JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 60.20.50.20

60.20.50.20 was found in our database!

This IP was reported 26 times. Confidence of Abuse is 14%: ?

14%

ISP	China Unicom Liaoning province network
Usage Type	Fixed Line ISP
ASN	AS4837
Domain Name	chinaunicom.cn
Country	🇨🇳 China
City	Shenyang, Liaoning

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 60.20.50.20

Whois 60.20.50.20

IP Abuse Reports for 60.20.50.20:

This IP address has been reported a total of 26 times from 13 distinct sources. 60.20.50.20 was first reported on August 6th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇩 David Koswari	2026-06-29 05:35:00 (1 day ago)	REQ_BLOCKED_ACL	DDoS Attack FTP Brute-Force Ping of Death Port Scan Hacking SQL Injection Spoofing Brute-Force Bad Web Bot Exploited Host Web App Attack SSH IoT Targeted
🇺🇸 TPI-Abuse	2026-06-20 22:53:43 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 60.20.50.20 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210831) triggered by 60.20.50.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 18:53:36.787620 2026] [security2:error] [pid 25731:tid 25731] [client 60.20.50.20:47401] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.grupogasa.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.grupogasa.com"] [uri "/"] [unique_id "ajcZ8GPXpTX8NhC2_7fcRwAAAAA"], referer: http://www.grupogasa.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 23:52:44 (2 weeks ago)	(mod_security) mod_security (id:210831) triggered by 60.20.50.20 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210831) triggered by 60.20.50.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 19:52:36.314797 2026] [security2:error] [pid 10983:tid 10989] [client 60.20.50.20:19639] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|securitymediaservices.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "securitymediaservices.com"] [uri "/"] [unique_id "ai3tRNIjgH3cuDkWZAk7pQAAAIQ"], referer: http://securitymediaservices.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-01 22:32:11 (4 weeks ago)	(mod_security) mod_security (id:210831) triggered by 60.20.50.20 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210831) triggered by 60.20.50.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 18:32:02.397869 2026] [security2:error] [pid 19077:tid 19077] [client 60.20.50.20:44424] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|surrenderhouse.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "surrenderhouse.com"] [uri "/index.php"] [unique_id "ah4IYrtrW1K6gJ967k-89AAAAAE"], referer: http://surrenderhouse.com/index.php show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-16 20:32:46 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 60.20.50.20 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210831) triggered by 60.20.50.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 16 16:32:41.999427 2026] [security2:error] [pid 23770:tid 23770] [client 60.20.50.20:26734] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|rajabarber.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "rajabarber.com"] [uri "/"] [unique_id "agjUaQvfqi25J8fo_-gbAgAAAAo"], referer: https://rajabarber.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-02 23:57:06 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 60.20.50.20 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210831) triggered by 60.20.50.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 02 19:56:58.724113 2026] [security2:error] [pid 28156:tid 28156] [client 60.20.50.20:39949] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|jetzilla.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "jetzilla.com"] [uri "/"] [unique_id "afaPSlzvrNFLZum57PYihgAAAA4"], referer: http://jetzilla.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Sklurk	2026-04-05 03:58:18 (2 months ago)	Web App Attack	Web App Attack
🇨🇦 1gz	2026-03-30 12:22:11 (3 months ago)	Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: / UA: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇦🇹 urnilxfgbez	2026-03-21 23:45:00 (3 months ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇵🇱 sefinek.net	2026-03-21 22:01:27 (3 months ago)	Blocked by UFW on PL02 [443/tcp] \| SPT: 48488 \| TTL: 36 \| LEN: 40 \| TOS: 0x00 • Reported by: github. ... show more Blocked by UFW on PL02 [443/tcp] \| SPT: 48488 \| TTL: 36 \| LEN: 40 \| TOS: 0x00 • Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Web App Attack
Anonymous	2026-03-21 04:01:40 (3 months ago)	Unauthorized connection attempt on Port 23	Port Scan Hacking Exploited Host
🇺🇸 TPI-Abuse	2026-02-27 22:21:13 (4 months ago)	(mod_security) mod_security (id:210831) triggered by 60.20.50.20 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210831) triggered by 60.20.50.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 27 17:21:05.282625 2026] [security2:error] [pid 30408:tid 30443] [client 60.20.50.20:55192] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|jrc3.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "jrc3.com"] [uri "/"] [unique_id "aaIY0URwPXOWR4j3vsB6BQAAAUQ"], referer: http://jrc3.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 oncord	2026-02-19 11:50:44 (4 months ago)	Form spam	Web Spam
🇮🇹 VHosting	2026-02-05 22:47:29 (4 months ago)	Detected mail brute force attack from 4 different servers	Brute-Force
🇺🇸 kosada.com	2025-09-27 07:56:20 (9 months ago)	Web bot: DDoS	DDoS Attack Bad Web Bot

Showing 1 to 15 of 26 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 45.137.126.3

🇺🇸 45.136.26.187

🇬🇧 45.82.76.124

🇺🇸 44.33.20.246

🇸🇬 43.156.212.86

🇧🇴 200.105.167.206

🇨🇭 194.191.24.82

🇹🇷 185.174.69.65

🇫🇮 147.185.133.129

🇮🇳 122.176.20.134

🇨🇳 117.92.244.170

🇩🇪 46.101.253.183

🇳🇱 45.148.10.157

🇺🇸 45.136.24.44

🇺🇸 45.135.3.42

🇫🇷 45.134.79.89

🇫🇮 45.133.113.124

🇰🇷 43.133.253.253

🇺🇸 35.162.53.173

🇺🇸 2a02:4780:b:1269:0:16ef:70d4:1