JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 4.201.225.141

4.201.225.141 was found in our database!

This IP was reported 80 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇧🇷 Brazil
City	Campinas, Sao Paulo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 4.201.225.141

Whois 4.201.225.141

IP Abuse Reports for 4.201.225.141:

This IP address has been reported a total of 80 times from 63 distinct sources. 4.201.225.141 was first reported on June 17th 2026, and the most recent report was 19 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-17 18:32:28 (19 minutes ago)	(mod_security) mod_security (id:210492) triggered by 4.201.225.141 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 4.201.225.141 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 14:32:22.498536 2026] [security2:error] [pid 8377:tid 8377] [client 4.201.225.141:45809] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.renegadestudios.com"] [uri "/consultantx/wp-config.php"] [unique_id "ajLoNszkh1b_8nL5pVmUqQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇸🇪 SkyDancer	2026-06-17 18:30:58 (20 minutes ago)	Multiple unauthorized attempts to access using wrong credentials. Attack automatically blocked by Sk ... show more Multiple unauthorized attempts to access using wrong credentials. Attack automatically blocked by SkyDancer Ai. EXT-SYS-Vx show less	Hacking Brute-Force SSH
🇺🇸 JustMeHere	2026-06-17 18:26:36 (25 minutes ago)	[Wed Jun 17 14:26:32.370422 2026] [security2:error] [pid 165691:tid 165822] [client 4.201.225.141:93 ... show more [Wed Jun 17 14:26:32.370422 2026] [security2:error] [pid 165691:tid 165822] [client 4.201.225.141:9340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [ver "OWASP_CRS/4.15.0"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "mail.yorknation.com"] [uri "/consultantx/wp-config.php"] [unique_id "ajLm2LJZ-qDBf9jGfiLwwQAAAIw"] ... show less	Web App Attack
🇧🇾 lns.bz	2026-06-17 18:15:00 (36 minutes ago)	Too many 404 requests [BY]	Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 18:11:33 (40 minutes ago)	(mod_security) mod_security (id:210492) triggered by 4.201.225.141 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 4.201.225.141 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 14:11:27.231477 2026] [security2:error] [pid 2805:tid 2805] [client 4.201.225.141:1562] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "luxurymicrobikinis.com"] [uri "/consultantx/wp-config.php"] [unique_id "ajLjTzizdebp6whn45QPLAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-17 18:09:03 (42 minutes ago)	4.201.225.141 - - [17/Jun/2026:20:08:37 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.ph ... show more 4.201.225.141 - - [17/Jun/2026:20:08:37 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 488 "-" "-" 4.201.225.141 - - [17/Jun/2026:20:08:38 +0200] "GET /this_is_a_new_hello_world.php HTTP/1.1" 404 488 "-" "-" 4.201.225.141 - - [17/Jun/2026:20:08:38 +0200] "GET /iiwxa.php HTTP/1.1" 404 488 "-" "-" 4.201.225.141 - - [17/Jun/2026:20:08:38 +0200] "GET /ckysr.php HTTP/1.1" 404 488 "-" "-" 4.201.225.141 - - [17/Jun/2026:20:08:38 +0200] "GET /f5.php HTTP/1.1" 404 488 "-" "-" 4.201.225.141 - - [17/Jun/2026:20:08:38 +0200] "GET /xjhob.php HTTP/1.1" 404 488 "-" "-" 4.201.225.141 - - [17/Jun/2026:20:08:39 +0200] "GET /z43agz.php HTTP/1.1" 404 488 "-" "-" 4.201.225.141 - - [17/Jun/2026:20:08:39 +0200] "GET //a.php HTTP/1.1" 404 488 "-" "-" 4.201.225.141 - - [17/Jun/2026:20:08:39 +0200] "GET /sixxis.php HTTP/1.1" 404 488 "-" "-" 4.201.225.141 - - [17/Jun/2026:20:08:40 +0200] "GET /000.php HTTP/1.1" 404 488 "-" "-" 4.201.225.141 - - [17/Jun/2026:20:08:40 +0200] "GET /0.ph ... show less	DDoS Attack
