JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.104.24.244

20.104.24.244 was found in our database!

This IP was reported 245 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.104.24.244

Whois 20.104.24.244

IP Abuse Reports for 20.104.24.244:

This IP address has been reported a total of 245 times from 208 distinct sources. 20.104.24.244 was first reported on February 20th 2023, and the most recent report was 5 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇦 URAN Publishing Service	2026-06-02 06:50:36 (2 days ago)	20.104.24.244 - - [02/Jun/2026:09:50:08 +0300] "GET /wp-content/plugins/hellopress/wp_filemanager.ph ... show more 20.104.24.244 - - [02/Jun/2026:09:50:08 +0300] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 710 "-" "-" 20.104.24.244 - - [02/Jun/2026:09:50:35 +0300] "GET /consultantx/wp-config.php HTTP/1.1" 404 628 "-" "-" ... show less	Web App Attack
🇩🇪 Viveronese	2026-06-02 06:46:10 (2 days ago)	HTTP vulnerability scanning	Web App Attack
🇩🇪 findlab	2026-06-02 06:45:03 (2 days ago)	Backdrop CMS module - malicious activity detected	Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-02 06:44:19 (2 days ago)	Excessive multi-domain requests	Brute-Force
🇩🇪 zumbo.net	2026-06-02 06:42:58 (2 days ago)	[Tue Jun 02 09:42:57.353139 2026] [proxy_fcgi:error] [pid 24549:tid 24556] [client 20.104.24.244:0] ... show more [Tue Jun 02 09:42:57.353139 2026] [proxy_fcgi:error] [pid 24549:tid 24556] [client 20.104.24.244:0] AH01071: Got error 'Primary script unknown' [Tue Jun 02 09:42:57.568851 2026] [proxy_fcgi:error] [pid 24548:tid 24581] [client 20.104.24.244:0] AH01071: Got error 'Primary script unknown' [Tue Jun 02 09:42:57.784032 2026] [proxy_fcgi:error] [pid 24548:tid 24597] [client 20.104.24.244:0] AH01071: Got error 'Primary script unknown' [Tue Jun 02 09:42:58.075822 2026] [proxy_fcgi:error] [pid 24548:tid 24586] [client 20.104.24.244:0] AH01071: Got error 'Primary script unknown' [Tue Jun 02 09:42:58.284636 2026] [proxy_fcgi:error] [pid 24548:tid 24585] [client 20.104.24.244:0] AH01071: Got error 'Primary script unknown' ... show less	Brute-Force Web App Attack
Anonymous	2026-06-02 06:40:12 (2 days ago)	Bot / seems abusive / Apache connections: 21	DDoS Attack Web Spam Bad Web Bot Web App Attack
🇪🇸 Francisco Vallejo	2026-06-02 06:39:16 (2 days ago)	[Tue Jun 02 08:39:15.364320 2026] [core:info] [pid 198611:tid 130566041093824] [client 20.104.24.244 ... show more [Tue Jun 02 08:39:15.364320 2026] [core:info] [pid 198611:tid 130566041093824] [client 20.104.24.244:30678] AH00128: File does not exist: /var/www/franvallejo/wp-content/plugins/hellopress/wp_filemanager.php [Tue Jun 02 08:39:15.837625 2026] [core:info] [pid 198611:tid 130566032701120] [client 20.104.24.244:30678] AH00128: File does not exist: /var/www/franvallejo/this_is_a_new_hello_world.php [Tue Jun 02 08:39:16.024298 2026] [core:info] [pid 198611:tid 130567452485312] [client 20.104.24.244:30678] AH00128: File does not exist: /var/www/franvallejo/41.php [Tue Jun 02 08:39:16.226453 2026] [core:info] [pid 198611:tid 130567444092608] [client 20.104.24.244:30678] AH00128: File does not exist: /var/www/franvallejo/666.php [Tue Jun 02 08:39:16.482251 2026] [core:info] [pid 198611:tid 130567427307200] [client 20.104.24.244:30678] AH00128: File does not exist: /var/www/franvallejo/wp-the.php ... show less	Brute-Force SSH
