JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 159.223.216.21

159.223.216.21 was found in our database!

This IP was reported 282 times. Confidence of Abuse is 48%: ?

48%

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	🇳🇱 Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 159.223.216.21

Whois 159.223.216.21

IP Abuse Reports for 159.223.216.21:

This IP address has been reported a total of 282 times from 169 distinct sources. 159.223.216.21 was first reported on November 23rd 2025, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 thetomtaylor.co.uk	2026-05-14 09:07:02 (1 month ago)	Fail2Ban - [SSH]Brute-force login attempts on sshd ... [mx02]	Brute-Force SSH
🇮🇳 evicky2002	2026-05-13 07:18:32 (1 month ago)	Confirmed malicious by STILWaters CTI platform (score=100, sources=1)	Hacking Brute-Force SSH
🇺🇸 Matthew Ping	2026-05-12 02:00:26 (1 month ago)	ModSecurity rule 949110 triggered on dedicated4785. Web application attack blocked by CSF/LFD.	Web App Attack Hacking
🇬🇧 thetomtaylor.co.uk	2026-05-11 22:09:02 (1 month ago)	Fail2Ban - [SSH]Brute-force login attempts on sshd ... [mx01,mx03]	Brute-Force SSH
🇺🇸 octageeks.com	2026-05-11 04:07:28 (1 month ago)	Wordpress malicious attack:[octablocked]	Web App Attack
🇩🇪 pscriptos	2026-05-10 19:43:49 (1 month ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
🇦🇹 SchiWaGoA	2026-05-10 16:02:30 (1 month ago)	This IP was detected by CrowdSec trigger from crowdsecurity/http-sensitive-files	Web App Attack Hacking
🇧🇷 Halux	2026-05-10 14:50:02 (1 month ago)	159.223.216.21 Web Application Firewall multiple violations	Hacking Web App Attack
🇺🇸 Matthew Ping	2026-05-10 14:00:02 (1 month ago)	ModSecurity rule 949110 triggered on dedicated4785. Web application attack blocked by CSF/LFD.	Web App Attack Hacking
🇺🇦 URAN Publishing Service	2026-05-10 10:45:20 (1 month ago)	159.223.216.21 - - [10/May/2026:13:45:19 +0300] "GET /api/.env HTTP/1.1" 404 3329 "-" "Mozilla/5.0 ( ... show more 159.223.216.21 - - [10/May/2026:13:45:19 +0300] "GET /api/.env HTTP/1.1" 404 3329 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" ... show less	Web App Attack
🇫🇷 ingroscart.it	2026-05-10 09:57:00 (1 month ago)	(mod_security) mod_security triggered on hostname [redacted] 159.223.216.21 (NL/Netherlands/-)	SQL Injection
🇺🇸 TPI-Abuse	2026-05-10 09:29:12 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 159.223.216.21 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 159.223.216.21 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 10 05:29:09.114382 2026] [security2:error] [pid 18290:tid 18290] [client 159.223.216.21:21054] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "anxietyquest.com"] [uri "/api/.env"] [unique_id "agBP5UhJUB5XtVp7xmy-rQAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-05-10 09:02:42 (1 month ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 TPI-Abuse	2026-05-10 08:45:56 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 159.223.216.21 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 159.223.216.21 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 10 04:45:51.902652 2026] [security2:error] [pid 29769:tid 29769] [client 159.223.216.21:39830] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "computerservicesofflorida.com"] [uri "/.env.production"] [unique_id "agBFv8n8YdGb_jDPffhYCQAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-10 07:33:46 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 159.223.216.21 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 159.223.216.21 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 10 03:33:40.303519 2026] [security2:error] [pid 29268:tid 29314] [client 159.223.216.21:2640] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "simulador.com"] [uri "/.env"] [unique_id "agA01PF5zvwh8GlGUi2GOgAAAFE"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 282 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 185.216.214.42

🇳🇱 176.65.139.181

🇳🇱 176.65.139.94

🇰🇷 175.203.199.118

🇺🇸 162.216.150.48

🇮🇳 135.235.218.74

🇫🇷 135.125.29.132

🇨🇳 114.106.135.24

🇨🇦 104.207.59.230

🇮🇳 103.149.16.74

🇺🇸 100.29.192.42

🇬🇧 91.230.225.219

🇧🇪 34.22.118.52

🇳🇱 31.14.32.4

🇺🇸 20.64.105.0

🇺🇸 2a03:2880:7ff:71::

🇰🇷 220.118.173.234

🇳🇱 193.176.31.150

🇳🇱 172.94.9.55

🇺🇸 141.11.88.105