JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.119.103.1

20.119.103.1 was found in our database!

This IP was reported 22 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.119.103.1

Whois 20.119.103.1

IP Abuse Reports for 20.119.103.1:

This IP address has been reported a total of 22 times from 20 distinct sources. 20.119.103.1 was first reported on June 2nd 2026, and the most recent report was 14 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 gu-alvareza	2026-06-03 07:05:29 (14 hours ago)	Spring.Boot.Actuator.Unauthorized.Access	Brute-Force
🇫🇷 dynamix	2026-06-03 06:38:31 (15 hours ago)	Multiple WAF Violations	Web App Attack
🇧🇾 lns.bz	2026-06-03 06:32:42 (15 hours ago)	Too many 404 requests [BY]	Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 06:21:14 (15 hours ago)	(mod_security) mod_security (id:210492) triggered by 20.119.103.1 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.119.103.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 02:21:06.455795 2026] [security2:error] [pid 29574:tid 29574] [client 20.119.103.1:28883] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.205"] [uri "/.git/HEAD"] [unique_id "ah_H0l5V3NP4B937xm_yXwAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TJTheSpy	2026-06-03 06:06:35 (15 hours ago)	20.119.103.1 - - [03/Jun/2026:06:06:28 +0000] "GET /.git/config HTTP/1.1" 404 2208 "-" "Mozilla/5.0 ... show more 20.119.103.1 - - [03/Jun/2026:06:06:28 +0000] "GET /.git/config HTTP/1.1" 404 2208 "-" "Mozilla/5.0 (Linux; Android 14; Pixel 8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Mobile Safari/537.36" 20.119.103.1 - - [03/Jun/2026:06:06:29 +0000] "GET /.env HTTP/1.1" 404 2208 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 20.119.103.1 - - [03/Jun/2026:06:06:31 +0000] "GET /.env.local HTTP/1.1" 404 2208 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 20.119.103.1 - - [03/Jun/2026:06:06:32 +0000] "GET /.env.production HTTP/1.1" 404 2208 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" 20.119.103.1 - - [03/Jun/2026:06:06:34 +0000] "GET /.env.backup HTTP/1.1" 404 2208 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" ... show less	Bad Web Bot
🇨🇿 ptlab	2026-06-03 06:00:05 (15 hours ago)	Detected env_leak attack from WP-host.	Hacking Web App Attack
🇮🇪 Jim Keir	2026-06-03 05:51:48 (15 hours ago)	2026-06-03 05:51:47 20.119.103.1 File scanning, blocking 20.119.103.1 for 5 minutes	Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 05:42:04 (16 hours ago)	(mod_security) mod_security (id:210492) triggered by 20.119.103.1 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.119.103.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 01:41:59.648023 2026] [security2:error] [pid 3721:tid 3721] [client 20.119.103.1:29199] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.250"] [uri "/.git/HEAD"] [unique_id "ah--p_JFjLrngke36s69aQAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Mykola Spesivtsev	2026-06-03 05:26:32 (16 hours ago)	HTTP Tarpit detected bot activity:TargetPort:80, Path:/.git/HEAD, Method:GET, UA:Mozilla/5.0 (Macint ... show more HTTP Tarpit detected bot activity:TargetPort:80, Path:/.git/HEAD, Method:GET, UA:Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 show less	Port Scan Web App Attack Bad Web Bot
🇧🇷 SOC Blue Team	2026-06-03 05:26:10 (16 hours ago)	IPs get by Hunting on SIEM	Phishing Web Spam Port Scan Hacking
🇺🇸 MPL	2026-06-03 03:57:26 (17 hours ago)	tcp port scan (4 or more attempts)	Port Scan
🇷🇸 Scan	2026-06-03 02:05:35 (19 hours ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇺🇸 RAP	2026-06-03 01:21:49 (20 hours ago)	2026-06-03 01:21:49 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇯🇵 mkaraki	2026-06-03 00:12:06 (21 hours ago)	1780445525 # Service_probe # SIGNATURE_SEND # source_ip:20.119.103.1 # dst_port:8443 ...	Port Scan
🇫🇮 6kilowatti	2026-06-02 23:35:00 (22 hours ago)	2026-06-03T02:34:59.502322+03:00 mummo kernel: [UFW BLOCK] IN=enp0s25 OUT= MAC=6c:62:6d:d6:a5:bc:00: ... show more 2026-06-03T02:34:59.502322+03:00 mummo kernel: [UFW BLOCK] IN=enp0s25 OUT= MAC=6c:62:6d:d6:a5:bc:00:00:5e:00:01:58:08:00 SRC=20.119.103.1 DST=83.148.240.21 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=21653 DF PROTO=TCP SPT=34880 DPT=2086 WINDOW=64240 RES=0x00 SYN URGP=0 ... show less	Port Scan

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇮 186.77.207.215

🇧🇴 181.188.176.242

🇸🇬 165.22.52.238

🇳🇱 160.119.76.108

🇸🇬 157.245.50.190

🇨🇳 150.255.52.131

🇫🇮 65.109.36.162

🇨🇳 59.52.101.117

🇸🇪 13.60.172.24

🇨🇳 220.197.195.66

🇺🇸 216.25.89.86

🇧🇷 205.210.31.241

🇧🇪 198.235.24.198

🇬🇹 181.209.144.131

🇮🇩 114.10.44.176

🇺🇸 72.90.241.209

🇳🇱 45.142.193.169

🇸🇬 3.0.92.16

🇺🇸 2607:f8b0:4001:c56::123

🇨🇳 220.181.172.244