JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.220.166.196

20.220.166.196 was found in our database!

This IP was reported 41 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.220.166.196

Whois 20.220.166.196

IP Abuse Reports for 20.220.166.196:

This IP address has been reported a total of 41 times from 32 distinct sources. 20.220.166.196 was first reported on June 21st 2026, and the most recent report was 2 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-21 16:15:23 (2 minutes ago)	(mod_security) mod_security (id:210492) triggered by 20.220.166.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 20.220.166.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 12:15:17.608885 2026] [security2:error] [pid 16979:tid 16979] [client 20.220.166.196:64525] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.nexti.com.hk"] [uri "/consultantx/wp-config.php"] [unique_id "ajgOFdMzw-sXfsWmFmwpCQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Guardian	2026-06-21 16:08:29 (9 minutes ago)	Multi abuses [2]: Scanning for installed WordPress and vulnerabilities, Unauthorized connection atte ... show more Multi abuses [2]: Scanning for installed WordPress and vulnerabilities, Unauthorized connection attempt / Port scanning 20.220.166.196 [21/Jun/2026:16:08:29] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 20.220.166.196 [21/Jun/2026:16:08:29] "GET /this_is_a_new_hello_world.php HTTP/1.1" show less	Port Scan Web App Attack
Anonymous	2026-06-21 16:07:44 (9 minutes ago)	20.220.166.196 - - [21/Jun/2026:18:07:36 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.p ... show more 20.220.166.196 - - [21/Jun/2026:18:07:36 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 196 "-" "-" 20.220.166.196 - - [21/Jun/2026:18:07:36 +0200] "GET /this_is_a_new_hello_world.php HTTP/1.1" 404 196 "-" "-" 20.220.166.196 - - [21/Jun/2026:18:07:37 +0200] "GET /1.php HTTP/1.1" 404 196 "-" "-" 20.220.166.196 - - [21/Jun/2026:18:07:37 +0200] "GET /dropdown.php HTTP/1.1" 404 196 "-" "-" 20.220.166.196 - - [21/Jun/2026:18:07:37 +0200] "GET /wp-content/languages/index.php HTTP/1.1" 404 196 "-" "-" 20.220.166.196 - - [21/Jun/2026:18:07:38 +0200] "GET /wen.php HTTP/1.1" 404 196 "-" "-" 20.220.166.196 - - [21/Jun/2026:18:07:38 +0200] "GET /zfe.php HTTP/1.1" 404 196 "-" "-" 20.220.166.196 - - [21/Jun/2026:18:07:38 +0200] "GET /city-ajax.php HTTP/1.1" 404 196 "-" "-" 20.220.166.196 - - [21/Jun/2026:18:07:38 +0200] "GET /pp.php HTTP/1.1" 404 196 "-" "-" 20.220.166.196 - - [21/Jun/2026:18:07:39 +0200] "GET /crgio.php HTTP/1.1" 404 196 "-" "-" 20.220.166.196 - - [21/J ... show less	Web App Attack
🇫🇷 masterguru	2026-06-21 16:07:22 (10 minutes ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 20.220.166.196 (CA/Canada/-): 1 in th ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 20.220.166.196 (CA/Canada/-): 1 in the last 3600 secs (0-195) show less	Hacking
Anonymous	2026-06-21 16:05:07 (12 minutes ago)	PHP file probing detected by Fail2Ban	Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 15:59:44 (17 minutes ago)	(mod_security) mod_security (id:210492) triggered by 20.220.166.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 20.220.166.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 11:59:40.651782 2026] [security2:error] [pid 2238:tid 2238] [client 20.220.166.196:51928] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.bryteandbroderick.org"] [uri "/consultantx/wp-config.php"] [unique_id "ajgKbIbJ1ENZB8syR_KgAgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇴 jad-abuse	2026-06-21 15:59:21 (18 minutes ago)	ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Observed by 1 sensor( ... show more ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Observed by 1 sensor(s); 99 hits. show less	Port Scan Bad Web Bot
🇧🇾 lns.bz	2026-06-21 15:59:20 (18 minutes ago)	Too many 404 requests [BY]	Web App Attack
🇩🇪 Vegascosmetics	2026-06-21 15:58:33 (19 minutes ago)	(Kingcopy.org-AI-IDS-Report):IP automatically blocked after attack pattern. Vegas Security	Hacking Web App Attack
Anonymous	2026-06-21 15:43:08 (34 minutes ago)	20.220.166.196 - - [21/Jun/2026:17:42:57 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.p ... show more 20.220.166.196 - - [21/Jun/2026:17:42:57 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 301 162 "-" "-" "-" "X" 20.220.166.196 - - [21/Jun/2026:17:43:00 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 400 230 "-" "-" "-" "X" 20.220.166.196 - - [21/Jun/2026:17:43:00 +0200] "GET /this_is_a_new_hello_world.php HTTP/1.1" 301 162 "-" "-" "-" "X" 20.220.166.196 - - [21/Jun/2026:17:43:04 +0200] "GET /this_is_a_new_hello_world.php HTTP/1.1" 400 230 "-" "-" "-" "X" 20.220.166.196 - - [21/Jun/2026:17:43:04 +0200] "GET /1.php HTTP/1.1" 301 162 "-" "-" "-" "X" 20.220.166.196 - - [21/Jun/2026:17:43:07 +0200] "GET /1.php HTTP/1.1" 400 230 "-" "-" "-" "X" show less	Brute-Force
🇩🇪 BlueWire Hosting	2026-06-21 15:42:31 (35 minutes ago)	Suspicious HTTP(s) activity without a user agent provided	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-21 15:35:43 (42 minutes ago)	(mod_security) mod_security (id:210492) triggered by 20.220.166.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 20.220.166.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 11:35:36.940300 2026] [security2:error] [pid 8291:tid 8291] [client 20.220.166.196:19752] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.professorjunk.com"] [uri "/consultantx/wp-config.php"] [unique_id "ajgEyOsKb1zAeRwfoyMB0AAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-21 15:27:43 (50 minutes ago)	Too much 404 requests in 1 minute. Operator GE matched 10 at IP:block_script. (46020-201)	Hacking
🇲🇾 Rizzy	2026-06-21 15:24:50 (52 minutes ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇩🇪 todix	2026-06-21 15:18:43 (59 minutes ago)	WebAttack or semilar from 20.220.166.196	Web App Attack

Showing 1 to 15 of 41 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 208.84.100.152

🇱🇻 185.113.139.51

🇳🇱 176.65.139.181

🇱🇹 81.30.98.142

🇷🇴 80.94.92.178

🇺🇸 66.132.172.119

🇺🇸 20.12.41.6

🇦🇺 203.185.198.246

🇧🇷 129.121.54.208

🇰🇷 222.239.251.12

🇩🇪 213.209.159.11

🇨🇭 209.99.190.113

🇮🇶 185.166.25.150

🇺🇸 173.252.69.4

🇳🇱 159.223.238.255

🇨🇳 124.236.113.10

🇷🇴 80.94.92.184

🇩🇪 69.5.169.233

🇮🇶 65.20.163.103

🇨🇿 46.167.211.181