JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 143.20.97.221

143.20.97.221 was found in our database!

This IP was reported 48 times. Confidence of Abuse is 100%: ?

100%

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS214481
Domain Name	netutils.io
Country	🇵🇱 Poland
City	Warsaw, Mazovia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 143.20.97.221

Whois 143.20.97.221

IP Abuse Reports for 143.20.97.221:

This IP address has been reported a total of 48 times from 31 distinct sources. 143.20.97.221 was first reported on June 4th 2026, and the most recent report was 55 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 etu brutus	2026-06-06 15:36:27 (55 minutes ago)	143.20.97.221 Blocked by [Attack Vector List] ...	Hacking Brute-Force Exploited Host
🇸🇬 Cloudkul Cloudkul	2026-06-06 13:36:47 (2 hours ago)	Attempted Not Found (404 status code) requests on our application, more than 30% of their total requ ... show more Attempted Not Found (404 status code) requests on our application, more than 30% of their total requests. show less	Brute-Force Web App Attack
🇳🇱 debestelapp	2026-06-06 12:40:06 (3 hours ago)		Web App Attack
🇬🇧 venus.launch.bz	2026-06-06 12:31:10 (4 hours ago)	(mod_security) mod_security triggered on hostname [redacted] 143.20.97.221 (US/United States/-)	SQL Injection
🇩🇪 Hary74656	2026-06-06 11:21:58 (5 hours ago)	[Sat Jun 06 13:21:43.590278 2026] [security2:error] [pid 301216:tid 301273] [remote 143.20.97.221:39 ... show more [Sat Jun 06 13:21:43.590278 2026] [security2:error] [pid 301216:tid 301273] [remote 143.20.97.221:39860] [client 143.20.97.221] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "backup.weavernet.at"] [uri "/.git/config"] [unique_id "aiQCx0wukbRZWnOoKbWH8AAB9gQ"] [Sat Jun 06 13:21:43.668771 2026] [security2:error] [pid 301216:tid 301272] [remote 143.20.97.221:39860] [client 143.20.97.221] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".aws/credentials" at REQUEST_FIL ... show less	Web App Attack
Anonymous	2026-06-06 11:08:04 (5 hours ago)	Bot / scanning and/or hacking attempts: GET /.env.local HTTP/2.0, GET /vault.env HTTP/2.0, GET /conf ... show more Bot / scanning and/or hacking attempts: GET /.env.local HTTP/2.0, GET /vault.env HTTP/2.0, GET /config.env HTTP/2.0, GET /.env.development HTTP/2.0, GET /.env.staging HTTP/2.0, GET /.env.old HTTP/2.0, [15/15] read: stream 0, , GET /.env HTTP/2.0, GET /backend/.env HTTP/1.1, GET /.envrc HTTP/1.1, GET /api/.env HTTP/1.1, GET /.env.production HTTP/1.1, GET /public/.env HTTP/1.1, GET /app/.env HTTP/1.1, GET /.env.test HTTP/1.1 show less	Hacking Web App Attack
🇩🇪 FeG Deutschland	2026-06-06 10:57:12 (5 hours ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 1247	Exploited Host Web App Attack
🇦🇺 2000cn.com.au	2026-06-06 10:45:26 (5 hours ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
🇩🇪 Vegascosmetics	2026-06-06 10:24:46 (6 hours ago)	Kingcopy(AI-IDS) Report: IP automatically blocked after suspicious activity. Vegas Security System	DDoS Attack Hacking Exploited Host
🇳🇱 Site.eu	2026-06-06 10:23:55 (6 hours ago)	Excessive multi-domain requests	Brute-Force
🇩🇪 Skyrider	2026-06-06 09:24:22 (7 hours ago)	crowdsecurity/http-sensitive-files	Hacking
🇫🇷 Guardian	2026-06-06 09:18:32 (7 hours ago)	Multi abuses [2]: Unauthorized connection attempt / Port scanning (x7), Unauthorized attempt to retr ... show more Multi abuses [2]: Unauthorized connection attempt / Port scanning (x7), Unauthorized attempt to retrieve configuration file 143.20.97.221 [06/Jun/2026:09:18:26] "GET / HTTP/1.1" 143.20.97.221 [06/Jun/2026:09:18:28] "GET /secrets.yml HTTP/1.1" 143.20.97.221 [06/Jun/2026:09:18:30] "GET /application.yml HTTP/1.1" 143.20.97.221 [06/Jun/2026:09:18:30] "GET /.git/config HTTP/1.1" 143.20.97.221 [06/Jun/2026:09:18:31] "GET /.aws/credentials HTTP/1.1" 143.20.97.221 [06/Jun/2026:09:18:31] "GET /vault.env HTTP/1.1" 143.20.97.221 [06/Jun/2026:09:18:31] "GET /secrets.json HTTP/1.1" 143.20.97.221 [06/Jun/2026:09:18:31] "GET /storage/logs/laravel.log HTTP/1.1" show less	Port Scan Web App Attack
🇨🇭 leo1305	2026-06-06 09:13:24 (7 hours ago)	CrowdSec detection \| scenario: http-probing	Port Scan Web App Attack
🇬🇧 consul.to	2026-06-05 18:15:38 (22 hours ago)	Web attack/malicious scanning detected	Web App Attack
🇨🇱 n33	2026-06-05 15:11:31 (1 day ago)	Attack detected detected by fail2ban. Service: nginx-ghost-upstream. Banned after 3 failed attempts.	Hacking Web App Attack

Showing 1 to 15 of 48 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 2804:14d:3281:b1b9:840f:6a6:50ad:9c3b

🇺🇸 216.24.212.45

🇺🇸 147.185.132.230

🇷🇴 109.100.14.222

🇮🇳 103.107.60.45

🇰🇿 45.66.52.41

🇺🇸 23.234.76.22

🇳🇱 5.255.122.176

🇬🇧 2a06:4880:2000::2e

🇨🇦 142.44.247.134

🇺🇸 136.32.238.207

🇷🇴 92.118.39.236

🇱🇹 81.30.98.158

🇺🇸 68.207.186.209

🇹🇷 45.158.14.124

🇳🇱 45.153.34.195

🇳🇱 45.148.10.147

🇺🇸 23.234.75.213

🇺🇸 23.234.75.209

🇺🇸 18.118.188.98