JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.102.134.99

20.102.134.99 was found in our database!

This IP was reported 28 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Boydton, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.102.134.99

Whois 20.102.134.99

IP Abuse Reports for 20.102.134.99:

This IP address has been reported a total of 28 times from 23 distinct sources. 20.102.134.99 was first reported on June 9th 2026, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇴 adalbertoreyes.org	2026-06-15 16:14:17 (2 days ago)	CategoryPortScan	Port Scan
🇷🇴 abuse_IP_reporter	2026-06-15 00:45:11 (3 days ago)	Jun 15 02:57:32 server UFW BLOCK SRC=20.102.134.99 DF PROTO=TCP SPT=50308	Port Scan
🇷🇸 Scan	2026-06-15 00:43:18 (3 days ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
Anonymous	2026-06-15 00:17:27 (3 days ago)	Portscan: TCP/2078, TCP/2095, TCP/2096, TCP/2086, TCP/2082, TCP/2077, TCP/2087, TCP/80, TCP/2083, TC ... show more Portscan: TCP/2078, TCP/2095, TCP/2096, TCP/2086, TCP/2082, TCP/2077, TCP/2087, TCP/80, TCP/2083, TCP/443 show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-14 23:01:22 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 20.102.134.99 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.102.134.99 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 19:01:18.705489 2026] [security2:error] [pid 14887:tid 14887] [client 20.102.134.99:50573] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.110"] [uri "/.git/config"] [unique_id "ai8yvsDLE--U1ATHAFL0iwAAAHM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 drewf.ink	2026-06-14 21:51:35 (3 days ago)	[21:51] Port scanning. Port(s) scanned: TCP/2096, TCP/2082, TCP/2083, TCP/2095	Port Scan
🇬🇷 setupgr	2026-06-14 21:23:49 (3 days ago)	20.102.134.99, 2 distributed cpanel attacks on account [root] in the last 86400 secs; Ports: ; Dire ... show more 20.102.134.99, 2 distributed cpanel attacks on account [root] in the last 86400 secs; Ports: ; Direction: inout; Trigger: LF_DISTATTACK; Logs: [2026-06-14 23:23:10 +0300] info [whostmgrd] 20.102.134.99 - root "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN whostmgrd: brute force attempt (user root) has locked out IP 20.102.134.99 [2026-06-15 00:23:46 +0300] info [whostmgrd] 95.214.54.159 - root "GET /cpsess4490612003/json-api/version HTTP/1.1" FAILED LOGIN whostmgrd: brute force attempt (user root) has locked out IP 95.214.54.159 IP Addresses Blocked: show less	Port Scan
🇫🇮 agaesteves	2026-06-14 20:58:57 (3 days ago)	[SISHIPISMO 360] TipoAtaque.PATH_PROBE \| Acesso a path suspeito: /phpinfo.php \| Paths: /phpinfo.php ... show more [SISHIPISMO 360] TipoAtaque.PATH_PROBE \| Acesso a path suspeito: /phpinfo.php \| Paths: /phpinfo.php \| UA: Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0 show less	Web App Attack
🇩🇪 ut-addicted.com	2026-06-14 20:52:10 (3 days ago)	\[14/Jun/2026:22:52:06 +0200\] ai8UdqhuNTwW5ojFayOXLQAAAMI 20.102.134.99 49722 78.46.187.162 80 \[14 ... show more \[14/Jun/2026:22:52:06 +0200\] ai8UdqhuNTwW5ojFayOXLQAAAMI 20.102.134.99 49722 78.46.187.162 80 \[14/Jun/2026:22:52:07 +0200\] ai8Ud6huNTwW5ojFayOXMQAAAMY 20.102.134.99 50151 78.46.187.162 80 \[14/Jun/2026:22:52:08 +0200\] ai8UeKhuNTwW5ojFayOXNQAAANY 20.102.134.99 50799 78.46.187.162 80 show less	Brute-Force Web App Attack
🇺🇸 MPL	2026-06-14 20:40:29 (3 days ago)	tcp port scan (20 or more attempts)	Port Scan
Anonymous	2026-06-14 20:33:21 (3 days ago)	...	Bad Web Bot
🇬🇷 setupgr	2026-06-14 20:23:14 (3 days ago)	(cpanel) Failed cPanel login from 20.102.134.99: 1 in the last 86400 secs; Ports: ; Direction: inou ... show more (cpanel) Failed cPanel login from 20.102.134.99: 1 in the last 86400 secs; Ports: ; Direction: inout; Trigger: LF_TRIGGER; Logs: [2026-06-14 23:23:10 +0300] info [whostmgrd] 20.102.134.99 - root "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN whostmgrd: brute force attempt (user root) has locked out IP 20.102.134.99 show less	Port Scan
🇩🇪 Holger	2026-06-14 18:45:22 (3 days ago)	Bruteforce WebAttack	Brute-Force Web App Attack
🇺🇸 Axel	2026-06-14 10:12:41 (3 days ago)	Blocked by UFW on MVI [443/tcp] \| SPT: 1408 \| TTL: 48 \| LEN: 60 \| TOS: 0x00 • Reported by: github.co ... show more Blocked by UFW on MVI [443/tcp] \| SPT: 1408 \| TTL: 48 \| LEN: 60 \| TOS: 0x00 • Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 RAP	2026-06-14 09:48:23 (3 days ago)	2026-06-14 09:48:23 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack

Showing 1 to 15 of 28 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 223.185.133.194

🇺🇸 173.239.211.11

🇺🇸 147.185.132.159

🇺🇸 23.234.110.250

🇺🇸 23.234.109.58

🇳🇱 204.76.203.219

🇪🇹 196.188.187.85

🇵🇱 194.180.48.83

🇵🇾 181.94.235.69

🇨🇳 180.76.137.24

🇭🇰 165.154.40.244

🇸🇬 148.66.142.9

🇫🇮 147.185.133.129

🇺🇸 147.185.132.144

🇧🇩 103.86.198.253

🇨🇳 101.96.195.62

🇰🇷 59.26.193.177

🇧🇪 34.77.159.125

🇨🇳 223.109.255.248

🇧🇷 201.76.120.30