JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.49.13.180

20.49.13.180 was found in our database!

This IP was reported 46 times. Confidence of Abuse is 85%: ?

85%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Boydton, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.49.13.180

Whois 20.49.13.180

IP Abuse Reports for 20.49.13.180:

This IP address has been reported a total of 46 times from 31 distinct sources. 20.49.13.180 was first reported on July 30th 2025, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-02 12:16:56 (5 days ago)	Fuzzing/Looking for credentials files.	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 11:18:46 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 20.49.13.180 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.49.13.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 07:18:41.668031 2026] [security2:error] [pid 20340:tid 20340] [client 20.49.13.180:5357] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.116"] [uri "/.env"] [unique_id "ah68EdUA9zm5OzDIpSDHGQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 _ArminS_	2026-06-02 11:17:53 (5 days ago)	SP-Scan 4454:2087 detected 2026.06.02 13:17:53 blocked until 2026.07.22 06:20:40	Port Scan
🇺🇸 doll.gl	2026-06-02 09:41:00 (5 days ago)	20.49.13.180 - - [02/Jun/2026:09:40:59 +0000] "GET /wp-config.php HTTP/1.1" 404 197 "-" "Mozilla/5.0 ... show more 20.49.13.180 - - [02/Jun/2026:09:40:59 +0000] "GET /wp-config.php HTTP/1.1" 404 197 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" ... show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 09:35:06 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 20.49.13.180 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.49.13.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 05:34:57.844976 2026] [security2:error] [pid 5516:tid 5516] [client 20.49.13.180:5588] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.230"] [uri "/.env"] [unique_id "ah6jwTBi6jFOQONL7TYQaQAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇹🇷 Threat.live	2026-06-02 07:35:05 (5 days ago)	Suspicious Connection Attempts	Brute-Force
🇬🇧 djboddington	2026-06-02 07:21:20 (5 days ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
🇺🇸 TPI-Abuse	2026-06-02 06:12:57 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 20.49.13.180 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.49.13.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 02:12:49.083716 2026] [security2:error] [pid 5387:tid 5387] [client 20.49.13.180:52369] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.59"] [uri "/.git/HEAD"] [unique_id "ah50YfXCyUrSL4Z6w-1MtgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 micropedro	2026-06-02 05:49:42 (5 days ago)	6 incidents: web scanning/attack, port scanning. Ports: 2082/TCP(1), 2083/TCP(1), 2086/TCP(1), 2087/ ... show more 6 incidents: web scanning/attack, port scanning. Ports: 2082/TCP(1), 2083/TCP(1), 2086/TCP(1), 2087/TCP(1), 8080/TCP(1). Detected: 2026-06-02 01:49 UTC. Triggers: non-public-port,ufw-repeater,port-trap,recidive,firewall-tcp,firewall-http. show less	Port Scan Brute-Force Web App Attack
🇺🇸 [email protected]	2026-06-02 05:08:26 (5 days ago)	Ports: 80,443,2082,2083,2086,2087,8080,8443. Proto: TCP. Observations: 8	Port Scan Web App Attack
🇺🇸 itsnixk	2026-06-02 04:59:54 (5 days ago)	(mod_security) mod_security (id:920350) triggered by 20.49.13.180 (US/United States/-): 1 in the las ... show more (mod_security) mod_security (id:920350) triggered by 20.49.13.180 (US/United States/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Tue Jun 02 00:59:49.204399 2026] [security2:error] [pid 1251806:tid 1252242] [client 20.49.13.180:52540] ModSecurity: Access denied with code 406 (phase 1). Pattern match "(?:^([\\\\d.]+\|\\\\[[\\\\da-f:]+\\\\]\|[\\\\da-f:]+)(:[\\\\d]+)?$)" at REQUEST_HEADERS:Host. [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "774"] [id "920350"] [msg "Host header is a numeric IP address"] [redacted] [severity "WARNING"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [redacted] [uri "/.git/HEAD"] [unique_id "ah5jRXJI1CxA6YDnS3Yd2wAAASE"] show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-02 04:56:14 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 20.49.13.180 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.49.13.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 00:56:11.657997 2026] [security2:error] [pid 20190:tid 20190] [client 20.49.13.180:52034] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.51"] [uri "/.env"] [unique_id "ah5ia-tb2BH3jH8lYoPkXAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 iNetWorker	2026-06-02 04:11:35 (5 days ago)	trying to access non-authorized port	Port Scan
🇬🇧 Deveroonie	2026-06-02 03:27:36 (5 days ago)	20.49.13.180 - - [02/Jun/2026:03:27:36 +0000] "GET /.git/config HTTP/1.1" 404 196 "-" "Mozilla/5.0 ( ... show more 20.49.13.180 - - [02/Jun/2026:03:27:36 +0000] "GET /.git/config HTTP/1.1" 404 196 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" ... show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 MPL	2026-06-02 03:24:18 (5 days ago)	tcp port scan (8 or more attempts)	Port Scan

Showing 1 to 15 of 46 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇽 187.140.79.156

🇮🇳 183.87.217.222

🇦🇷 181.167.144.229

🇨🇳 118.145.102.69

🇳🇱 45.148.10.67

🇨🇳 39.129.119.45

🇩🇪 207.241.172.139

🇮🇩 103.152.242.106

🇮🇳 103.70.167.29

🇦🇺 74.91.200.217

🇺🇸 66.132.186.245

🇨🇳 220.154.134.180

🇮🇳 182.95.12.178

🇩🇪 164.92.161.148

🇩🇪 159.223.26.146

🇻🇳 157.66.48.9

🇰🇷 122.202.250.160

🇩🇪 94.26.106.167

🇵🇰 72.255.28.244

🇺🇸 71.206.190.209