JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.104.19.65

20.104.19.65 was found in our database!

This IP was reported 179 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.104.19.65

Whois 20.104.19.65

IP Abuse Reports for 20.104.19.65:

This IP address has been reported a total of 179 times from 138 distinct sources. 20.104.19.65 was first reported on June 21st 2026, and the most recent report was 16 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 h7ex	2026-06-22 15:46:03 (16 minutes ago)	Attempted execution of scripts via Apache (noscripts) (Jail: apache-noscript)	Hacking Exploited Host
Anonymous	2026-06-22 15:45:01 (17 minutes ago)	Admin access attempt: 20.104.19.65 - - [22/Jun/2026:16:33:44 +0100] "GET /admin.php HTTP/1.1" 404 2 ... show more Admin access attempt: 20.104.19.65 - - [22/Jun/2026:16:33:44 +0100] "GET /admin.php HTTP/1.1" 404 246 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" show less	Hacking Web App Attack
🇫🇷 lindi	2026-06-22 15:35:27 (26 minutes ago)	Probing for resource vulnerabilities ...	Web Spam Brute-Force Bad Web Bot Exploited Host Web App Attack
🇩🇪 Gwyneth Llewelyn	2026-06-22 15:13:08 (49 minutes ago)	20.104.19.65 - - [22/Jun/2026:16:13:06 +0100] "GET /wp-login.php HTTP/1.1" 404 1006 "-" "Mozilla/5.0 ... show more 20.104.19.65 - - [22/Jun/2026:16:13:06 +0100] "GET /wp-login.php HTTP/1.1" 404 1006 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" show less	Bad Web Bot
🇺🇦 URAN Publishing Service	2026-06-22 14:39:21 (1 hour ago)	20.104.19.65 - - [22/Jun/2026:17:39:20 +0300] "GET /cgi-bin/ HTTP/1.1" 404 564 "-" "Mozilla/5.0 (Win ... show more 20.104.19.65 - - [22/Jun/2026:17:39:20 +0300] "GET /cgi-bin/ HTTP/1.1" 404 564 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" ... show less	Web App Attack
🇳🇱 Mangelot Hosting	2026-06-22 14:18:38 (1 hour ago)	(PERMBLOCK) 20.104.19.65 (CA/Canada/-) has had more than 4 temp blocks in the last 86400 secs; Ports ... show more (PERMBLOCK) 20.104.19.65 (CA/Canada/-) has had more than 4 temp blocks in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_PERMBLOCK_COUNT; Logs: show less	Port Scan
🇩🇪 MusicLibrary	2026-06-22 14:11:27 (1 hour ago)	Probing for non-existent scripts or executables	Bad Web Bot Web App Attack
🇺🇸 Epimetheus	2026-06-22 14:08:11 (1 hour ago)	Zombie network / Bot scanner detected: [GET] /wp-content/plugins/WordPressCore/ [GET] /wp-includes/ ... show more Zombie network / Bot scanner detected: [GET] /wp-content/plugins/WordPressCore/ [GET] /wp-includes/PHPMailer/ [GET] /wp-content/admin.php [GET] /xmlrpc.php [GET] /goods.php [GET] /about.php [GET] /cache.php [GET] /class-t.api.php [GET] /wp-includes/html-api/ [GET] /admin.php [GET] /randkeyword.PhP7 [GET] /index/function.php [GET] /wp-login.php [GET] /defaults.php [GET] /autoload_classmap.php UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 show less	Bad Web Bot Exploited Host Web App Attack
Anonymous	2026-06-22 14:02:22 (2 hours ago)	[Mon Jun 22 16:02:21.981659 2026] [authz_core:error] [pid 11860] [client 20.104.19.65:19315] AH01630 ... show more [Mon Jun 22 16:02:21.981659 2026] [authz_core:error] [pid 11860] [client 20.104.19.65:19315] AH01630: client denied by server configuration: /etc/httpd/htdocs [Mon Jun 22 16:02:22.082069 2026] [authz_core:error] [pid 11860] [client 20.104.19.65:19315] AH01630: client denied by server configuration: /etc/httpd/htdocs [Mon Jun 22 16:02:22.181272 2026] [authz_core:error] [pid 11860] [client 20.104.19.65:19315] AH01630: client denied by server configuration: /etc/httpd/htdocs ... show less	Web App Attack
