JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 143.20.97.245

143.20.97.245 was found in our database!

This IP was reported 28 times. Confidence of Abuse is 100%: ?

100%

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS214481
Domain Name	netutils.io
Country	🇵🇱 Poland
City	Warsaw, Mazovia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 143.20.97.245

Whois 143.20.97.245

IP Abuse Reports for 143.20.97.245:

This IP address has been reported a total of 28 times from 26 distinct sources. 143.20.97.245 was first reported on June 14th 2026, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Baking333	2026-06-16 02:27:23 (2 hours ago)	[redacted] 143.20.97.245 - - [16/Jun/2026:03:26:52 +0100] "GET /.aws/credentials HTTP/1.1" 302 5268 ... show more [redacted] 143.20.97.245 - - [16/Jun/2026:03:26:52 +0100] "GET /.aws/credentials HTTP/1.1" 302 5268 0/80935 "http://[redacted]/.aws/credentials" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://[redacted]/[redacted])" [redacted] 143.20.97.245 - - [16/Jun/2026:03:27:22 +0100] "GET /[redacted] HTTP/1.1" 302 5268 0/64828 "http://[redacted]/[redacted]" "Mozilla/5.0 (compatible; Bytespider; spider-feedback@[redacted])" show less	Bad Web Bot Web App Attack
🇳🇱 e.fierstra	2026-06-16 02:22:30 (2 hours ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇩🇪 paissangroup	2026-06-15 21:40:25 (7 hours ago)	Multiple WAF Violations	Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 21:28:22 (7 hours ago)	(mod_security) mod_security (id:210492) triggered by 143.20.97.245 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 143.20.97.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 17:28:17.341434 2026] [security2:error] [pid 20053:tid 20053] [client 143.20.97.245:40134] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tracklocross.com"] [uri "/.env"] [unique_id "ajBucWDCYC7KdAR2kZxegAAAACk"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Skyrider	2026-06-15 20:57:33 (7 hours ago)	Nginx: HTTP 4xx probe/scan attempts. Automated fail2ban report.	Bad Web Bot Web App Attack
🇪🇸 el-brujo	2026-06-15 19:21:44 (9 hours ago)	Cloudflare WAF: Request Path: /.git/config Request Query: Host: ns2.elhacker.net userAgent: Mozilla ... show more Cloudflare WAF: Request Path: /.git/config Request Query: Host: ns2.elhacker.net userAgent: Mozilla/5.0 (compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot) Action: block Source: firewallManaged ASN Description: Wojciech Czapkowicz Country: PL Method: GET Timestamp: 2026-06-15T19:21:44Z ruleId: 23548ee2b36547a1be09bb2c0550c529. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇺🇸 rsa	2026-06-15 17:51:00 (10 hours ago)	GET /config.json HTTP/1.1	DDoS Attack Brute-Force Web App Attack Hacking
🇺🇸 Gabriel Camargo	2026-06-15 16:07:06 (12 hours ago)	143.20.97.245 - - [15/Jun/2026:11:06:44 -0500] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (iPad; CPU ... show more 143.20.97.245 - - [15/Jun/2026:11:06:44 -0500] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (iPad; CPU OS 19_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/19.0 Mobile/15E148 Safari/604.1" 143.20.97.245 - - [15/Jun/2026:11:07:00 -0500] "GET /js/custom.js HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Linux; Android 15; Pixel 9 Pro) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Mobile Safari/537.36" 143.20.97.245 - - [15/Jun/2026:11:07:05 -0500] "GET /js/owl.carousel.min.js HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36" ... show less	Brute-Force SSH
🇬🇧 Celtic	2026-06-15 14:40:49 (14 hours ago)	Blocked by Fail2Ban with Jail (plesk-modsecurity)	Brute-Force SSH
🇧🇪 cmbplf	2026-06-15 11:33:38 (17 hours ago)	144 requests with url.path config.json 128 requests with url.path secrets.yml	Brute-Force Bad Web Bot
🇨🇭 backslash	2026-06-15 10:33:00 (18 hours ago)	block ruleset WAF detection and high score on abuseIPDB 149EB1B42C242111FADBBC2EF8F90219570691E1	Bad Web Bot
🇪🇸 elcruzado.es	2026-06-15 10:07:14 (18 hours ago)	(mod_security) mod_security triggered on hostname [redacted] 143.20.97.245 (US/United States/-)	SQL Injection
🇩🇪 Séfora Srl	2026-06-15 10:01:58 (18 hours ago)	Bad user agents ignoring web crawling rules. Draing bandwidth - detected by Fail2Ban in plesk-apache ... show more Bad user agents ignoring web crawling rules. Draing bandwidth - detected by Fail2Ban in plesk-apache-badbot jail show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-15 09:54:13 (18 hours ago)	(mod_security) mod_security (id:210492) triggered by 143.20.97.245 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 143.20.97.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 05:54:07.362196 2026] [security2:error] [pid 8795:tid 8795] [client 143.20.97.245:48938] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.chrisbilder.com"] [uri "/.env.example"] [unique_id "ai_LvyQJIThA2cEGr2nc4QAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇷 Halux	2026-06-15 09:14:12 (19 hours ago)	143.20.97.245 Probing protected path or service	Web App Attack

Showing 1 to 15 of 28 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇽 187.191.48.4

🇺🇿 170.168.6.72

🇨🇦 142.44.225.201

🇰🇷 118.194.248.142

🇺🇸 102.129.234.212

🇨🇳 36.140.175.34

🇬🇧 185.247.137.249

🇨🇦 184.107.244.93

🇮🇳 152.32.158.219

🇨🇳 114.255.222.116

🇨🇳 111.228.13.226

🇳🇱 103.251.165.133

🇬🇧 89.34.96.151

🇸🇨 45.194.67.8

🇵🇰 39.48.9.253

🇨🇳 14.116.189.74

🇺🇸 3.144.124.187

🇺🇸 216.180.246.149

🇺🇸 205.210.31.60

🇭🇰 199.45.155.65