JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.102.46.196

20.102.46.196 was found in our database!

This IP was reported 28 times. Confidence of Abuse is 86%: ?

86%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.102.46.196

Whois 20.102.46.196

IP Abuse Reports for 20.102.46.196:

This IP address has been reported a total of 28 times from 20 distinct sources. 20.102.46.196 was first reported on May 22nd 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-03 08:31:33 (1 week ago)	[Wed Jun 03 10:31:30.716913 2026] [:error] [pid 1063087:tid 1063087] [client 20.102.46.196:47245] Mo ... show more [Wed Jun 03 10:31:30.716913 2026] [:error] [pid 1063087:tid 1063087] [client 20.102.46.196:47245] ModSecurity: Warning. Matched "Operator `PmFromFile' with parameter `restricted-files.data' against variable `REQUEST_FILENAME' (Value: `/.git/HEAD' ) [file "/usr/local/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "131"] [id "930130"] [rev ""] [msg "Restricted File Access Attempt"] [data "Matched Data: .git/ found within REQUEST_FILENAME: /.git/HEAD"] [severity "2"] [ver "OWASP_CRS/4.27.0-dev"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [uri "/.git/HEAD"] [unique_id "178047549071.789035"] [ref "o1,5v4,10t:utf8toUnicode,t:urlDecodeUni,t:normalizePathWin"] [Wed Jun 03 10:31:32.608162 2026] [:error] [pid 1063088:tid 1063088] [client 20.102.46.196:47266] ModSecurity: W ... show less	Web App Attack
🇩🇪 Duggy_Tuxy🧱	2026-06-03 08:14:14 (1 week ago)	[SW01-SRV01-DE] Blocked by SysWarden Firewall (Web Attack)	Hacking Web App Attack Port Scan
🇺🇸 ISPLtd	2026-06-03 08:10:28 (1 week ago)	Jun 3 02:10:27 20.102.46.196 TCP SPT=46919 DPT=8443 SYN Jun 3 02:10:27 20.102.46.196 TCP SPT=46916 ... show more Jun 3 02:10:27 20.102.46.196 TCP SPT=46919 DPT=8443 SYN Jun 3 02:10:27 20.102.46.196 TCP SPT=46916 DPT=2082 SYN Jun 3 02:10:27 20.102.46.196 TCP SPT=46936 DPT=8080 ... show less	Port Scan
🇬🇧 djboddington	2026-06-03 07:59:04 (1 week ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-probing	Web App Attack Hacking
🇵🇱 webadmin	2026-06-03 07:32:03 (1 week ago)		Web App Attack
🇩🇪 ghostwarriors	2026-06-02 11:20:14 (1 week ago)	Webpage scraping	Brute-Force Bad Web Bot Web App Attack
🇺🇸 MPL	2026-06-02 11:14:48 (1 week ago)	tcp port scan (16 or more attempts)	Port Scan
🇩🇪 london2038.com	2026-06-02 11:05:17 (1 week ago)	Connection atttempts against closed TCP ports Jun 2 13:05:16 BLOCK SRC=20.102.46.196 LEN=60 TOS=0x0 ... show more Connection atttempts against closed TCP ports Jun 2 13:05:16 BLOCK SRC=20.102.46.196 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=60752 DF PROTO=TCP SPT=26451 DPT=2087 WINDOW=64240 RES=0x00 SYN Jun 2 13:05:16 BLOCK SRC=20.102.46.196 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=48383 DF PROTO=TCP SPT=26457 DPT=2086 WINDOW=64240 RES=0x00 SYN Jun 2 13:05:16 BLOCK SRC=20.102.46.196 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=42882 DF PROTO=TCP SPT=26448 DPT=8443 WINDOW=64240 RES=0x00 SYN show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-02 10:41:00 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 20.102.46.196 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.102.46.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 06:40:52.310519 2026] [security2:error] [pid 2058:tid 2084] [client 20.102.46.196:25988] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.123"] [uri "/.git/config"] [unique_id "ah6zNEg5-kr3PBiLqLpvogAAARc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 RAP	2026-06-02 10:40:47 (1 week ago)	2026-06-02 10:40:47 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇫🇷 vincent_EUDIER	2026-06-02 10:00:01 (1 week ago)	SURICATA HTTP unable to match response to request	Hacking
🇺🇸 SSP	2026-06-02 09:30:02 (1 week ago)	Automatic report from iptables firewall - detected malicious activity	DDoS Attack Brute-Force SSH Web App Attack Port Scan Hacking
🇺🇸 TPI-Abuse	2026-06-02 09:27:43 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 20.102.46.196 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 20.102.46.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 05:27:37.105410 2026] [security2:error] [pid 11458:tid 11458] [client 20.102.46.196:25836] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.157"] [uri "/.git/HEAD"] [unique_id "ah6iCTuyhAsbMLOy3k9kKgAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 pingusurmars	2026-06-02 08:05:41 (1 week ago)	Blocked by UFW on amperetwo [2082/tcp] Source port: 25638 TTL: 114 Packet length: 40 TOS: 0x00 This ... show more Blocked by UFW on amperetwo [2082/tcp] Source port: 25638 TTL: 114 Packet length: 40 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇧🇾 lns.bz	2026-06-02 07:55:57 (1 week ago)	Too many 404 requests [BY]	Web App Attack

Showing 1 to 15 of 28 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇬 79.124.62.230

🇺🇸 172.71.189.102

🇨🇱 168.90.221.58

🇫🇮 147.185.133.160

🇺🇸 107.150.105.153

🇷🇴 80.94.92.164

🇺🇸 64.62.156.172

🇸🇬 47.79.207.40

🇸🇬 47.79.200.121

🇩🇪 45.135.141.11

🇳🇱 20.123.146.93

🇶🇦 2600:1900:4260:40e::16c

🇺🇸 216.25.89.87

🇰🇷 211.228.218.47

🇳🇱 193.25.217.247

🇧🇷 187.72.144.217

🇧🇷 186.225.225.68

🇳🇱 176.65.148.197

🇵🇱 87.251.64.156

🇺🇸 66.132.195.24