JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.49.61.51

20.49.61.51 was found in our database!

This IP was reported 34 times. Confidence of Abuse is 92%: ?

92%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Boydton, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.49.61.51

Whois 20.49.61.51

IP Abuse Reports for 20.49.61.51:

This IP address has been reported a total of 34 times from 22 distinct sources. 20.49.61.51 was first reported on August 11th 2025, and the most recent report was 10 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇹 urnilxfgbez	2026-06-03 22:45:00 (10 hours ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇫🇮 geot	2026-06-03 15:18:34 (18 hours ago)	GET /server-status HTTP/1.1 GET /.env HTTP/1.1 GET /.DS_Store HTTP/1.1 GET /.aws/credentials HTTP/1. ... show more GET /server-status HTTP/1.1 GET /.env HTTP/1.1 GET /.DS_Store HTTP/1.1 GET /.aws/credentials HTTP/1.1 GET /app/config/parameters.yml HTTP/1.1 GET /.env.production HTTP/1.1 GET /.env.save HTTP/1.1 GET /config.php HTTP/1.1 GET /.git/config HTTP/1.1 GET /___proxy_subdomain_whm/login/ HTTP/1.1 GET /phpinfo.php HTTP/1.1 POST /___proxy_subdomain_whm/login/?login_only=1 HTTP/1.1 GET /.htpasswd HTTP/1.1 GET /dump.sql HTTP/1.1 GET /.git/HEAD HTTP/1.1 show less	Hacking Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 08:30:35 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 20.49.61.51 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 20.49.61.51 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 04:30:30.787958 2026] [security2:error] [pid 26740:tid 26740] [client 20.49.61.51:51348] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.157"] [uri "/.git/config"] [unique_id "ah_mJvCsOowQecJSAHHOlQAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇹🇭 Sawasdee	2026-06-03 05:00:05 (1 day ago)	Unwanted checking 80 or 443 port ...	Bad Web Bot
🇩🇪 maxpower	2026-06-03 04:35:11 (1 day ago)	(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 20.49.61.51 (US/United States/-): 2 in t ... show more (exploit_critical) REGOLA 2 - Critical File Exploit Attempt 20.49.61.51 (US/United States/-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 20.49.61.51 - - [03/Jun/2026:06:34:51 +0200] "GET /.git/HEAD HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14.4; rv:125.0) Gecko/20100101 Firefox/125.0" "-" host=145.239.233.177 20.49.61.51 - - [03/Jun/2026:06:35:03 +0200] "GET /wp-config.php.bak HTTP/1.1" 403 10401 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "-" host=145.239.233.177 show less	Port Scan
🇺🇸 cybsecaoccol	2026-06-03 04:19:55 (1 day ago)	unauthorized connection or malicious port scan attempted on tcp port 8080 - dr	Port Scan Hacking
🇺🇸 RAP	2026-06-03 04:11:48 (1 day ago)	2026-06-03 04:11:48 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 03:46:19 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 20.49.61.51 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 20.49.61.51 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 23:46:15.750747 2026] [security2:error] [pid 12614:tid 12614] [client 20.49.61.51:12676] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.192"] [uri "/.git/HEAD"] [unique_id "ah-jh2_DfnGTAqyP0yAeUQAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 03:25:56 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 20.49.61.51 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 20.49.61.51 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 23:25:49.852014 2026] [security2:error] [pid 13919:tid 13919] [client 20.49.61.51:13377] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.26"] [uri "/.git/HEAD"] [unique_id "ah-evb7i5fyaSMTGmeaAIQAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇾 lns.bz	2026-06-03 02:56:13 (1 day ago)	.env scanning [BY]	Web App Attack
🇺🇸 RAP	2026-06-03 02:13:37 (1 day ago)	2026-06-03 02:13:37 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇫🇷 ✨	2026-06-03 01:53:20 (1 day ago)	Domain : pleskcontrolpanel Rule : env 2026-06-03 01:44:00 W3SVC2 PLESK76 217.194.212.120 GET /.env - ... show more Domain : pleskcontrolpanel Rule : env 2026-06-03 01:44:00 W3SVC2 PLESK76 217.194.212.120 GET /.env - 8443 - 20.49.61.51 HTTP/1.1 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 - - 217.194.212.120:8443 404 0 2 1316 207 140 - - show less	Hacking SQL Injection
🇷🇸 Scan	2026-06-03 01:50:17 (1 day ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇺🇸 antlac1	2026-06-03 00:45:58 (1 day ago)	crowdsecurity/http-sensitive-files	Brute-Force Web App Attack
🇳🇱 tpjg	2026-06-03 00:06:34 (1 day ago)	Automated: 15 requests with error status in 120s window from 20.49.61.51. Evidence: /___proxy_subdom ... show more Automated: 15 requests with error status in 120s window from 20.49.61.51. Evidence: /___proxy_subdomain_whm/login/:404,/backup.sql:301,/app/config/parameters.yml:301,/.DS_Store:301,/actuator/env:301,/server-status:301,/config/database.yml:301,/.aws/credentials:301,/wp-config.php.bak:301,/wp-config.php:301,/.env.save:301,/.env.backup:301,/.env.production:301,/.env.local:301,/.git/HEAD:301 show less	Web App Attack

Showing 1 to 15 of 34 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 173.244.60.241

🇺🇸 162.216.150.102

🇧🇪 128.90.145.5

🇪🇨 177.234.209.102

🇨🇦 168.138.90.7

🇫🇷 91.231.89.255

🇨🇦 69.49.112.70

🇱🇹 45.227.254.170

🇲🇽 187.188.222.206

🇲🇽 186.96.151.198

🇧🇷 177.136.206.71

🇧🇷 170.78.213.5

🇺🇸 162.216.150.52

🇸🇬 140.245.48.133

🇮🇳 122.187.221.130

🇳🇿 121.73.163.177

🇨🇳 116.178.131.144

🇮🇳 103.182.132.154

🇮🇳 38.224.232.253

🇨🇳 221.198.82.228