JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 159.75.94.165

159.75.94.165 was found in our database!

This IP was reported 209 times. Confidence of Abuse is 100%: ?

100%

ISP	Tencent Cloud Computing (Beijing) Co., Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS45090
Domain Name	tencentcloud.com
Country	🇨🇳 China
City	Guangzhou, Guangdong

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 159.75.94.165

Whois 159.75.94.165

IP Abuse Reports for 159.75.94.165:

This IP address has been reported a total of 209 times from 84 distinct sources. 159.75.94.165 was first reported on September 27th 2025, and the most recent report was 26 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇷 SOC PR	2026-06-20 07:52:47 (26 minutes ago)	IPS: Apache HTTP Server Directory Traversal.	Web App Attack
🇨🇳 Peter Yu	2026-06-20 07:27:04 (52 minutes ago)		Bad Web Bot Web App Attack
🇺🇸 MPL	2026-06-20 07:12:25 (1 hour ago)	tcp/2222 (4 or more attempts)	Port Scan
🇺🇸 TPI-Abuse	2026-06-20 06:57:34 (1 hour ago)	(mod_security) mod_security (id:218420) triggered by 159.75.94.165 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:218420) triggered by 159.75.94.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 02:57:29.079997 2026] [security2:error] [pid 32199:tid 32199] [client 159.75.94.165:34246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|192.64.150.180:80\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.180"] [uri "/hello.world"] [unique_id "ajY52a2Nn9uJkeQSwvO9ywAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 MPL	2026-06-20 06:29:30 (1 hour ago)	tcp/80 (2 or more attempts)	Port Scan
🇺🇸 xmission.com	2026-06-20 06:12:39 (2 hours ago)	Blocked by UFW (TCP on 2222) Source port: 36156 TTL: 48 Packet length: 40 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 2222) Source port: 36156 TTL: 48 Packet length: 40 TOS: 0x00 This report (for 159.75.94.165) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 sumnone	2026-06-20 05:55:42 (2 hours ago)	Port probing on unauthorized port 22	Port Scan Hacking Exploited Host
🇫🇷 pm33	2026-06-20 05:28:10 (2 hours ago)	Probing for resource vulnerabilities HTTP(S)	Web App Attack
🇺🇸 MPL	2026-06-20 04:50:36 (3 hours ago)	tcp/443 (2 or more attempts)	Port Scan
🇬🇧 Nov	2026-06-20 03:25:15 (4 hours ago)	Unauthorized access attempt (tcp/443)	Port Scan
Anonymous	2026-06-20 03:04:11 (5 hours ago)	IP & Port Scan.	SSH Port Scan Brute-Force
🇺🇸 MPL	2026-06-20 02:36:09 (5 hours ago)	tcp/2375 (2 or more attempts)	Port Scan
🇺🇸 RAP	2026-06-20 02:22:47 (5 hours ago)	2026-06-20 02:22:47 UTC Unauthorized activity to TCP port 22. SSH	SSH
🇬🇧 PeravixGroup	2026-06-20 01:42:21 (6 hours ago)	Honeypot detection: SSH brute-force authentication attempt on port 22. Severity: MEDIUM. Aaran.cloud	SSH Brute-Force
🇫🇷 zulzeen	2026-06-20 01:24:54 (6 hours ago)	[distribamap-0] Blocked by SysWarden Firewall [GEO] (Web Attack)	Hacking Web App Attack

Showing 1 to 15 of 209 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 185.213.174.141

🇨🇳 111.59.179.37

🇮🇳 103.204.167.14

🇵🇱 87.251.64.141

🇩🇪 51.77.73.59

🇺🇸 44.34.40.233

🇨🇳 218.64.153.175

🇰🇷 112.216.108.62

🇨🇳 106.13.79.83

🇸🇮 102.220.160.154

🇹🇼 101.13.5.26

🇮🇳 59.184.86.76

🇩🇪 44.157.219.23

🇬🇧 217.154.35.203

🇺🇦 176.38.31.170

🇺🇸 162.216.150.73

🇺🇸 108.250.130.115

🇺🇸 44.213.68.115

🇯🇵 20.153.204.5

🇻🇳 14.232.115.174