Anonymous	2026-06-17 18:05:05 (46 minutes ago)	PHP file probing detected by Fail2Ban	Web App Attack
🇧🇷 Halux	2026-06-17 18:04:52 (46 minutes ago)	4.201.225.141 Probing protected path or service	Web App Attack
🇺🇸 zwebvigil	2026-06-17 18:01:29 (50 minutes ago)	4.201.225.141 [17/Jun/2026:11:01:28 -0700] "GET /wp-content/plugins/hellopress/wp_filemanager.php H ... show more 4.201.225.141 [17/Jun/2026:11:01:28 -0700] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 401 381 "-" port=44882 "-" "-" "-" "<ghost>ercontent.com" 771 4.201.225.141 [17/Jun/2026:11:01:28 -0700] "GET /this_is_a_new_hello_world.php HTTP/1.1" 401 381 "-" port=44882 "-" "-" "-" "<ghost>ercontent.com" 392 4.201.225.141 [17/Jun/2026:11:01:29 -0700] "GET /jj.php HTTP/1.1" 401 381 "-" port=44882 "-" "-" "-" "<ghost>ercontent.com" 347 4.201.225.141 [17/Jun/2026:11:01:29 -0700] "GET /click.php HTTP/1.1" 401 381 "-" port=44882 "-" "-" "-" "<ghost>ercontent.com" 296 4.201.225.141 [17/Jun/2026:11:01:29 -0700] "GET /222.php HTTP/1.1" 401 381 "-" port=44882 "-" "-" "-" "<ghost>ercontent.com" 216 4.201.225.141 [17/Jun/2026:11:01:29 -0700] "GET /z60.php HTTP/1.1" 401 381 "-" port=44882 "-" "-" "-" "<ghost>er show less	Web App Attack
🇺🇦 URAN Publishing Service	2026-06-17 17:53:33 (58 minutes ago)	4.201.225.141 - - [17/Jun/2026:20:53:26 +0300] "GET /wp-content/plugins/hellopress/wp_filemanager.ph ... show more 4.201.225.141 - - [17/Jun/2026:20:53:26 +0300] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 708 "-" "-" ... show less	Web App Attack
🇨🇦 polycoda	2026-06-17 17:50:08 (1 hour ago)	🔥 VERY AGGRESSIVE SCANNER probed over 200 inexistent files and PHP scripts in less than an hour.	Hacking Web App Attack
🇺🇸 WellSpring	2026-06-17 17:48:14 (1 hour ago)	Automated probe detected by Ody Sentinel / WellSpr.ing. Type: wordpress_content. Path: /wp-content/p ... show more Automated probe detected by Ody Sentinel / WellSpr.ing. Type: wordpress_content. Path: /wp-content/plugins/hellopress/wp_filemanager.php. Auto-blocked after threshold exceeded. Dossier: https://wellspr.ing/dossier/sentinel-4-201-225-141 show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 17:45:13 (1 hour ago)	(mod_security) mod_security (id:210492) triggered by 4.201.225.141 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 4.201.225.141 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 13:45:08.400630 2026] [security2:error] [pid 13324:tid 13324] [client 4.201.225.141:49659] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.utahproaudio.com"] [uri "/consultantx/wp-config.php"] [unique_id "ajLdJC7uziNAZP0IK8FFVgAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 raph	2026-06-17 17:44:23 (1 hour ago)	[Wordpress] crawler /wp-admin/, /wp-content/, etc.	Bad Web Bot Web App Attack
🇦🇺 paulshipley.com.au	2026-06-17 17:39:54 (1 hour ago)	paulshipley.id.au:443 4.201.225.141 - - [18/Jun/2026:03:39:52 +1000] "GET /edit.php HTTP/1.1" 404 77 ... show more paulshipley.id.au:443 4.201.225.141 - - [18/Jun/2026:03:39:52 +1000] "GET /edit.php HTTP/1.1" 404 77465 "-" "-" ... show less	Web App Attack

Showing 1 to 15 of 80 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 176.65.139.181

🇺🇸 172.237.136.213

🇲🇽 149.232.133.26

🇺🇸 144.202.92.17

🇱🇹 45.227.254.170

🇳🇱 45.148.10.152

🇯🇵 43.153.185.56

🇳🇴 20.251.117.149

🇮🇳 20.244.20.183

🇧🇷 205.210.31.245

🇧🇷 190.115.84.25

🇨🇳 114.100.48.120

🇫🇷 91.231.89.8

🇳🇱 91.92.40.29

🇩🇪 83.135.185.229

🇩🇪 46.101.201.146

🇻🇪 190.142.97.50

🇧🇷 187.62.87.27

🇧🇷 170.238.160.191

🇳🇱 167.99.221.60