JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 41.143.160.221

41.143.160.221 was found in our database!

This IP was reported 75 times. Confidence of Abuse is 100%: ?

100%

ISP	ADSL_Maroc_telecom
Usage Type	Fixed Line ISP
ASN	AS36903
Domain Name	menara.ma
Country	🇲🇦 Morocco
City	Casablanca, Casablanca-Settat

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 41.143.160.221

Whois 41.143.160.221

IP Abuse Reports for 41.143.160.221:

This IP address has been reported a total of 75 times from 51 distinct sources. 41.143.160.221 was first reported on June 16th 2026, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 openstrike.co.uk	2026-06-18 05:14:23 (4 hours ago)	2 attacks on env grabbing URLs: GET /.env HTTP/1.1	Hacking
🇲🇽 octageeks.com	2026-06-18 04:15:47 (5 hours ago)	Wordpress malicious attack:[octablocked]	Web App Attack
🇦🇺 paulshipley.com.au	2026-06-17 23:48:13 (10 hours ago)	[Thu Jun 18 09:48:13.372619 2026] [security2:error] [pid 458351] [client 41.143.160.221:49364] [clie ... show more [Thu Jun 18 09:48:13.372619 2026] [security2:error] [pid 458351] [client 41.143.160.221:49364] [client 41.143.160.221] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "shop.levellapromotions.com.au"] [uri "/.env"] [unique_id "ajMyPZB_yQ7M84P3E4PXGgAAAAw"] ... show less	Web App Attack
🇩🇪 psauxit	2026-06-17 22:44:41 (11 hours ago)	Fail2Ban - NGINX bad requests 400-401-403-404-444, high level vulnerability scanning, commonly xmlrp ... show more Fail2Ban - NGINX bad requests 400-401-403-404-444, high level vulnerability scanning, commonly xmlrpc_attack, wp-login brute force, excessive crawling/scraping show less	Web App Attack Hacking
🇳🇱 homeshowdomain.nl	2026-06-17 22:00:29 (12 hours ago)	Auto-ban: >3000 req/min op 2026-06-17	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-06-17 21:47:23 (12 hours ago)	(mod_security) mod_security (id:210492) triggered by 41.143.160.221 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 41.143.160.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 17:47:18.429174 2026] [security2:error] [pid 19224:tid 19224] [client 41.143.160.221:60005] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tomartsmedia.org"] [uri "/.env"] [unique_id "ajMV5pdy_NIftJMIt-kqJwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 bescared	2026-06-17 20:44:02 (13 hours ago)	F2B - Malicious activity detected. URL Probing. -151302cd-	Hacking Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 20:42:09 (13 hours ago)	(mod_security) mod_security (id:949110) triggered by 41.143.160.221 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:949110) triggered by 41.143.160.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 16:42:03.997460 2026] [security2:error] [pid 18529:tid 18529] [client 41.143.160.221:54615] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "armstrongenvironmental.com"] [uri "/.env"] [unique_id "ajMGm7LtmfmdJNPg_A7juAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 poundawebsiteltd	2026-06-17 20:32:16 (13 hours ago)	Web App Attack (ModSecurity Block). Evidence: [REDACTED_DOMAIN]:443 41.143.160.221 - - [17/Jun/2026: ... show more Web App Attack (ModSecurity Block). Evidence: [REDACTED_DOMAIN]:443 41.143.160.221 - - [17/Jun/2026:21:32:14 +0100] GET /.env HTTP/1.1 403 4176 - - show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 19:49:17 (14 hours ago)	(mod_security) mod_security (id:210492) triggered by 41.143.160.221 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 41.143.160.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 15:49:12.463769 2026] [security2:error] [pid 9739:tid 9739] [client 41.143.160.221:57003] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fastr-wellington.com"] [uri "/.env"] [unique_id "ajL6OOrDgK8OB5uVvx5z0wAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 bazter.pro	2026-06-17 19:48:35 (14 hours ago)	Auto-Ban [2026-06-17 19:48:35]: CRITICAL: bot trap (soft) \| host=minasdeoro.org \| route=/.env \| hits ... show more Auto-Ban [2026-06-17 19:48:35]: CRITICAL: bot trap (soft) \| host=minasdeoro.org \| route=/.env \| hits=1 \| ua=unknown show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 18:40:42 (15 hours ago)	(mod_security) mod_security (id:210492) triggered by 41.143.160.221 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 41.143.160.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 14:40:37.704828 2026] [security2:error] [pid 18172:tid 18172] [client 41.143.160.221:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "goalsnet.net"] [uri "/.env"] [unique_id "ajLqJQt2RHugfJ-F2ZaIVgAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-17 17:55:59 (16 hours ago)	41.143.160.221 - - [18/Jun/2026:01:55:58 +0800] "GET /.env HTTP/1.1" 404 39515 "-" "-" ...	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 17:39:26 (16 hours ago)	(mod_security) mod_security (id:210492) triggered by 41.143.160.221 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 41.143.160.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 13:39:19.270347 2026] [security2:error] [pid 8211:tid 8211] [client 41.143.160.221:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nextmoon.com"] [uri "/.env"] [unique_id "ajLbxw4jXfvUXKtgEm1S6QAAACc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 15:35:13 (18 hours ago)	(mod_security) mod_security (id:210492) triggered by 41.143.160.221 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 41.143.160.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 11:35:09.306527 2026] [security2:error] [pid 30195:tid 30195] [client 41.143.160.221:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nyemdr-online.com"] [uri "/.env"] [unique_id "ajK-rYOzBejn9hErUOb98wAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 75 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇪 41.89.227.164

🇺🇸 174.168.146.152

🇺🇸 172.110.223.97

🇸🇬 140.245.122.92

🇻🇳 116.110.152.204

🇷🇴 80.94.95.211

🇷🇴 80.94.92.184

🇪🇸 79.116.23.158

🇺🇸 45.56.83.247

🇸🇬 43.160.200.19

🇨🇳 223.109.252.148

🇳🇱 195.178.110.30

🇩🇪 185.242.3.226

🇲🇾 180.75.81.159

🇹🇼 175.182.108.48

🇧🇷 170.78.157.50

🇭🇰 112.119.21.245

🇺🇸 104.234.53.135

🇧🇩 103.205.68.86

🇮🇩 103.186.31.247