JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 143.20.97.127

143.20.97.127 was found in our database!

This IP was reported 70 times. Confidence of Abuse is 100%: ?

100%

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS214481
Domain Name	netutils.io
Country	🇵🇱 Poland
City	Warsaw, Mazovia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 143.20.97.127

Whois 143.20.97.127

IP Abuse Reports for 143.20.97.127:

This IP address has been reported a total of 70 times from 41 distinct sources. 143.20.97.127 was first reported on June 4th 2026, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇹🇷 zadmind	2026-06-08 16:44:43 (5 days ago)	Blocked by automated 404 tracking monitoring system.	Hacking Web App Attack
🇩🇪 FeG Deutschland	2026-06-07 22:23:24 (6 days ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 1247	Exploited Host Web App Attack
🇳🇱 homeshowdomain.nl	2026-06-07 22:03:16 (6 days ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-06. show less	Web App Attack SSH Hacking
Anonymous	2026-06-07 18:04:39 (6 days ago)	Aggressive web scan	Web App Attack
🇺🇦 URAN Publishing Service	2026-06-07 17:37:25 (6 days ago)	143.20.97.127 - - [07/Jun/2026:20:37:24 +0300] "GET /.env HTTP/1.1" 404 650 "-" "Mozilla/5.0 (compat ... show more 143.20.97.127 - - [07/Jun/2026:20:37:24 +0300] "GET /.env HTTP/1.1" 404 650 "-" "Mozilla/5.0 (compatible; Bytespider; [email protected])" ... show less	Web App Attack
🇮🇩 Burayot	2026-06-07 16:27:13 (6 days ago)	LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 143.20.97.127 (US/United States/-): ... show more LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 143.20.97.127 (US/United States/-): 2 in the last 3600 secs show less	Web App Attack
🇳🇱 wlt-blocker	2026-06-07 14:16:54 (6 days ago)	Unauthorized access to webpage admin	Web App Attack
🇺🇦 URAN Publishing Service	2026-06-07 09:44:04 (6 days ago)	143.20.97.127 - - [07/Jun/2026:12:44:04 +0300] "GET /wp-config.php.swp HTTP/1.1" 404 5216 "-" "Mozil ... show more 143.20.97.127 - - [07/Jun/2026:12:44:04 +0300] "GET /wp-config.php.swp HTTP/1.1" 404 5216 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; OAI-SearchBot/1.0; +https://openai.com/searchbot" ... show less	Web App Attack
🇩🇪 kommunos	2026-06-07 07:58:35 (6 days ago)	/.git/config	Web App Attack
🇳🇱 JCB	2026-06-07 07:58:00 (6 days ago)	143.20.97.127 - - [07/Jun/2026:10:44:17 +0300] "GET /credentials/google.json HTTP/1.1" 404 236 "-" " ... show more 143.20.97.127 - - [07/Jun/2026:10:44:17 +0300] "GET /credentials/google.json HTTP/1.1" 404 236 "-" "meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)" 143.20.97.127 - - [07/Jun/2026:10:44:18 +0300] "GET /debug/pprof/cmdline HTTP/1.1" 404 236 "-" "Mozilla/5.0 (compatible; cohere-ai/1.0; +https://cohere.com)" ... show less	Bad Web Bot Web App Attack
🇩🇪 Nightreaver	2026-06-07 06:49:54 (6 days ago)	143.20.97.127 - - [07/Jun/2026:08:49:53 0200] "GET /.git/config HTTP/1.1" 404 431 "-" "Mozilla/5.0 ... show more 143.20.97.127 - - [07/Jun/2026:08:49:53 0200] "GET /.git/config HTTP/1.1" 404 431 "-" "Mozilla/5.0 (compatible; Claude-Web/1.0; https://www.anthropic.com)" 143.20.97.127 - - [07/Jun/2026:08:49:53 0200] "GET /.aws/credentials HTTP/1.1" 404 431 "-" "Mozilla/5.0 (compatible; Bytespider; [email protected])" 143.20.97.127 - - [07/Jun/2026:08:49:53 0200] "GET /debug/pprof/cmdline HTTP/1.1" 404 431 "-" "Mozilla/5.0 (compatible; Google-Extended/1.0; http://www.google.com/bot.html)" 143.20.97.127 - - [07/Jun/2026:08:49:53 0200] "GET /secrets.json HTTP/1.1" 404 431 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; http://www.google.com/bot.html)" 143.20.97.127 - - [07/Jun/2026:08:49:54 0200] "GET /secrets.yml HTTP/1.1" 404 431 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; ClaudeBot/1.0; mailto:[email protected]"[...] show less	Bad Web Bot Web App Attack
🇬🇧 openstrike.co.uk	2026-06-07 05:13:04 (6 days ago)	23 attacks on env grabbing URLs, VC URLs, password grabbing URLs, config grabbing URLs (type 2): GET ... show more 23 attacks on env grabbing URLs, VC URLs, password grabbing URLs, config grabbing URLs (type 2): GET /backend/.env HTTP/1.1 GET /.git/config HTTP/1.1 GET /.aws/credentials HTTP/1.1 GET /env.json HTTP/1.1 show less	Hacking
🇩🇪 todix	2026-06-07 04:38:45 (6 days ago)	Web App Attack Exploid from 143.20.97.127	Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 04:33:40 (6 days ago)	(mod_security) mod_security (id:210730) triggered by 143.20.97.127 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 143.20.97.127 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 00:33:33.682336 2026] [security2:error] [pid 28686:tid 28686] [client 143.20.97.127:32812] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kratka.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kratka.com"] [uri "/storage/logs/laravel.log"] [unique_id "aiT0nZApxl548Nemx5bOzgAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 lns.bz	2026-06-07 00:40:00 (1 week ago)	Web app attack [PL.Lu]	Exploited Host Web App Attack

Showing 1 to 15 of 70 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇿 84.54.78.153

🇳🇱 35.204.98.235

🇮🇳 34.131.159.61

🇺🇸 216.180.246.165

🇬🇧 195.96.139.225

🇩🇪 185.242.3.195

🇺🇸 159.65.216.50

🇺🇸 147.185.132.207

🇵🇭 120.28.219.231

🇲🇦 102.53.15.18

🇨🇳 60.166.82.61

🇮🇪 54.171.115.49

🇨🇳 42.178.17.143

🇬🇧 35.203.211.185

🇳🇱 20.123.146.92

🇹🇭 202.29.230.5

🇭🇰 199.45.154.177

🇬🇧 185.247.137.225

🇺🇸 173.252.69.113

🇨🇳 123.178.210.199