🇩🇪 BlueWire Hosting	2026-06-02 06:37:49 (2 days ago)	Suspicious HTTP(s) activity without a user agent provided	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-02 06:37:25 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 20.104.24.244 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.104.24.244 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 02:37:17.157453 2026] [security2:error] [pid 26603:tid 26603] [client 20.104.24.244:28059] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.toptek.com"] [uri "/consultantx/wp-config.php"] [unique_id "ah56HVR4ptS3bapwPI7JWwAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 NoaQT	2026-06-02 06:36:59 (2 days ago)	2026-06-02T06:36:57.929404+00:00 ingress-1 haproxy[18251]: 20.104.24.244:28292 [02/Jun/2026:06:36:57 ... show more 2026-06-02T06:36:57.929404+00:00 ingress-1 haproxy[18251]: 20.104.24.244:28292 [02/Jun/2026:06:36:57.928] https_in https_in/<NOSRV> 0/-1/-1/-1/0 429 225 - - PR-- 203/197/0/0/0 0/0 "GET /elp.php HTTP/1.1" 2026-06-02T06:36:58.060113+00:00 ingress-1 haproxy[18251]: 20.104.24.244:28292 [02/Jun/2026:06:36:58.059] https_in https_in/<NOSRV> 0/-1/-1/-1/0 429 225 - - PR-- 203/197/0/0/0 0/0 "GET /abc.php HTTP/1.1" 2026-06-02T06:36:58.190918+00:00 ingress-1 haproxy[18251]: 20.104.24.244:28292 [02/Jun/2026:06:36:58.189] https_in https_in/<NOSRV> 0/-1/-1/-1/0 429 225 - - PR-- 203/197/0/0/0 0/0 "GET /hplfuns.php HTTP/1.1" 2026-06-02T06:36:58.347538+00:00 ingress-1 haproxy[18251]: 20.104.24.244:28292 [02/Jun/2026:06:36:58.346] https_in https_in/<NOSRV> 0/-1/-1/-1/0 429 225 - - PR-- 203/197/0/0/0 0/0 "GET /edit-tags.php HTTP/1.1" 2026-06-02T06:36:58.478479+00:00 ingress-1 haproxy[18251]: 20.104.24.244:28292 [02/Jun/2026:06:36:58.477] https_in https_in/<NOSRV> 0/-1/-1/-1/0 429 225 - - PR-- 203/197/0/0/ ... show less	DDoS Attack
🇨🇭 Origon	2026-06-02 06:35:55 (2 days ago)	http-probing - IP: 20.104.24.244 - time="2026-06-02T08:35:55+02:00" level=info msg="(555f66b4f6a745 ... show more http-probing - IP: 20.104.24.244 - time="2026-06-02T08:35:55+02:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-probing by ip 20.104.24.244 (CA/8075) : 4h ban on Ip 20.104.24.244" module=db show less	Web App Attack
🇩🇪 raph	2026-06-02 06:35:45 (2 days ago)	[Wordpress] crawler /wp-admin/, /wp-content/, etc.	Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-02 06:35:43 (2 days ago)	Multiple WAF Violations	Web App Attack
🇫🇷 Dorian GRANDHAY	2026-06-02 06:34:42 (2 days ago)	(PERMBLOCK) 20.104.24.244 (CA/Canada/-) has had more than 4 temp blocks in the last 604800 secs; Por ... show more (PERMBLOCK) 20.104.24.244 (CA/Canada/-) has had more than 4 temp blocks in the last 604800 secs; Ports: *; Direction: inout; Trigger: LF_PERMBLOCK_COUNT; Logs: show less	Port Scan
🇫🇷 masterguru	2026-06-02 06:32:52 (2 days ago)	Too much 404 requests in 1 minute. Operator GE matched 10 at IP:block_script. (46020-193)	Hacking

Showing 211 to 225 of 245 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇪🇸 82.223.24.195

🇳🇱 217.60.195.4

🇧🇷 201.16.238.49

🇳🇮 190.212.216.61

🇦🇺 74.91.200.217

🇫🇮 46.62.131.178

🇳🇱 45.198.224.22

🇬🇧 35.203.210.95

🇺🇸 2607:ff10:c8:594::a

🇬🇧 194.61.3.162

🇩🇪 176.65.132.24

🇺🇸 162.216.150.82

🇧🇷 129.121.37.21

🇭🇷 93.136.174.131

🇩🇪 69.5.169.191

🇩🇪 69.5.169.90

🇭🇰 47.86.187.13

🇳🇱 45.148.10.152

🇿🇦 4.222.232.83

🇧🇷 187.72.128.177