JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.104.24.244

20.104.24.244 was found in our database!

This IP was reported 244 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.104.24.244

Whois 20.104.24.244

IP Abuse Reports for 20.104.24.244:

This IP address has been reported a total of 244 times from 208 distinct sources. 20.104.24.244 was first reported on February 20th 2023, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇦 ISPLtd	2026-06-02 11:09:38 (1 day ago)	20.104.24.244 - - [02/Jun/2026:08:09:37 -0300] "GET /consultantx/wp-config.php 20.104.24.244 - - [02 ... show more 20.104.24.244 - - [02/Jun/2026:08:09:37 -0300] "GET /consultantx/wp-config.php 20.104.24.244 - - [02/Jun/2026:08:09:37 -0300] "GET /consultantx/wp-config.php ... show less	Hacking Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-06-02 11:06:02 (1 day ago)	Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [ice01]	Bad Web Bot Web App Attack
🇬🇧 innovacommunications	2026-06-02 11:05:03 (1 day ago)	Reported from Imunify360 blocklist	Brute-Force SSH
🇨🇦 Bots.go.to.hell	2026-06-02 11:04:12 (1 day ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-probing	Web App Attack Hacking
🇩🇪 MusicLibrary	2026-06-02 11:00:09 (1 day ago)	Probing for non-existent scripts or executables	Bad Web Bot Web App Attack
🇺🇸 itsnixk	2026-06-02 10:51:02 (1 day ago)	(mod_security) mod_security (id:930130) triggered by 20.104.24.244 (CA/Canada/-): 1 in the last 3600 ... show more (mod_security) mod_security (id:930130) triggered by 20.104.24.244 (CA/Canada/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Tue Jun 02 06:50:58.893347 2026] [security2:error] [pid 1251806:tid 1252301] [client 20.104.24.244:3071] ModSecurity: Access denied with code 406 (phase 1). Matched phrase "wp-config." at REQUEST_FILENAME. [file "/etc/modsecurity.d/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "150"] [id "930130"] [msg "Restricted File Access Attempt"] [redacted] [severity "CRITICAL"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [redacted] [uri "/consultantx/wp-config.php"] [unique_id "ah61knJI1CxA6YDnS3Y1OwAAAT4"] show less	Port Scan
🇩🇪 4server	2026-06-02 10:50:41 (1 day ago)	[TueJun0212:50:38.4751402026][security2:error][pid2236:tid2362][client20.104.24.244:0]ModSecurity:Ac ... show more [TueJun0212:50:38.4751402026][security2:error][pid2236:tid2362][client20.104.24.244:0]ModSecurity:Accessdeniedwithcode403$phase1$.Patternmatch\"$\?i$$\?:/\(\?:\^\\|/$\\\\\\\\.$env\\|git\\|svn\\|hg\\|DS_Store$\\|/$\?:wp-config\\|\\\\\\\\.htaccess\\|\\\\\\\\.htpasswd$\\|\\\\\\\\.$\?:sql\\|bak\\|old\\|log$\$\)\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"156\"][id\"960720\"][msg\"Forbiddenfileaccessattempt\"][severity\"CRITICAL\"][hostname\"autodiscover.eimeko.ch\"][uri\"/consultantx/wp-config.php\"][unique_id\"ah61ft9FbCMtF-h7pKy4CwAAANc\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 KitsuneTech	2026-06-02 10:48:09 (1 day ago)	20.104.24.244 - - [02/Jun/2026:05:48:08 -0500] "GET /wp-content/plugins/hellopress/wp_filemanager.ph ... show more 20.104.24.244 - - [02/Jun/2026:05:48:08 -0500] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 301 287 "-" "-" ... show less	Web App Attack
🇺🇸 NXTwoThou	2026-06-02 10:45:16 (1 day ago)	/wp-content/plugins/hellopress/wp_filemanager.php	Web App Attack
🇺🇸 n2nguyenn2nguyen	2026-06-02 10:43:51 (1 day ago)	Blocked by YFC Security on https://1904.brixzly.com — type: rapid_scan_attempts	Web App Attack
🇺🇦 URAN Publishing Service	2026-06-02 10:36:22 (1 day ago)	20.104.24.244 - - [02/Jun/2026:13:36:22 +0300] "GET /wp-content/plugins/hellopress/wp_filemanager.ph ... show more 20.104.24.244 - - [02/Jun/2026:13:36:22 +0300] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 707 "-" "-" ... show less	Web App Attack
🇩🇪 iNetWorker	2026-06-02 10:33:45 (1 day ago)	trolling for resource vulnerabilities	Web App Attack
🇳🇱 Roderic	2026-06-02 10:31:58 (1 day ago)	(apache-scanners) Failed apache-scanners trigger with match [redacted])	Port Scan
🇮🇩 Burayot	2026-06-02 10:28:50 (1 day ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 20.104.24.244 (CA/Canada/-): 2 in t ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 20.104.24.244 (CA/Canada/-): 2 in the last 3600 secs show less	Web App Attack
🇦🇹 penguin-solutions.at	2026-06-02 10:21:44 (1 day ago)	Excessive 403/404 errors ...	Brute-Force Web App Attack

Showing 91 to 105 of 244 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇻🇪 154.27.134.50

🇰🇪 41.203.213.8

🇦🇺 223.27.18.80

🇺🇸 185.255.100.194

🇭🇰 165.154.60.76

🇺🇸 147.185.132.48

🇨🇳 121.227.31.82

🇺🇸 66.29.156.133

🇩🇪 43.228.157.9

🇺🇸 172.208.48.177

🇨🇳 122.114.255.230

🇮🇹 83.224.144.61

🇸🇬 47.84.143.141

🇵🇰 45.194.15.81

🇺🇸 162.255.116.173

🇨🇦 159.2.163.187

🇵🇰 157.10.7.15

🇹🇼 125.227.156.55

🇨🇳 112.46.214.107

🇧🇩 103.26.136.173