - [27/May/2026:10:52:43 -0300] "GET /404.php HTTP/1.1" 404 106 "-" "-" 20.226.2.52 - - [27/May/2026:10:52:43 -0300] "GET /wp-2019.php HTTP/1.1" 404 110 "-" "-" ... show less	Brute-Force Web App Attack Exploited Host
🇬🇧 Apache	2026-05-27 13:46:19 (1 week ago)	(mod_security) mod_security (id:20000010) triggered by 20.226.2.52 (BR/Brazil/-): 5 in the last 300 ... show more (mod_security) mod_security (id:20000010) triggered by 20.226.2.52 (BR/Brazil/-): 5 in the last 300 secs (CF_ENABLE) show less	Brute-Force Web App Attack

Showing 121 to 135 of 238 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 20.118.202.145

🇺🇸 2001:470:2cc:1::1f8

🇹🇼 198.235.24.3

🇩🇪 193.124.20.231

🇷🇺 79.104.0.82

🇺🇸 66.132.172.96

🇨🇳 14.103.102.130

🇨🇳 171.114.227.41

🇨🇳 106.12.168.187

🇸🇬 52.148.66.53

🇸🇬 43.160.246.215

🇨🇳 222.86.105.204

🇺🇸 216.180.246.143

🇲🇽 189.182.50.57

🇲🇽 187.251.132.2

🇨🇳 123.145.7.237

🇨🇳 112.102.221.229

🇺🇸 65.49.1.142

🇧🇷 45.163.198.89

🇰🇷 211.223.107.86