JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.104.99.15

20.104.99.15 was found in our database!

This IP was reported 254 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.104.99.15

Whois 20.104.99.15

IP Abuse Reports for 20.104.99.15:

This IP address has been reported a total of 254 times from 221 distinct sources. 20.104.99.15 was first reported on May 31st 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Petros Stefanakis	2026-05-31 22:42:37 (3 days ago)	(mod_security) mod_security triggered on hostname [redacted] 20.104.99.15 (CA/Canada/-)	SQL Injection
Anonymous	2026-05-31 22:41:30 (3 days ago)	[Mon Jun 01 00:41:28.946039 2026] [php7:error] [pid 19065] [client 20.104.99.15:5646] script '/var/w ... show more [Mon Jun 01 00:41:28.946039 2026] [php7:error] [pid 19065] [client 20.104.99.15:5646] script '/var/www/x.php' not found or unable to stat [Mon Jun 01 00:41:29.177948 2026] [php7:error] [pid 19065] [client 20.104.99.15:5646] script '/var/www/wss.php' not found or unable to stat ... show less	Web App Attack
🇩🇪 yvoictra	2026-05-31 22:41:17 (3 days ago)	20.104.99.15 - - [01/Jun/2026:00:40:39 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php ... show more 20.104.99.15 - - [01/Jun/2026:00:40:39 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 102951 "-" "-" 20.104.99.15 - - [01/Jun/2026:00:40:40 +0200] "GET /x.php HTTP/1.1" 404 105526 "-" "-" 20.104.99.15 - - [01/Jun/2026:00:40:41 +0200] "GET /wss.php HTTP/1.1" 404 105536 "-" "-" 20.104.99.15 - - [01/Jun/2026:00:40:41 +0200] "GET /ultra.php HTTP/1.1" 404 105546 "-" "-" 20.104.99.15 - - [01/Jun/2026:00:40:42 +0200] "GET /Ar.php HTTP/1.1" 404 105531 "-" "-" 20.104.99.15 - - [01/Jun/2026:00:40:42 +0200] "GET /wpconf.php HTTP/1.1" 404 105551 "-" "-" 20.104.99.15 - - [01/Jun/2026:00:40:43 +0200] "GET /aaf.php HTTP/1.1" 404 105536 "-" "-" 20.104.99.15 - - [01/Jun/2026:00:40:43 +0200] "GET /tw0.php HTTP/1.1" 404 105536 "-" "-" 20.104.99.15 - - [01/Jun/2026:00:40:44 +0200] "GET /htt.php HTTP/1.1" 404 105536 "-" "-" 20.104.99.15 - - [01/Jun/2026:00:40:44 +0200] "GET /eid.php HTTP/1.1" 404 105536 "-" "-" 20.104.99.15 - - [01/Jun/2026:00:40:45 +0200] "GET /hellcut.php HTT ... show less	Brute-Force Web App Attack
🇺🇸 Operator873	2026-05-31 22:37:42 (3 days ago)	2026/05/31 17:37:40 [error] 1423675#0: 3509628 access forbidden by rule, client: 20.104.99.15, serv ... show more 2026/05/31 17:37:40 [error] 1423675#0: 3509628 access forbidden by rule, client: 20.104.99.15, server: [OBFUSCATED], request: "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1", host: "cockpit.n5txl.com" 2026/05/31 17:37:40 [error] 1423675#0: 3509628 access forbidden by rule, client: 20.104.99.15, server: [OBFUSCATED], request: "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1", host: "cockpit.n5txl.com" 2026/05/31 17:37:40 [error] 1423675#0: 3509628 access forbidden by rule, client: 20.104.99.15, server: [OBFUSCATED], request: "GET /x.php HTTP/1.1", host: "cockpit.n5txl.com" 2026/05/31 17:37:40 [error] 1423675#0: 3509628 access forbidden by rule, client: 20.104.99.15, server: [OBFUSCATED], request: "GET /x.php HTTP/1.1", host: "cockpit.n5txl.com" 2026/05/31 17:37:40 [error] 1423675#0: 3509628 access forbidden by rule, client: 20.104.99.15, server: [OBFUSCATED], request: "GET /wss.php HTTP/1.1", host: "cockpit.n5txl.com" ... show less	Brute-Force Web App Attack
