JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.102.103.196

20.102.103.196 was found in our database!

This IP was reported 29 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.102.103.196

Whois 20.102.103.196

IP Abuse Reports for 20.102.103.196:

This IP address has been reported a total of 29 times from 24 distinct sources. 20.102.103.196 was first reported on June 1st 2026, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 Gabriel Camargo	2026-06-14 13:27:25 (3 days ago)	20.102.103.196 - - [14/Jun/2026:08:27:23 -0500] "GET /.git/HEAD HTTP/1.1" 404 197 "-" "Mozilla/5.0 ( ... show more 20.102.103.196 - - [14/Jun/2026:08:27:23 -0500] "GET /.git/HEAD HTTP/1.1" 404 197 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" 20.102.103.196 - - [14/Jun/2026:08:27:23 -0500] "GET /.git/config HTTP/1.1" 404 134 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14.4; rv:125.0) Gecko/20100101 Firefox/125.0" 20.102.103.196 - - [14/Jun/2026:08:27:24 -0500] "GET /.env HTTP/1.1" 404 134 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ... show less	Brute-Force SSH
🇺🇸 Starburst SysOp Team	2026-06-14 13:08:10 (3 days ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-stl2-13)	Hacking Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-14 12:37:17 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 20.102.103.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 20.102.103.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 08:37:11.499429 2026] [security2:error] [pid 13801:tid 13801] [client 20.102.103.196:18728] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.119"] [uri "/.git/HEAD"] [unique_id "ai6gdzYjMg-WEBeHD95BlAAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ISPLtd	2026-06-14 12:35:49 (3 days ago)	Jun 14 09:35:49 20.102.103.196 TCP SPT=19435 DPT=2077 SYN Jun 14 09:35:49 20.102.103.196 TCP SPT=183 ... show more Jun 14 09:35:49 20.102.103.196 TCP SPT=19435 DPT=2077 SYN Jun 14 09:35:49 20.102.103.196 TCP SPT=18303 DPT=2095 SYN Jun 14 09:35:49 20.102.103.196 TCP SPT=18262 DPT=2096 ... show less	Port Scan
🇺🇸 Axel	2026-06-14 11:30:35 (3 days ago)	Blocked by UFW on MVI [2078/tcp] \| SPT: 19233 \| TTL: 48 \| LEN: 60 \| TOS: 0x00 • Reported by: github. ... show more Blocked by UFW on MVI [2078/tcp] \| SPT: 19233 \| TTL: 48 \| LEN: 60 \| TOS: 0x00 • Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇦🇺 clapper	2026-06-14 10:54:56 (3 days ago)	(mod_security) mod_security (id:949110) triggered by 20.102.103.196 (US/United States/-): 3 in the l ... show more (mod_security) mod_security (id:949110) triggered by 20.102.103.196 (US/United States/-): 3 in the last 3600 secs; ID: LUC show less	Brute-Force Bad Web Bot
🇬🇧 dwmosaics	2026-06-14 10:24:00 (3 days ago)	"GET /.git/config HTTP/1.1" 301 551 "-" "Mozilla/5.0 (X11; Linux x86_64) Ap...	Brute-Force Web App Attack
🇩🇪 Bedios GmbH	2026-06-14 10:16:08 (3 days ago)	Login credentials theft attempt	Hacking
Anonymous	2026-06-03 11:06:46 (2 weeks ago)	Portscan: TCP/80, TCP/8080, TCP/2087, TCP/8443, TCP/2082, TCP/2083, TCP/443, TCP/2086	Port Scan
🇬🇧 PeravixGroup	2026-06-03 08:25:41 (2 weeks ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-03 06:22:53 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.102.103.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 20.102.103.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 02:22:47.584457 2026] [security2:error] [pid 29041:tid 29041] [client 20.102.103.196:35385] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.151.18"] [uri "/.env"] [unique_id "ah_IN4czA76kb2Z-BY_LhAAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-03 06:19:13 (2 weeks ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇧🇾 lns.bz	2026-06-03 04:40:01 (2 weeks ago)	Too many 404 requests [BY]	Web App Attack
🇯🇵 VXG-NET	2026-06-03 04:31:50 (2 weeks ago)	port=80, indicator_type=info-leak	Hacking
🇺🇸 TPI-Abuse	2026-06-03 04:29:25 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 20.102.103.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 20.102.103.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 00:29:21.302310 2026] [security2:error] [pid 10711:tid 10711] [client 20.102.103.196:33991] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.92"] [uri "/.git/HEAD"] [unique_id "ah-tofdy8hn4rs0md2yCngAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 29 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 139.9.191.197

🇮🇹 95.110.227.50

🇺🇸 91.230.168.139

🇨🇦 85.217.149.66

🇨🇦 207.219.221.53

🇨🇳 180.76.57.208

🇬🇧 149.102.150.70

🇩🇪 94.26.106.80

🇨🇦 85.217.149.44

🇫🇷 85.217.140.42

🇺🇦 79.143.45.75

🇲🇾 49.124.149.20

🇺🇸 45.63.4.69

🇺🇸 20.40.218.197

🇸🇬 8.219.111.165

🇨🇳 221.11.60.157

🇩🇪 167.94.146.34

🇹🇭 165.154.120.89

🇮🇩 163.7.8.79

🇨🇳 116.179.32.154