JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 143.20.97.218

143.20.97.218 was found in our database!

This IP was reported 27 times. Confidence of Abuse is 71%: ?

71%

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS214481
Domain Name	netutils.io
Country	🇵🇱 Poland
City	Warsaw, Mazovia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 143.20.97.218

Whois 143.20.97.218

IP Abuse Reports for 143.20.97.218:

This IP address has been reported a total of 27 times from 14 distinct sources. 143.20.97.218 was first reported on June 4th 2026, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇭🇺 kranem	2026-06-05 12:00:35 (5 days ago)	Triggered Cloudflare WAF from PL. Action taken: BLOCK ASN: 214481 (Wojciech Czapkowicz) Protocol: HT ... show more Triggered Cloudflare WAF from PL. Action taken: BLOCK ASN: 214481 (Wojciech Czapkowicz) Protocol: HTTP/1.1 (GET method) Endpoint: /app-config.json Timestamp: 2026-06-05T11:10:53Z User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; ClaudeBot/1.0; +mailto:[email protected] show less	Bad Web Bot
Anonymous	2026-06-05 11:33:36 (5 days ago)	access denied too many times (more than 12 attempts in 60 seconds) ...	Web App Attack Brute-Force
🇩🇪 ghostwarriors	2026-06-05 10:50:38 (5 days ago)	Webpage scraping	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ksol-hostmaster	2026-06-05 10:35:32 (5 days ago)	2026/06/05 12:35:31 [error] 77767#159043: 1557381 access forbidden by rule, client: 143.20.97.218, ... show more 2026/06/05 12:35:31 [error] 77767#159043: 1557381 access forbidden by rule, client: 143.20.97.218, server: new.hondaforum.hu, request: "GET / HTTP/2.0", host: "new.hondaforum.hu" ... show less	Web Spam
🇭🇺 DumaNet	2026-06-05 09:23:00 (5 days ago)	Web app attack attempts, scanning for vulnerability. Date: 2026 Jun 05. 11:20:35 Source IP: 143.20 ... show more Web app attack attempts, scanning for vulnerability. Date: 2026 Jun 05. 11:20:35 Source IP: 143.20.97.218 Portion of the log(s): 143.20.97.218 - [05/Jun/2026:11:20:35 +0200] "GET /.env.development HTTP/1.1" 404 153 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; OAI-SearchBot/1.0; +https://openai.com/searchbot" 143.20.97.218 - [05/Jun/2026:11:20:34 +0200] "GET /config/secrets.yml HTTP/1.1" 404 153 "-" "Mozilla/5.0 (compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot)" 143.20.97.218 - [05/Jun/2026:11:20:33 +0200] "GET /.env.local HTTP/1.1" 404 153 "-" "Mozilla/5.0 (compatible; Google-Extended/1.0; +http://www.google.com/bot.html)" 143.20.97.218 - [05/Jun/2026:11:20:33 +0200] "GET /.env.production HTTP/1.1" 404 153 "-" "Mozilla/5.0 (compatible; Claude-Web/1.0; +https://www.anthropic.com)" 143.20.97.218 - [05/Jun/2026:11:20:33 +0200] "GET /.env.example HTTP/1.1" 404 153 "-" "meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/ show less	Web App Attack Hacking
🇺🇸 TPI-Abuse	2026-06-05 05:02:00 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 143.20.97.218 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 143.20.97.218 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 01:01:53.053360 2026] [security2:error] [pid 16701:tid 16701] [client 143.20.97.218:46504] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bonito.alessiaalessandra.com"] [uri "/.git/config"] [unique_id "aiJYQZoup9xtiMshCHtkOAAAACA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 04:44:18 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 143.20.97.218 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 143.20.97.218 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 00:44:10.279164 2026] [security2:error] [pid 20513:tid 20513] [client 143.20.97.218:45458] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bonefrog.com"] [uri "/.git/config"] [unique_id "aiJUGrmkQErXwA0sipf7lQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Apache	2026-06-05 03:16:41 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 143.20.97.218 (US/United States/-): 5 in the la ... show more (mod_security) mod_security (id:210492) triggered by 143.20.97.218 (US/United States/-): 5 in the last 300 secs (CF_ENABLE) show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 03:10:53 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 143.20.97.218 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 143.20.97.218 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 23:10:45.589872 2026] [security2:error] [pid 18287:tid 18287] [client 143.20.97.218:60418] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bohk.com"] [uri "/.git/config"] [unique_id "aiI-NbHneRTs5nn0HviRwQAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 02:45:35 (6 days ago)	(mod_security) mod_security (id:210730) triggered by 143.20.97.218 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 143.20.97.218 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 22:45:31.498362 2026] [security2:error] [pid 11245:tid 11245] [client 143.20.97.218:36970] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|backstore.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "backstore.com"] [uri "/storage/logs/laravel.log"] [unique_id "aiI4S_hkEmBNHn4OhB0UQwAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 02:21:09 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 143.20.97.218 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 143.20.97.218 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 22:21:05.049789 2026] [security2:error] [pid 8621:tid 8621] [client 143.20.97.218:54284] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bodeur.com"] [uri "/.git/config"] [unique_id "aiIykYp2XVJl7t1pSioZsQAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Penny Packer	2026-06-05 01:52:05 (6 days ago)	Fail2Ban apache-404	Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 01:38:18 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 143.20.97.218 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 143.20.97.218 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 21:38:14.954869 2026] [security2:error] [pid 21857:tid 21857] [client 143.20.97.218:47782] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bobbyunser.com"] [uri "/.git/config"] [unique_id "aiIohlwD24TdazbO2ugTFAAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-05 01:30:56 (6 days ago)	(caddyscan) Scanner path probe from 143.20.97.218 (PL/Poland/-): 5 in the last 3600 secs; Ports: ; ... show more (caddyscan) Scanner path probe from 143.20.97.218 (PL/Poland/-): 5 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 143.20.97.218 - - [05/Jun/2026:01:30:41 +0000] "GET /.aws/credentials HTTP/1.1" [REDACTED] 200 2627 143.20.97.218 - - [05/Jun/2026:01:30:43 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 143.20.97.218 - - [05/Jun/2026:01:30:54 +0000] "GET /.env.local HTTP/1.1" [REDACTED] 200 2627 143.20.97.218 - - [05/Jun/2026:01:30:54 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 143.20.97.218 - - [05/Jun/2026:01:30:54 +0000] "GET /.env.development HTTP/1.1" show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-05 01:21:26 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 143.20.97.218 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 143.20.97.218 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 21:21:23.430327 2026] [security2:error] [pid 13995:tid 13995] [client 143.20.97.218:58092] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "boat-registration-st-vincent-grenadines.com"] [uri "/.env.backup"] [unique_id "aiIkk_qgVNTMnub9e2jexgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 27 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 210.90.155.178

🇸🇬 194.61.41.61

🇲🇽 189.240.44.9

🇩🇪 164.92.173.44

🇺🇸 67.207.84.8

🇮🇷 5.190.35.226

🇺🇸 172.190.220.228

🇺🇸 172.93.102.236

🇩🇪 151.243.11.248

🇺🇸 147.185.132.230

🇨🇳 122.224.205.42

🇺🇸 74.249.184.13

🇺🇸 52.159.243.181

🇳🇱 45.148.10.157

🇭🇰 199.45.155.77

🇺🇸 172.71.147.237

🇺🇸 162.216.150.225

🇹🇹 138.59.26.92

🇺🇸 104.207.47.186

🇮🇷 78.39.48.166