🇯🇵 beon	2026-05-31 22:35:49 (3 days ago)	[DateTime=>2026-05-31T22:35:49Z to 2026-05-31T22:36:17Z (UTC)] , [HoneyPot_Hits=>42 times] , [HoneyP ... show more [DateTime=>2026-05-31T22:35:49Z to 2026-05-31T22:36:17Z (UTC)] , [HoneyPot_Hits=>42 times] , [HoneyPots=>/wp-content/plugins/hellopress/wp_filemanager.php, /modules/mod_simplefileuploadv1.3/elements/filemanager.php, /wp-includes/blocks/post-comments-form/, /wp-admin/js/, /wp-admin/css/colour.php, /wordpress/wp-admin/maint/ and others] , [404targets=>/x.php, /wss.php, /ultra.php, /Ar.php, /wpconf.php, /aaf.php and others] , [total_Hits=>161 times] , [hit_per_second=>5.75] , [Keyword=>WordPress, file manager scripts, .well-known, PHP web shells] show less	Bad Web Bot Web App Attack Hacking
🇺🇸 antlac1	2026-05-31 22:31:29 (3 days ago)	crowdsecurity/http-crawl-non_statics	Brute-Force Web App Attack
🇺🇸 etu brutus	2026-05-31 22:31:20 (3 days ago)	20.104.99.15 Blocked by [Attack Vector List] ...	Hacking Brute-Force Exploited Host
🇫🇮 danskefilm.dk	2026-05-31 22:30:01 (3 days ago)	wordpress login attempts	Web App Attack
Anonymous	2026-05-31 22:28:42 (3 days ago)	vulnerabilities scan	Port Scan Hacking Web App Attack
🇺🇸 ipblock.com	2026-05-31 22:25:00 (3 days ago)	IPBlock protected site ID [1438-do]. Exploit request, vulnerability scanner.	Hacking Bad Web Bot Web App Attack
🇦🇺 Lazarus	2026-05-31 22:20:30 (3 days ago)	HTTP probe.	Web App Attack
🇩🇪 ecs.ge	2026-05-31 22:20:08 (3 days ago)	Automatic Fail2Ban report from jail plesk-modsecurity: multiple matching events detected.	Web App Attack Hacking
Anonymous	2026-05-31 22:18:23 (3 days ago)	Aggressive web scan	Bad Web Bot Web App Attack
🇨🇭 lufi	2026-05-31 22:16:29 (3 days ago)	2026-06-01 00:16:28 20.104.99.15: blacklisted Pattern: wp-content/ ...	Web Spam Brute-Force Hacking Web App Attack
🇫🇷 Thibault Millant	2026-05-31 22:12:57 (3 days ago)	20.104.99.15 - - [31/May/2026:22:12:43 +0000] "GET /wp-content/plugins/hellopress/wp_filemanager.php ... show more 20.104.99.15 - - [31/May/2026:22:12:43 +0000] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 146 "-" "-" ... show less	Brute-Force Exploited Host SSH

Showing 61 to 75 of 254 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 212.30.37.48

🇨🇳 180.101.144.152

🇳🇱 176.65.139.229

🇸🇬 140.245.101.124

🇨🇳 117.72.110.172

🇸🇬 114.119.146.159

🇭🇰 103.210.22.17

🇫🇷 82.208.20.10

🇺🇸 64.62.156.193

🇧🇷 45.224.128.71

🇨🇳 42.123.123.238

🇹🇿 41.59.228.160

🇺🇸 23.227.147.163

🇺🇸 3.20.227.20

🇩🇪 185.242.3.179

🇮🇹 185.15.170.242

🇳🇱 176.65.149.14

🇮🇩 157.66.141.21

🇿🇼 143.105.37.67

🇪🇸 82.102.17.187