🇩🇪 Skyrider	2026-06-22 13:55:38 (2 hours ago)	Nginx: HTTP 4xx probe/scan attempts. Automated fail2ban report.	Bad Web Bot Web App Attack
🇺🇸 ipblock.com	2026-06-22 13:34:00 (2 hours ago)	IPBlock protected site ID [1365-l]. Exploit request, vulnerability scanner.	Hacking Bad Web Bot Web App Attack
🇪🇸 netfactotum	2026-06-22 13:33:51 (2 hours ago)		Hacking Web App Attack
🇺🇸 Epimetheus	2026-06-22 13:16:12 (2 hours ago)	Unauthorized access attempts: [GET] /cache.php [GET] /wp-content/plugins/WordPressCore/ [GET] /.wel ... show more Unauthorized access attempts: [GET] /cache.php [GET] /wp-content/plugins/WordPressCore/ [GET] /.well-known/ [GET] /wp-content/themes/admin.php [GET] /as.php [GET] /sf.php [GET] /file.php [GET] /themes.php [GET] /cgi-bin/ [GET] /randkeyword.PhP7 [GET] /info.php [GET] /index/function.php [GET] /rip.php [GET] /function/function.php [GET] /inputs.php [GET] /wp-content/uploads/index.php UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 show less	Web App Attack
🇺🇸 chronos	2026-06-22 12:46:14 (3 hours ago)	[AUTORAVALT][[22/06/2026 - 09:46:14 -03:00 UTC] Attack from [Microsoft Corporation] [20.104.19.65] A ... show more [AUTORAVALT][[22/06/2026 - 09:46:14 -03:00 UTC] Attack from [Microsoft Corporation] [20.104.19.65] Action: BLocKed DDoS Attack -> Participating in distributed denial-of-service. Phishing -> Phishing websites and/or email. Web Spam -> Comment/forum spam, HTTP referer spam, or other CMS spam. Blog Spam -> CMS blog comment spam. Web App Attack -> Attempts to prob] ... show less	DDoS Attack Phishing Web Spam Blog Spam Web App Attack
🇩🇪 updown.io	2026-06-22 12:31:21 (3 hours ago)	{"level":"info","ts":1782128094.576326,"logger":"http.log.access.log0","msg":"handled request","requ ... show more {"level":"info","ts":1782128094.576326,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"20.104.19.65","remote_port":"35694","client_ip":"20.104.19.65","proto":"HTTP/1.1","method":"GET","host":"1jza.status.updown.io","uri":"/ws.php","headers":{"Accept-Encoding":["gzip, deflate, br"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"],"Dnt":["1"],"Cache-Control":["max-age=0"],"Connection":["keep-alive"],"Sec-Ch-Ua":["\"Not_A Brand\";v=\"8\", \"Chromium\";v=\"120\", \"Google Chrome\";v=\"120\""],"Accept":["text/html, application/xhtml+xml, application/xml; q=0.9, image/webp, image/apng, /; q=0.8, application/signed-exchange; v=b3; q=0.7"],"Accept-Language":["en-US, en; q=0.9"],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Fetch-Mode":["navigate"],"Upgrade-Insecure-Requests":["1"]} ... show less	DDoS Attack Web App Attack

Showing 1 to 15 of 179 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇪🇸 217.154.106.221

🇳🇱 176.65.139.236

🇺🇸 98.92.248.94

🇺🇸 47.251.172.88

🇺🇸 34.135.200.178

🇨🇳 203.2.114.122

🇬🇧 194.164.91.60

🇨🇳 182.43.235.75

🇳🇱 176.65.139.239

🇳🇱 176.65.139.237

🇳🇱 176.65.139.231

🇭🇰 152.32.174.171

🇺🇸 137.184.65.212

🇭🇰 118.193.36.56

🇻🇳 116.104.235.222

🇹🇼 111.70.27.30

🇳🇱 94.102.49.125

🇳🇱 91.92.40.171

🇺🇸 65.111.5.137

🇫🇷 45.157.112.33