JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 168.144.38.74

168.144.38.74 was found in our database!

This IP was reported 22 times. Confidence of Abuse is 89%: ?

89%

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 168.144.38.74

Whois 168.144.38.74

IP Abuse Reports for 168.144.38.74:

This IP address has been reported a total of 22 times from 15 distinct sources. 168.144.38.74 was first reported on June 25th 2026, and the most recent report was 18 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇷🇺 DZBOT	2026-06-28 01:00:03 (18 hours ago)	DZBOT: Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
🇦🇺 rubixstudios	2026-06-27 23:34:02 (19 hours ago)	Excessive HTTP requests consistent with automated attack behaviour detected by Imunify360	DDoS Attack Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-27 21:19:37 (21 hours ago)	(mod_security) mod_security (id:210730) triggered by 168.144.38.74 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 168.144.38.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 17:19:31.845633 2026] [security2:error] [pid 30285:tid 30285] [client 168.144.38.74:46378] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|skinbot.rustyog.net\|F\|2"] [data ".env.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "skinbot.rustyog.net"] [uri "/.env.bak"] [unique_id "akA-Y5drvb8iHIgy7UFavgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-27 19:07:57 (1 day ago)	Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-201)	Hacking Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-06-27 15:08:02 (1 day ago)	Fail2Ban - [WEB]Custom exploit pattern detected on customexploits ... [ice02,wa01,wa02]	Hacking Brute-Force Bad Web Bot Web App Attack
🇸🇪 vaia.cloud	2026-06-27 14:57:02 (1 day ago)	trying wp-login.php/xmlrpc.php 53 times in 1 minutes	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-27 13:05:19 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 168.144.38.74 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 168.144.38.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 09:05:14.759841 2026] [security2:error] [pid 502:tid 502] [client 168.144.38.74:59100] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "southsideaccountingservices.com"] [uri "/.env"] [unique_id "aj_KiibuT3ksJEjMVv4OgQAAABA"], referer: https://www.google.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-27 10:51:05 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 168.144.38.74 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 168.144.38.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 06:50:59.886798 2026] [security2:error] [pid 18902:tid 18902] [client 168.144.38.74:50420] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pandalearningcenters.com.stlouisdave.com"] [uri "/.git/config"] [unique_id "aj-rE7IBRMHWqEmzitusbAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-27 10:27:20 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 168.144.38.74 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 168.144.38.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 06:27:16.906499 2026] [security2:error] [pid 18361:tid 18361] [client 168.144.38.74:36530] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "siemens.pamplonaserviciotecnico.com"] [uri "/.git/config"] [unique_id "aj-lhHpIm1XTRc3gC6rdDwAAADk"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-27 08:14:14 (1 day ago)	(caddyscan) Scanner path probe from 168.144.38.74 (SG/Singapore/-): 5 in the last 3600 secs; Ports: ... show more (caddyscan) Scanner path probe from 168.144.38.74 (SG/Singapore/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 168.144.38.74 - - [27/Jun/2026:08:14:09 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 168.144.38.74 - - [27/Jun/2026:08:14:11 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 168.144.38.74 - - [27/Jun/2026:08:14:11 +0000] "GET /.env.local HTTP/1.1" [REDACTED] 200 2627 168.144.38.74 - - [27/Jun/2026:08:14:11 +0000] "GET /.env.production HTTP/1.1" [REDACTED] 200 2627 168.144.38.74 - - [27/Jun/2026:08:14:12 +0000] "GET /.env.staging HTTP/1.1" show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-27 01:41:13 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 168.144.38.74 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 168.144.38.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 21:41:09.657385 2026] [security2:error] [pid 7364:tid 7364] [client 168.144.38.74:53942] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "oxygenengland.mroxygen.org"] [uri "/.git/config"] [unique_id "aj8qNRnk_CYlTfzBooPgbgAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-27 01:08:03 (1 day ago)	Restricted File Access Attempt. Matched phrase ".git/" at REQUEST_FILENAME. (930130-196)	Hacking Web App Attack
🇨🇭 4server	2026-06-27 00:15:58 (1 day ago)	[SatJun2702:15:54.7191632026][security2:error][pid2183281:tid2183356][client168.144.38.74:0]ModSecur ... show more [SatJun2702:15:54.7191632026][security2:error][pid2183281:tid2183356][client168.144.38.74:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\\$\(\?:\\\\\\\\\(\(\?:\\\\\\\\\(.\\\\\\\\\$\\|.\\)\\\\\\\\\)\\|\\\\\\\\{.\\\\\\\\\}\)\\|[\<\>]\\\\\\\\$.\\\\\\\\\$\)\"atARGS:0.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"396\"][id\"393655\"][rev\"17\"][msg\"Atomicorp.comWAFRules:PossibleRemoteCommandExecution:UnixShellExpressionFound\"][data\"MatchedData:\$$\(41\271$\)foundwithinARGS:0:{then:\$1:__proto__:thenstatus:resolved_modelreason:-1value:{then:\$b1337}_response:{_prefix:varres=process.mainmodule.require$child_process$.execsync$echo\$\(\(41\271$\)\\|base64-w0\).tostring.trimthrowobject.assign$newerror\(next_redirect${digest:\`next_redirectpush/login\?a=\${res}307\`}\)_chunks:\$q2_formdata:{get:\$1:constructor:constructor}}}\"][tag\"attack-rce\"][hostname\"hosting-domain-swiss.com\"][uri\"/\"][unique_id\"aj8WOus_el4ENOMBvc5A3gAAAMo\"] show less	Hacking Web App Attack
🇳🇱 ConsulHosting	2026-06-26 20:17:02 (1 day ago)	Excessive failed CAPTCHA attempts (CAPTCHA DoS)	Web App Attack
🇳🇱 Site.eu	2026-06-26 13:01:26 (2 days ago)	Excessive 404/403 errors	Brute-Force

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇵🇱 212.127.90.201

🇦🇷 200.105.110.36

🇧🇪 198.235.24.170

🇧🇷 170.238.160.191

🇸🇪 87.227.22.1

🇬🇧 80.1.51.168

🇺🇸 66.132.172.159

🇮🇶 65.20.205.197

🇨🇳 36.104.144.114

🇧🇷 205.210.31.164

🇧🇮 197.157.194.74

🇮🇳 187.127.175.125

🇺🇸 135.237.123.204

🇮🇳 125.20.210.182

🇮🇳 118.95.65.182

🇳🇵 116.90.225.238

🇺🇸 66.132.195.25

🇳🇱 45.148.10.121

🇮🇳 2a02:4780:63:9f52::1

🇨🇳 180.168.24.186