JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 20.119.87.96

20.119.87.96 was found in our database!

This IP was reported 29 times. Confidence of Abuse is 70%: ?

70%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 20.119.87.96

Whois 20.119.87.96

IP Abuse Reports for 20.119.87.96:

This IP address has been reported a total of 29 times from 19 distinct sources. 20.119.87.96 was first reported on May 16th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 MPL	2026-06-15 05:44:08 (1 week ago)	tcp port scan (16 or more attempts)	Port Scan
🇳🇱 BIV	2026-06-15 04:38:12 (1 week ago)	Honeypot multi-source hit. Sources: tpot:Honeytrap,tpot:P0f,tpot:Suricata. Ports: 2077,2086,443,80. ... show more Honeypot multi-source hit. Sources: tpot:Honeytrap,tpot:P0f,tpot:Suricata. Ports: 2077,2086,443,80. Automated tiered (T-Pot+DShield). show less	Port Scan Hacking Bad Web Bot
🇺🇸 kosada.com	2026-06-15 03:12:19 (1 week ago)	Web vulnerability probing: /.env.backup (bogus vhost/SNI)	Web App Attack
🇺🇸 Axel	2026-06-15 02:13:08 (1 week ago)	Blocked by UFW on MVI [2078/tcp] \| SPT: 17274 \| TTL: 47 \| LEN: 60 \| TOS: 0x00 • Reported by: github. ... show more Blocked by UFW on MVI [2078/tcp] \| SPT: 17274 \| TTL: 47 \| LEN: 60 \| TOS: 0x00 • Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
Anonymous	2026-06-15 01:56:06 (1 week ago)	Bot / scanning and/or hacking attempts: GET /.env.local HTTP/1.1, GET /.git/config HTTP/1.1, GET /.e ... show more Bot / scanning and/or hacking attempts: GET /.env.local HTTP/1.1, GET /.git/config HTTP/1.1, GET /.env HTTP/1.1, GET /.env.backup HTTP/1.1 show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 01:25:47 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 20.119.87.96 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.119.87.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 21:25:41.640886 2026] [security2:error] [pid 29836:tid 29836] [client 20.119.87.96:17079] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.75"] [uri "/.git/HEAD"] [unique_id "ai9UlUM--CndE0QtxPII6AAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Matthew Ping	2026-06-15 01:15:02 (1 week ago)	ModSecurity rule 949110 triggered on lulus. Web application attack blocked by CSF/LFD.	Web App Attack Hacking
🇺🇸 MPL	2026-06-15 01:13:28 (1 week ago)	tcp port scan (10 or more attempts)	Port Scan
🇺🇸 TPI-Abuse	2026-06-15 01:04:09 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 20.119.87.96 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.119.87.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 21:04:05.362938 2026] [security2:error] [pid 21748:tid 21748] [client 20.119.87.96:15641] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.111"] [uri "/.env.local"] [unique_id "ai9PhZ8eLAMFUdTJsQSRDAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇹 vikal	2026-06-15 00:51:38 (1 week ago)	20.119.87.96 - - [15/Jun/2026:02:51:38 +0200] "GET /.env.production HTTP/1.1" 301 162 "-" "Mozilla/5 ... show more 20.119.87.96 - - [15/Jun/2026:02:51:38 +0200] "GET /.env.production HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Linux; Android 14; Pixel 8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Mobile Safari/537.36" ... show less	Brute-Force SSH
🇷🇸 Scan	2026-06-15 00:48:55 (1 week ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇺🇸 TPI-Abuse	2026-06-15 00:46:00 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 20.119.87.96 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 20.119.87.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 20:45:54.669277 2026] [security2:error] [pid 11711:tid 11711] [client 20.119.87.96:17111] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.151.9"] [uri "/.git/config"] [unique_id "ai9LQiwHW-RBimP8l74zyAAAACY"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇹 urnilxfgbez	2026-06-03 22:45:00 (2 weeks ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇺🇸 MPL	2026-06-03 02:53:26 (2 weeks ago)	tcp port scan (5 or more attempts)	Port Scan
🇬🇧 PeravixGroup	2026-06-03 01:41:21 (2 weeks ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot

Showing 1 to 15 of 29 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇪 31.12.80.206

🇹🇼 198.235.24.48

🇯🇴 176.29.159.102

🇫🇮 147.185.133.140

🇺🇸 147.185.132.242

🇨🇳 101.126.64.76

🇫🇷 91.231.89.71

🇺🇸 54.215.162.225

🇻🇳 45.119.212.99

🇷🇺 178.65.40.237

🇫🇮 178.20.210.208

🇩🇪 172.70.246.88

🇺🇸 147.203.255.20

🇺🇸 137.184.13.144

🇵🇰 137.59.218.201

🇨🇳 122.114.8.57

🇨🇳 118.196.64.77

🇨🇳 117.14.51.58

🇨🇳 112.31.167.120

🇺🇸 109.105.209.7