JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.63.85.172

20.63.85.172 was found in our database!

This IP was reported 160 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.63.85.172

Whois 20.63.85.172

IP Abuse Reports for 20.63.85.172:

This IP address has been reported a total of 160 times from 136 distinct sources. 20.63.85.172 was first reported on June 15th 2026, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 openstrike.co.uk	2026-06-16 05:15:18 (4 hours ago)	140 attacks on PHP URLs: GET /flower.php HTTP/1.1	Web App Attack
🇲🇽 octageeks.com	2026-06-16 04:19:58 (5 hours ago)	Wordpress malicious attack:[octascan]	Web App Attack
🇬🇧 andypiper	2026-06-16 01:00:56 (8 hours ago)	CrowdSec ban for AbuseIPDB Top List	Brute-Force Web App Attack
🇺🇸 mnsf	2026-06-16 00:16:00 (9 hours ago)	Too many Status 40X (60) Request Overload (123)	Brute-Force Web App Attack
Anonymous	2026-06-15 23:15:03 (10 hours ago)		Web App Attack
🇺🇸 ersei.net	2026-06-15 23:09:55 (10 hours ago)	Web app exploiting	Web App Attack
🇫🇮 6kilowatti	2026-06-15 22:30:35 (11 hours ago)	20.63.85.172 - - [15/Jun/2026:22:30:34 +0000] "GET /wp-content/plugins/hellopress/wp_filemanager.php ... show more 20.63.85.172 - - [15/Jun/2026:22:30:34 +0000] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 150 "-" "-" ... show less	Web App Attack
🇺🇸 lnklnx	2026-06-15 22:15:00 (11 hours ago)	www.lincolnclan.com:80 20.63.85.172 - - [15/Jun/2026:17:14:57 -0500] "GET /wp-content/plugins/hellop ... show more www.lincolnclan.com:80 20.63.85.172 - - [15/Jun/2026:17:14:57 -0500] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 301 654 "-" "-" ... show less	Web App Attack
Anonymous	2026-06-15 22:07:21 (11 hours ago)	20.63.85.172 - - [16/Jun/2026:00:07:16 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php ... show more 20.63.85.172 - - [16/Jun/2026:00:07:16 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 467 "-" "-" 20.63.85.172 - - [16/Jun/2026:00:07:16 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 277 "-" "-" 20.63.85.172 - - [16/Jun/2026:00:07:20 +0200] "GET /wp-includes/blocks/post-comments-form/ HTTP/1.1" 404 467 "-" "-" 20.63.85.172 - - [16/Jun/2026:00:07:20 +0200] "GET /wp-includes/blocks/post-comments-form/ HTTP/1.1" 404 277 "-" "-" 20.63.85.172 - - [16/Jun/2026:00:07:21 +0200] "GET /wp-includes/ID3/about.php HTTP/1.1" 404 467 "-" "-" ... show less	Brute-Force Web App Attack
Anonymous	2026-06-15 22:07:01 (11 hours ago)	Automated web scanner. Requested suspicious paths: /Ar.php, /aaf.php, /eid.php, /htt.php, /this_is_a ... show more Automated web scanner. Requested suspicious paths: /Ar.php, /aaf.php, /eid.php, /htt.php, /this_is_a_new_hello_world.php. UTC: 2026-06-15 21:08:35. show less	Web App Attack
🇫🇮 as211431.net	2026-06-15 22:03:14 (11 hours ago)	Triggered Cloudflare WAF (firewallCustom) from CA. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from CA. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /bbn.php UA: Empty string This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇳🇱 homeshowdomain.nl	2026-06-15 22:01:02 (11 hours ago)	Auto-ban: >3000 req/min op 2026-06-15	Web App Attack SSH Hacking
🇺🇸 nasset	2026-06-15 21:57:11 (12 hours ago)	20.63.85.172 - - [15/Jun/2026:14:57:08 -0700] "GET /wp-admin/css/colour.php HTTP/1.1" 403 584 "-" "- ... show more 20.63.85.172 - - [15/Jun/2026:14:57:08 -0700] "GET /wp-admin/css/colour.php HTTP/1.1" 403 584 "-" "-" 20.63.85.172 - - [15/Jun/2026:14:57:09 -0700] "GET /half.php HTTP/1.1" 403 584 "-" "-" 20.63.85.172 - - [15/Jun/2026:14:57:09 -0700] "GET /2P.php HTTP/1.1" 403 584 "-" "-" 20.63.85.172 - - [15/Jun/2026:14:57:10 -0700] "GET /tires.php HTTP/1.1" 403 584 "-" "-" 20.63.85.172 - - [15/Jun/2026:14:57:10 -0700] "GET /wordpress/wp-admin/maint/ HTTP/1.1" 403 584 "-" "-" ... show less	Bad Web Bot Web App Attack
🇩🇪 maxpower	2026-06-15 21:55:21 (12 hours ago)	(aggressive_scanner) REGOLA 9 - Aggressive Web Scanner 20.63.85.172 (CA/Canada/-): 1 in the last 360 ... show more (aggressive_scanner) REGOLA 9 - Aggressive Web Scanner 20.63.85.172 (CA/Canada/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 20.63.85.172 - - [15/Jun/2026:23:55:18 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 301 318 "-" "-" "-" host=mail.coiet.it show less	Port Scan
🇩🇪 0x44	2026-06-15 21:48:37 (12 hours ago)	Web probing - backdoors/webshells with missing User-Agent	Bad Web Bot Web App Attack

Showing 1 to 15 of 160 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇯🇵 2001:268:7380:848a:1915:2683:8994:1310

🇺🇸 172.71.222.119

🇨🇦 85.217.149.21

🇩🇪 85.215.151.72

🇹🇭 83.118.107.37

🇩🇪 68.183.70.177

🇵🇰 39.34.171.76

🇮🇳 74.125.178.219

🇺🇸 70.121.123.175

🇮🇳 43.241.65.96

🇩🇪 43.228.157.121

🇺🇸 18.189.74.1

🇨🇳 123.233.234.101

🇸🇪 89.233.203.159

🇨🇦 85.217.149.28

🇮🇩 23.56.239.178

🇬🇧 5.226.140.23

🇺🇸 2600:1f18:3120:f503:f8a7:bc69:d4fe:9e3c

🇨🇳 223.109.252.162

🇳🇱 176.65.148.206