JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 168.167.81.72

168.167.81.72 was found in our database!

This IP was reported 11 times. Confidence of Abuse is 26%: ?

26%

ISP	Botswana Telecommunications Corporation
Usage Type	Fixed Line ISP
ASN	AS14988
Domain Name	btc.bw
Country	🇧🇼 Botswana
City	Gaborone, Gaborone

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 168.167.81.72

Whois 168.167.81.72

IP Abuse Reports for 168.167.81.72:

This IP address has been reported a total of 11 times from 8 distinct sources. 168.167.81.72 was first reported on January 30th 2023, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-20 16:43:49 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 168.167.81.72 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 168.167.81.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 12:43:42.798048 2026] [security2:error] [pid 6344:tid 6344] [client 168.167.81.72:34952] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|vitalitywebb.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "vitalitywebb.com"] [uri "/backstore/Catnapper/images/Omni/Thumbs.db"] [unique_id "ajbDPmiEYNvILPzy7FiNxQAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-19 18:02:30 (1 week ago)	[osotir.org] httpd-xmlrpc-post: sites=agonistes.gr; logs=/var/log/httpd/domains/agonistes.gr.log; sa ... show more [osotir.org] httpd-xmlrpc-post: sites=agonistes.gr; logs=/var/log/httpd/domains/agonistes.gr.log; samples=/xmlrpc.php show less	Brute-Force Web App Attack
🇦🇺 screwlooseit.com.au	2026-06-19 16:00:14 (1 week ago)	Blocked by CSF 13 firewall - Rule: XMLRPC BW/Botswana/-	Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 13:00:12 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 168.167.81.72 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 168.167.81.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 09:00:07.081853 2026] [security2:error] [pid 26644:tid 26644] [client 168.167.81.72:61322] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 168.167.81.72 (+1 hits since last alert)\|gellertdealers.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "gellertdealers.com"] [uri "/xmlrpc.php"] [unique_id "ajU9V-B-vFAJtzHCPZdeiwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 11:00:18 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 168.167.81.72 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 168.167.81.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 07:00:08.164014 2026] [security2:error] [pid 7993:tid 7993] [client 168.167.81.72:62879] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 168.167.81.72 (+1 hits since last alert)\|opticasprisma.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "opticasprisma.com"] [uri "/xmlrpc.php"] [unique_id "ajUhOCePiiVYb65Fij8rowAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 pltcldvlpr	2026-06-15 07:34:05 (1 week ago)	Bogus Useragent: 168.167.81.72 - - [14/Jun/2026:15:25:07 +0200] "GET /protocol?id=th_4_111&paragraph ... show more Bogus Useragent: 168.167.81.72 - - [14/Jun/2026:15:25:07 +0200] "GET /protocol?id=th_4_111&paragraph=15327901&seq=409 HTTP/1.1" 302 5 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1) AppleWebKit/533.30.3 (KHTML, like Gecko) Version/4.1 Safari/533.30.3" asn=14988 org="Botswana Telecommunications Corporation" country=BW ... show less	Bad Web Bot
🇺🇸 TPI-Abuse	2025-12-10 14:52:11 (6 months ago)	"Participant in large-scale DDoS Attack in which data injection was attmpted to gain unauthorized ac ... show more "Participant in large-scale DDoS Attack in which data injection was attmpted to gain unauthorized access" show less	DDoS Attack SQL Injection Exploited Host
Anonymous	2025-11-21 12:22:27 (7 months ago)	scanning http requests from known botnet	Web App Attack
Anonymous	2025-11-12 13:51:06 (7 months ago)	Fail2Ban - NGINX Honeypot	Bad Web Bot
🇳🇱 exxos	2025-09-05 22:03:01 (9 months ago)	Attacks with Bad user agents	Hacking
🇱🇺 Tha_14	2023-01-30 17:57:37 (3 years ago)	Incoming UDP Connection from 168.167.81.72 to port: 20473. Honeypot was triggered at 1/30/2023 19:57 ... show more Incoming UDP Connection from 168.167.81.72 to port: 20473. Honeypot was triggered at 1/30/2023 19:57:25. show less	Port Scan

Showing 1 to 11 of 11 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 195.178.110.30

🇩🇪 165.245.215.66

🇺🇸 100.29.192.36

🇹🇷 85.153.227.89

🇭🇰 43.242.203.160

🇺🇸 35.255.69.47

🇨🇳 14.103.114.199

🇸🇬 8.222.196.52

🇫🇷 207.180.255.206

🇷🇴 193.32.162.204

🇮🇳 172.84.176.105

🇨🇳 112.28.153.193

🇨🇳 112.3.36.179

🇺🇸 104.152.52.233

🇺🇸 104.152.52.225

🇲🇲 103.154.241.61

🇺🇸 100.29.192.125

🇺🇸 100.29.192.34

🇺🇸 100.29.192.31

🇺🇸 100.29.192.16