๐บ๐ธ
xmission.com
2026-06-30 21:39:19
(1 week ago)
Blocked by UFW (TCP on 8118)
Source port: 40538
TTL: 47
Packet length: 60
TOS: 0x08
This report (fo ...
show more
Blocked by UFW (TCP on 8118)
Source port: 40538
TTL: 47
Packet length: 60
TOS: 0x08
This report (for 168.144.97.213) was generated by:
https://github.com/sefinek/UFW-AbuseIPDB-Reporter
show less
Port Scan
๐ง๐ฌ
HighWay
2026-06-30 19:40:23
(1 week ago)
168.144.97.213 - - [30/Jun/2026:19:34:26 +0000] "CONNECT kanoferie.dk:443:443 HTTP/1.1" 400 392 "-" ...
show more
168.144.97.213 - - [30/Jun/2026:19:34:26 +0000] "CONNECT kanoferie.dk:443:443 HTTP/1.1" 400 392 "-" "-"
168.144.97.213 - - [30/Jun/2026:19:38:11 +0000] "CONNECT kanoferie.dk:443:443 HTTP/1.1" 400 392 "-" "-"
168.144.97.213 - - [30/Jun/2026:19:40:21 +0000] "CONNECT xiomize.com:443:443 HTTP/1.1" 400 392 "-" "-"
...
show less
Hacking
Port Scan
๐ฏ๐ต
demonsword
2026-06-30 10:35:26
(1 week ago)
Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ...
show more
Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: hoki88bos.it.com:443
show less
Open Proxy
Port Scan
๐ช๐ธ
librebit
2026-06-16 10:26:05
(3 weeks ago)
Brute force
Brute-Force
๐ณ๐ฑ
lid3rc
2026-06-13 18:00:17
(3 weeks ago)
/file-manager/ckeditor
Web App Attack
๐ง๐ท
ICS Labs
2026-05-25 13:23:14
(1 month ago)
ICS Labs identified 168.144.97.213 as a malicious indicator from threat intelligence.
DDoS Attack
Hacking
Exploited Host
๐ฏ๐ต
demonsword
2026-05-10 19:48:33
(1 month ago)
Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ...
show more
Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: c2.dstatbot.win:443
show less
Open Proxy
Port Scan
๐ช๐ธ
alferez
2026-04-24 10:01:03
(2 months ago)
Searching hacked php files
Hacking
Exploited Host
Web App Attack
๐ซ๐ท
Bruno
2026-04-24 01:45:31
(2 months ago)
168.144.97.213 - - [24/Apr/2026:03:45:23 +0200] "GET /wp-login.php HTTP/1.1" 200 11156 "https://www. ...
show more
168.144.97.213 - - [24/Apr/2026:03:45:23 +0200] "GET /wp-login.php HTTP/1.1" 200 11156 "https://www.bing.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Safari/605.1.15"
168.144.97.213 - - [24/Apr/2026:03:45:28 +0200] "POST /wp-login.php HTTP/1.1" 200 7972 "https://editionsansouire.fr/wp-login.php" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"
168.144.97.213 - - [24/Apr/2026:03:45:28 +0200] "GET /wp-login.php?redirect_to=https%3A%2F%2Feditionsansouire.fr%2Fwp-admin%2Findex.php&reauth=1 HTTP/1.1" 200 9901 "https://editionsansouire.fr/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"
168.144.97.213 - - [24/Apr/2026:03:45:29 +0200] "POST /wp-login.php HTTP/1.1" 200 7973 "https://editionsansouire.fr/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 13_6_1) AppleWebKit/605.1.15 (
...
show less
Web App Attack
๐ฉ๐ช
stinpriza
2026-04-22 19:03:15
(2 months ago)
Web App Attack
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-22 15:41:24
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 168.144.97.213 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 168.144.97.213 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 22 11:41:20.713401 2026] [security2:error] [pid 2741010:tid 2741010] [client 168.144.97.213:52314] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||lovebuilds.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "lovebuilds.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aejsIMqp4lcR4JyocY0MwgAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
DocNetzwerk
2026-04-22 13:28:42
(2 months ago)
(php-url-fopen) Failed php-url-fopen trigger from 168.144.97.213 (US/United States/-)
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-21 08:26:32
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 168.144.97.213 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 168.144.97.213 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 21 04:26:25.888592 2026] [security2:error] [pid 1090883:tid 1090883] [client 168.144.97.213:54210] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||krystalsgiftshopandboutique.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "krystalsgiftshopandboutique.net"] [uri "/wp-json/wp/v2/users"] [unique_id "aec0sR3NHyDMNQVOh-fNewAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
SpaceHost-Server
2026-04-20 22:30:43
(2 months ago)
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-20 20:20:49
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 168.144.97.213 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 168.144.97.213 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 20 16:20:44.051911 2026] [security2:error] [pid 3683069:tid 3683069] [client 168.144.97.213:39470] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||areafinancieratf.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "areafinancieratf.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aeaKnGJ-GfM7QETsvfkP8QAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack