JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.116.27.239

20.116.27.239 was found in our database!

This IP was reported 193 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.116.27.239

Whois 20.116.27.239

IP Abuse Reports for 20.116.27.239:

This IP address has been reported a total of 193 times from 140 distinct sources. 20.116.27.239 was first reported on June 18th 2026, and the most recent report was 6 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 SpaceHost-Server	2026-06-19 22:28:51 (6 minutes ago)		Brute-Force Web App Attack
Anonymous	2026-06-19 22:04:11 (31 minutes ago)	Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: CA, Attack patterns: Word ... show more Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: CA, Attack patterns: WordPress scanning show less	Bad Web Bot Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-06-19 17:07:01 (5 hours ago)	Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [mx01]	Bad Web Bot Web App Attack
🇹🇷 zadmind	2026-06-19 15:59:26 (6 hours ago)	Blocked by automated 404 tracking monitoring system.	Hacking Web App Attack
🇺🇸 slay3r9903	2026-06-19 15:12:38 (7 hours ago)	IP address blocked by Cloudflare security rules due to suspicious activity and security violations.	Hacking Bad Web Bot
🇩🇪 macrob	2026-06-19 14:59:25 (7 hours ago)	2026/06/19 14:59:21 [error] 3055249#3055249: 316802690 access forbidden by rule, client: 20.116.27. ... show more 2026/06/19 14:59:21 [error] 3055249#3055249: 316802690 access forbidden by rule, client: 20.116.27.239, server: fastcredit.net.ua, request: "GET /wp-content/uploads/index.php HTTP/2.0", host: "fastcredit.net.ua" 2026/06/19 14:59:23 [error] 3055244#3055244: 316802713 access forbidden by rule, client: 20.116.27.239, server: fastcredit.net.ua, request: "GET /wp-content/themes/hideo/network.php HTTP/2.0", host: "fastcredit.net.ua" 2026/06/19 14:59:23 [error] 3055248#3055248: 316798972 access forbidden by rule, client: 20.116.27.239, server: fastcredit.net.ua, request: "GET /wp-login.php HTTP/2.0", host: "fastcredit.net.ua" ... show less	Web App Attack
🇮🇩 soc-yk	2026-06-19 14:44:12 (7 hours ago)	Type: suspicious_network_activity Risk: 100 Events: 914 Evidence: - Persistent suspicious network a ... show more Type: suspicious_network_activity Risk: 100 Events: 914 Evidence: - Persistent suspicious network activity detected - Repeated hostile operational behavior observed - Multi-event operational persistence identified - Threat escalation behavior observed show less	Port Scan Hacking
🇳🇱 CryptoYakari	2026-06-19 14:35:57 (7 hours ago)	20.116.27.239 - - [19/Jun/2026:17:35:51 +0300] "GET /inputs.php HTTP/1.0" 404 531 "-" "Mozilla/5.0 ( ... show more 20.116.27.239 - - [19/Jun/2026:17:35:51 +0300] "GET /inputs.php HTTP/1.0" 404 531 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 20.116.27.239 - - [19/Jun/2026:17:35:51 +0300] "GET /ioxi-o.php HTTP/1.0" 404 531 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 20.116.27.239 - - [19/Jun/2026:17:35:51 +0300] "GET /function/function.php HTTP/1.0" 404 3515 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 20.116.27.239 - - [19/Jun/2026:17:35:52 +0300] "GET /rip.php HTTP/1.0" 404 531 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 20.116.27.239 - - [19/Jun/2026:17:35:52 +0300] "GET /admin.php HTTP/1.0" 404 531 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/ ... show less	Web Spam Blog Spam Web App Attack Bad Web Bot
🇸🇬 Cloudkul Cloudkul	2026-06-19 14:00:44 (8 hours ago)	Attempted Not Found (404 status code) requests on our application, more than 30% of their total requ ... show more Attempted Not Found (404 status code) requests on our application, more than 30% of their total requests. show less	Brute-Force Web App Attack
🇩🇪 h7ex	2026-06-19 13:59:06 (8 hours ago)	Attempted execution of scripts via Apache (noscripts) (Jail: apache-noscript)	Hacking Exploited Host
🇬🇷 setupgr	2026-06-19 13:58:58 (8 hours ago)	(mod_security) mod_security (id:1000001) triggered by 20.116.27.239 (CA/Canada/Ontario/Toronto/-/[AS ... show more (mod_security) mod_security (id:1000001) triggered by 20.116.27.239 (CA/Canada/Ontario/Toronto/-/[AS8075 MICROSOFT-CORP-MSN-AS-BLOCK]): 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Fri Jun 19 16:58:56.707574 2026] [security2:error] [pid 79894:tid 79929] [client 20.116.27.239:44382] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/ioxi-o.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "93"] [id "1000001"] [msg "Bad file blocked: /ioxi-o.php"] [severity "CRITICAL"] [tag "security"] [hostname "ftiaxtomonosou.gr"] [uri "/ioxi-o.php"] [unique_id "ajVLICc2acK9dyAMRdL_KwAAAUg"] show less	Port Scan
🇺🇸 Epimetheus	2026-06-19 13:51:01 (8 hours ago)	Zombie network / Bot scanner detected: [GET] /wp-includes/html-api/ [GET] /defaults.php [GET] /sf.p ... show more Zombie network / Bot scanner detected: [GET] /wp-includes/html-api/ [GET] /defaults.php [GET] /sf.php [GET] /class-t.api.php [GET] /info.php [GET] /classwithtostring.php [GET] /wp-content/themes/index.php [GET] /as.php [GET] /function/function.php [GET] /abc.php [GET] /file.php [GET] /index/function.php [GET] /wp-login.php UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 show less	Bad Web Bot Exploited Host Web App Attack
🇺🇸 deskpass.com	2026-06-19 13:46:16 (8 hours ago)	GET /wp-content/themes/index.php	Web App Attack
🇵🇱 sefinek.net	2026-06-19 13:42:08 (8 hours ago)	Triggered Cloudflare WAF (firewallCustom) from CA. Action: MANAGED_CHALLENGE \| Protocol: HTTP/1.1 (G ... show more Triggered Cloudflare WAF (firewallCustom) from CA. Action: MANAGED_CHALLENGE \| Protocol: HTTP/1.1 (GET) \| Endpoint: /wp-content/plugins/WordPressCore/ \| UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 • Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇬🇧 spamverify.com	2026-06-19 13:21:48 (9 hours ago)	Honeypot Hit: xmlrpc.php	Web Spam Blog Spam Bad Web Bot Web App Attack

Showing 1 to 15 of 193 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 172.185.24.228

🇨🇳 223.93.164.218

🇰🇷 211.223.179.252

🇵🇭 210.5.117.238

🇹🇼 198.235.24.120

🇺🇸 147.185.132.111

🇪🇸 79.116.214.251

🇮🇳 45.123.217.22

🇸🇪 31.208.188.18

🇺🇸 31.57.38.244

🇨🇳 14.103.115.208

🇹🇼 198.235.24.103

🇺🇸 147.185.132.25

🇸🇬 101.47.27.73

🇷🇺 87.250.224.91

🇬🇧 191.96.110.38

🇧🇷 189.26.120.237

🇨🇳 182.138.158.223

🇺🇸 162.216.150.98

🇨🇳 120.239.57.239