JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.29.52.249

20.29.52.249 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 63%: ?

63%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.29.52.249

Whois 20.29.52.249

IP Abuse Reports for 20.29.52.249:

This IP address has been reported a total of 10 times from 10 distinct sources. 20.29.52.249 was first reported on June 16th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇷 SOC PR	2026-06-17 00:23:53 (1 day ago)	IPS: Sensitive Configuration File Disclosure.	Hacking
🇳🇱 Savvii	2026-06-16 18:40:02 (1 day ago)	15 attempts against mh-modsecurity-ban on staging	Brute-Force Web App Attack
Anonymous	2026-06-16 18:21:30 (1 day ago)	Multiple web server 400 error codes from same source ip	Web App Attack
🇺🇸 xmission.com	2026-06-16 18:07:05 (1 day ago)	Blocked by UFW (TCP on 2078) Source port: 46927 TTL: 51 Packet length: 60 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 2078) Source port: 46927 TTL: 51 Packet length: 60 TOS: 0x00 This report (for 20.29.52.249) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇩🇪 Enno	2026-06-16 16:28:55 (1 day ago)	P04::Fail2Ban: automated bot scanning / credential probing detected.	Web App Attack Bad Web Bot
Anonymous	2026-06-16 16:03:24 (1 day ago)	[Tue Jun 16 16:03:06.662069 2026] [proxy_fcgi:error] [pid 1546326:tid 140007671064256] [client 20.29 ... show more [Tue Jun 16 16:03:06.662069 2026] [proxy_fcgi:error] [pid 1546326:tid 140007671064256] [client 20.29.52.249:45359] AH01071: Got error 'Primary script unknown' [Tue Jun 16 16:03:17.189125 2026] [proxy_fcgi:error] [pid 1461611:tid 140007671064256] [client 20.29.52.249:46943] AH01071: Got error 'Primary script unknown' [Tue Jun 16 16:03:23.487391 2026] [proxy_fcgi:error] [pid 1461612:tid 140007234840256] [client 20.29.52.249:45184] AH01071: Got error 'Primary script unknown' ... show less	Bad Web Bot Web App Attack
🇫🇮 oh.mg	2026-06-16 15:00:29 (1 day ago)	[Tue Jun 16 17:00:27.012759 2026] [security2:error] [pid 3460871:tid 3460892] [client 20.29.52.249:4 ... show more [Tue Jun 16 17:00:27.012759 2026] [security2:error] [pid 3460871:tid 3460892] [client 20.29.52.249:45322] [client 20.29.52.249] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [ver "OWASP_CRS/4.10.0-dev"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "95.216.72.247"] [uri "/.git/HEAD"] [unique_id "ajFlCwcAuwNe5Y1kL4RqMQAAAFM"] [Tue Jun 16 17:00:28.695810 2026] [security2:error] [pid 3460682:tid 3460696] [client 20.29.52.249:45497] [client 20.29.52.249] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [ver "OWASP_CRS/4.10.0-dev"] [tag ... show less	Web App Attack Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-16 14:29:11 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 20.29.52.249 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.29.52.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 10:29:07.457592 2026] [security2:error] [pid 15958:tid 15958] [client 20.29.52.249:45576] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.50"] [uri "/.git/HEAD"] [unique_id "ajFds5HcKnmiTltLqCOmXAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 aks4226	2026-06-16 14:28:45 (1 day ago)	Bot search, attacking common web applications.	Web App Attack
🇫🇷 dynamix	2026-06-16 13:27:52 (1 day ago)	Multiple WAF Violations	Web App Attack

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 220.189.209.18

🇹🇼 211.72.129.211

🇲🇾 211.25.241.153

🇨🇴 201.184.50.251

🇧🇪 198.235.24.207

🇺🇸 195.184.76.68

🇵🇱 194.180.49.104

🇬🇧 193.32.209.246

🇬🇧 193.8.186.29

🇮🇶 185.136.148.151

🇨🇳 116.1.179.117

🇻🇳 113.187.249.34

🇺🇸 104.243.35.104

🇺🇸 73.165.96.23

🇩🇪 69.5.169.138

🇬🇧 45.82.76.109

🇫🇷 37.60.250.29

🇨🇳 220.180.249.165

🇨🇳 219.143.197.1

🇬🇧 193.32.209.254