JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.63.59.161

20.63.59.161 was found in our database!

This IP was reported 214 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.63.59.161

Whois 20.63.59.161

IP Abuse Reports for 20.63.59.161:

This IP address has been reported a total of 214 times from 176 distinct sources. 20.63.59.161 was first reported on May 31st 2026, and the most recent report was 14 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 geot	2026-06-01 12:29:44 (2 days ago)	WordPress scanning bot	Hacking Bad Web Bot Web App Attack
🇩🇪 FeG Deutschland	2026-06-01 12:23:33 (2 days ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 27	Exploited Host Web App Attack
🇫🇷 Delta-shop	2026-06-01 12:04:13 (2 days ago)	PrestaShop Security Module: AbuseIPDB high confidence score AND local web-app-attack detected (Abuse ... show more PrestaShop Security Module: AbuseIPDB high confidence score AND local web-app-attack detected (AbuseIPDB score: 100% (cached)) show less	Web App Attack
🇨🇭 backslash	2026-06-01 12:03:04 (2 days ago)	block ruleset WAF detection and high score on abuseIPDB 149EB1B42C242111FADBBC2EF8F90219570691E1	Bad Web Bot
🇦🇺 paulshipley.com.au	2026-06-01 12:02:31 (2 days ago)	[Mon Jun 01 22:02:31.091716 2026] [security2:error] [pid 101413] [client 20.63.59.161:3113] [client ... show more [Mon Jun 01 22:02:31.091716 2026] [security2:error] [pid 101413] [client 20.63.59.161:3113] [client 20.63.59.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "angleseaarthouse.com.au"] [uri "/wp-plain.php"] [unique_id "ah1012yfvKt0Q0aGi25CvAAAAAc"], referer: www.google.com ... show less	Web App Attack
🇦🇺 gregoo23	2026-06-01 11:57:06 (2 days ago)	20.63.59.161 - - [01/Jun/2026:21:57:03 +1000] "GET /wp-content/plugins/apikey/apikey.php?test=hello ... show more 20.63.59.161 - - [01/Jun/2026:21:57:03 +1000] "GET /wp-content/plugins/apikey/apikey.php?test=hello HTTP/1.1" 404 116546 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 20.63.59.161 - - [01/Jun/2026:21:57:03 +1000] "GET /wp-content/themes/seotheme/db.php?u HTTP/1.1" 404 116498 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 20.63.59.161 - - [01/Jun/2026:21:57:04 +1000] "GET /plugins/content/apismtp/apismtp.php?test=hello HTTP/1.1" 404 116541 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" ... show less	Bad Web Bot Web App Attack
🇺🇸 fazar	2026-06-01 11:55:27 (2 days ago)	crowdsecurity/http-bad-user-agent on node: us01	Web App Attack Bad Web Bot
🇬🇧 Greg Poulson	2026-06-01 11:50:13 (2 days ago)	Our website was hit by this DDOS at a rate of 9 in 5 minutes.	DDoS Attack Web Spam Brute-Force
🇧🇷 Halux	2026-06-01 11:45:43 (2 days ago)	20.63.59.161 Probing protected path or service	Web App Attack
🇳🇱 middelkoopcc	2026-06-01 11:35:06 (2 days ago)	2026-06-01 13:32:45 [client 20.63.59.161:64510] AH01071: Got error 'Primary script unknown' && 2026- ... show more 2026-06-01 13:32:45 [client 20.63.59.161:64510] AH01071: Got error 'Primary script unknown' && 2026-06-01 13:32:46 [client 20.63.59.161:64510] AH01071: Got error 'Primary script unknown' && 2026-06-01 13:32:46 [client 20.63.59.161:64510] AH01071: Got error 'Primary script unknown' && 91 more within 20 minutes show less	Web App Attack
Anonymous	2026-06-01 11:34:09 (2 days ago)	$f2bV_matches	Brute-Force
🇬🇧 pinguin	2026-06-01 11:33:05 (2 days ago)	Triggered Cloudflare WAF (linkMaze) from CA. Action taken: LINK_MAZE_INJECTED Protocol: HTTP/1.1 (GE ... show more Triggered Cloudflare WAF (linkMaze) from CA. Action taken: LINK_MAZE_INJECTED Protocol: HTTP/1.1 (GET method) Endpoint: /wpxml.php UA: Empty string This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇦🇺 paulshipley.com.au	2026-06-01 11:32:24 (2 days ago)	[Mon Jun 01 21:32:23.905296 2026] [security2:error] [pid 97172] [client 20.63.59.161:8976] [client 2 ... show more [Mon Jun 01 21:32:23.905296 2026] [security2:error] [pid 97172] [client 20.63.59.161:8976] [client 20.63.59.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "levellapromotions.com.au"] [uri "/wp-plain.php"] [unique_id "ah1tx7yJGpm5TZQrhygQ3AAAAAI"], referer: www.google.com ... show less	Web App Attack
🇬🇧 elleray	2026-06-01 11:11:03 (2 days ago)	WordPress auth intrusion Banned by Fail2Ban	Brute-Force Web App Attack Hacking
🇿🇦 Tokolosh Hunters	2026-06-01 11:06:17 (2 days ago)	AutoBlockWindow-Known bad useragent query-2026-06-01 11:06:16	Bad Web Bot

Showing 16 to 30 of 214 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 147.182.241.81

🇸🇬 103.189.234.96

🇳🇱 45.148.10.95

🇩🇪 43.228.157.214

🇩🇪 36.255.97.87

🇩🇪 172.70.240.86

🇫🇷 167.86.119.81

🇺🇸 152.32.149.47

🇰🇷 125.138.175.113

🇨🇳 116.140.72.66

🇭🇰 103.52.153.215

🇩🇪 69.5.169.14

🇧🇬 45.88.138.44

🇩🇪 43.228.157.15

🇩🇪 151.243.11.245

🇮🇳 98.70.50.166

🇩🇪 69.5.169.13

🇫🇷 2a00:1169:110:1460::

🇵🇰 182.191.77.164

🇺🇸 154.83.197.107