JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 159.203.67.22

159.203.67.22 was found in our database!

This IP was reported 44 times. Confidence of Abuse is 0%: ?

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	🇺🇸 United States of America
City	Clifton, New Jersey

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 159.203.67.22

Whois 159.203.67.22

IP Abuse Reports for 159.203.67.22:

This IP address has been reported a total of 44 times from 21 distinct sources. 159.203.67.22 was first reported on October 15th 2024, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 MPL	2026-01-27 04:57:31 (4 months ago)	tcp/8888	Port Scan
🇵🇱 sefinek.net	2026-01-27 04:13:40 (4 months ago)	Blocked by UFW on PL02 [8082/tcp] Source port: 61013 TTL: 234 Packet length: 44 TOS: 0x00 This repo ... show more Blocked by UFW on PL02 [8082/tcp] Source port: 61013 TTL: 234 Packet length: 44 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 xmission.com	2026-01-27 02:56:28 (4 months ago)	Blocked by UFW (TCP on 13000) Source port: 61015 TTL: 241 Packet length: 44 TOS: 0x08 This report ( ... show more Blocked by UFW (TCP on 13000) Source port: 61015 TTL: 241 Packet length: 44 TOS: 0x08 This report (for 159.203.67.22) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇪🇸 Gem	2025-12-06 10:00:25 (6 months ago)	Unauthorized web scan.	Web App Attack
🇮🇹 Progetto1	2025-11-30 01:40:02 (6 months ago)	Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
🇳🇱 homeshowdomain.nl	2025-11-29 23:04:54 (6 months ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2025-11-28. show less	Hacking Web App Attack SSH
🇩🇪 Hary74656	2025-11-29 18:33:01 (6 months ago)	[Sat Nov 29 18:03:57.501414 2025] [security2:error] [pid 116272:tid 116438] [client 159.203.67.22:52 ... show more [Sat Nov 29 18:03:57.501414 2025] [security2:error] [pid 116272:tid 116438] [client 159.203.67.22:52862] [client 159.203.67.22] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "26th.eu"] [uri "/.git/config"] [unique_id "aSsnfLF4Ic-JbbXh3vthewAAA5s"] [Sat Nov 29 18:04:04.514958 2025] [security2:error] [pid 116140:tid 116270] [client 159.203.67.22:42214] [client 159.203.67.22] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/sha ... show less	Web App Attack
🇳🇱 Mangelot Hosting	2025-11-29 13:22:13 (6 months ago)	(modsecurity) srv201 ModSecurity 159.203.67.22 (US/United States/-): 5 in the last 3600 secs; Ports: ... show more (modsecurity) srv201 ModSecurity 159.203.67.22 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
🇺🇸 mnsf	2025-11-29 12:05:19 (6 months ago)	Too many Status 40X (12)	Brute-Force Web App Attack
🇬🇧 Mendip_Defender	2025-11-29 12:01:12 (6 months ago)	[29/Nov/2025:12:01:00.676801 +0000] aSrgfBR7vu8af2NWApV1pQAAABY 159.203.67.22 50000 188.246.206.60 7 ... show more [29/Nov/2025:12:01:00.676801 +0000] aSrgfBR7vu8af2NWApV1pQAAABY 159.203.67.22 50000 188.246.206.60 7080 [29/Nov/2025:12:01:02.116334 +0000] aSrgftMZdLRo-QD1_4p-yQAAAEM 159.203.67.22 53936 188.246.206.60 7081 ... show less	Brute-Force
🇳🇱 ipoac.nl	2025-11-29 11:44:31 (6 months ago)	ipoac.nl:80 159.203.67.22 - - [29/Nov/2025:12:44:31 +0100] - "GET /.git/config HTTP/1.1" 403 1709 "- ... show more ipoac.nl:80 159.203.67.22 - - [29/Nov/2025:12:44:31 +0100] - "GET /.git/config HTTP/1.1" 403 1709 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" show less	Bad Web Bot
🇮🇩 Burayot	2025-11-29 10:35:31 (6 months ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 159.203.67.22 (US/United States/-): ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 159.203.67.22 (US/United States/-): 2 in the last 3600 secs show less	Web App Attack
🇩🇪 DocNetzwerk	2025-11-29 10:09:03 (6 months ago)	(mod_security) mod_security triggered on hostname [redacted] 159.203.67.22 (US/United States/-)	SQL Injection
🇳🇱 ipoac.nl	2025-11-29 08:46:16 (6 months ago)	ipoac.nl:80 159.203.67.22 - - [29/Nov/2025:09:46:15 +0100] - "GET /.git/config HTTP/1.1" 403 1709 "- ... show more ipoac.nl:80 159.203.67.22 - - [29/Nov/2025:09:46:15 +0100] - "GET /.git/config HTTP/1.1" 403 1709 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" show less	Bad Web Bot
🇺🇸 TPI-Abuse	2025-11-29 08:15:43 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 159.203.67.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 159.203.67.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 29 03:15:37.972126 2025] [security2:error] [pid 25699:tid 25699] [client 159.203.67.22:40098] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "20dekopas.com"] [uri "/.git/config"] [unique_id "aSqrqdy_qjBOSUPPqSP56gAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 44 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇦 104.234.135.32

🇸🇪 83.226.181.38

🇳🇱 64.89.162.145

🇳🇱 45.148.10.141

🇴🇲 37.41.237.150

🇰🇷 222.110.147.56

🇩🇪 213.209.159.226

🇩🇪 172.70.246.36

🇩🇪 167.172.177.125

🇪🇸 88.20.33.175

🇺🇸 50.84.211.204

🇳🇱 45.156.128.158

🇺🇸 45.33.84.124

🇻🇳 27.79.3.38

🇳🇱 206.189.98.155

🇳🇱 195.170.172.128

🇩🇪 167.94.145.19

🇺🇸 136.56.34.147

🇲🇦 81.192.46.36

🇲🇾 49.124.155.176