JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.83.174.49

20.83.174.49 was found in our database!

This IP was reported 86 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.83.174.49

Whois 20.83.174.49

IP Abuse Reports for 20.83.174.49:

This IP address has been reported a total of 86 times from 61 distinct sources. 20.83.174.49 was first reported on April 6th 2026, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇦 zXero	2026-06-09 12:57:48 (5 days ago)	Fail2Ban automatic report - jail: no-wordpress	Brute-Force SSH DDoS Attack
🇬🇧 thetomtaylor.co.uk	2026-06-08 02:08:02 (1 week ago)	Fail2Ban - [WEB]Custom exploit pattern detected on customexploits ... [ice02]	Hacking Brute-Force Bad Web Bot Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-06-08 01:06:01 (1 week ago)	Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [ice01,wa01,wa02]	Bad Web Bot Web App Attack
🇷🇸 Scan	2026-06-08 00:01:43 (1 week ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇺🇸 xxkodedxx	2026-06-07 23:57:14 (1 week ago)	[Zorvexus edge-defense] GET .env / WordPress honeypot probe Trigger: 1× honeypot-get, 12× edge-block ... show more [Zorvexus edge-defense] GET .env / WordPress honeypot probe Trigger: 1× honeypot-get, 12× edge-block in 10m window. Origin: US / AS8075 Microsoft Corporation Active: 23:56:14→23:56:40 UTC Volume: 12 HTTP req, 7 honeypot probe(s) Bait taken: /actuator/env, /wp-config.php.bak, /wp-config.php, /.env.save, /.env.backup Status mix: 444×12 Vhost fishing: 67.217.240.72 UA: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" Auto-banned 30d. zorvexus-banner. show less	Bad Web Bot Web App Attack
🇩🇪 ValtonTahiri	2026-06-07 23:01:43 (1 week ago)	UFW blocked a suspicious connection attempt to a closed or denied port. This activity is commonly as ... show more UFW blocked a suspicious connection attempt to a closed or denied port. This activity is commonly associated with port scanning, service discovery, or automated internet probing. Technical: source_ip=20.83.174.49; proto=TCP; source_port=26548; target_port=2087; flags=SYN show less	Port Scan
🇺🇸 MakoWish	2026-06-07 21:57:50 (1 week ago)	Fuzzing for misconfigured web servers.	Hacking Web App Attack
🇳🇱 DrLex0	2026-06-07 21:44:47 (1 week ago)	Poking for git configs and env files 20.83.174.49 80 - [07/Jun/2026:21:44:45 +0000] "GET /.git/HEAD ... show more Poking for git configs and env files 20.83.174.49 80 - [07/Jun/2026:21:44:45 +0000] "GET /.git/HEAD HTTP/1.1" 404 2402 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.1.15" 20.83.174.49 80 - [07/Jun/2026:21:44:46 +0000] "GET /.git/config HTTP/1.1" 404 2402 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14.4; rv:125.0) Gecko/20100101 Firefox/125.0" 20.83.174.49 80 - [07/Jun/2026:21:44:47 +0000] "GET /.env HTTP/1.1" 404 2402 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 sandra361	2026-06-07 20:32:02 (1 week ago)	Port scan detected: 7 attempts across 7 ports (2082,2083,2086,443,80,8080,8443). \| Evidence: GHOST_S ... show more Port scan detected: 7 attempts across 7 ports (2082,2083,2086,443,80,8080,8443). \| Evidence: GHOST_SCAN:IN=enp1s0 OUT= SRC=20.83.174.49 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=49133 DF PROTO=TCP SPT=25404 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 show less	Port Scan
🇨🇦 zXero	2026-06-03 12:34:02 (1 week ago)	Fail2Ban automatic report - jail: no-wordpress	Brute-Force SSH DDoS Attack
🇬🇧 andypiper	2026-06-03 01:00:26 (1 week ago)	CrowdSec ban for AbuseIPDB Top List	Brute-Force Web App Attack
🇩🇪 findlab	2026-06-03 01:00:02 (1 week ago)	Backdrop CMS module - malicious activity detected	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 00:27:38 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 20.83.174.49 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 20.83.174.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 20:27:31.845704 2026] [security2:error] [pid 27831:tid 27831] [client 20.83.174.49:22414] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 20.83.174.49 (+1 hits since last alert)\|mountainretreatcenter.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mountainretreatcenter.com"] [uri "/wp/xmlrpc.php"] [unique_id "ah908wa75sKzDfk8zjZg0AAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ger-stg-sifi1	2026-06-03 00:16:28 (1 week ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇬🇧 [email protected]	2026-06-03 00:06:00 (1 week ago)	20.83.174.49 - - [03/Jun/2026:00:05:59 +0000] "POST /wp/xmlrpc.php HTTP/1.1" 301 392 "-" "Mozilla/5. ... show more 20.83.174.49 - - [03/Jun/2026:00:05:59 +0000] "POST /wp/xmlrpc.php HTTP/1.1" 301 392 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 20.83.174.49 - - [03/Jun/2026:00:05:59 +0000] "GET //wp/xmlrpc.php HTTP/1.1" 301 - "https://centralscotlandsoftball.co.uk/wp/xmlrpc.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 20.83.174.49 - - [03/Jun/2026:00:05:59 +0000] "GET /wp/xmlrpc.php HTTP/1.1" 404 87845 "https://www.glasgowsoftball.co.uk//wp/xmlrpc.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" ... show less	Web App Attack

Showing 1 to 15 of 86 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 198.244.226.45

🇨🇦 85.217.149.59

🇮🇩 36.74.236.62

🇹🇼 1.169.230.214

🇨🇳 222.92.61.242

🇧🇷 205.210.31.214

🇬🇧 191.96.110.38

🇸🇬 159.223.50.237

🇺🇸 142.93.199.163

🇺🇸 137.184.159.11

🇮🇳 117.218.75.251

🇨🇳 116.179.37.68

🇻🇳 103.163.118.148

🇳🇱 91.92.40.10

🇬🇧 80.193.193.85

🇮🇹 31.59.89.180

🇺🇸 2604:a880:400:d1:0:4:9637:f001

🇮🇩 2404:c0:ca01:fff4:f0bd:86ae:b18f:2509

🇸🇪 194.99.27.49

🇺🇸 184.174.179.252