JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 165.22.61.104

165.22.61.104 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 0%: ?

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 165.22.61.104

Whois 165.22.61.104

IP Abuse Reports for 165.22.61.104:

This IP address has been reported a total of 17 times from 9 distinct sources. 165.22.61.104 was first reported on May 15th 2023, and the most recent report was 1 year ago.

Old Reports: The most recent abuse report for this IP address is from 1 year ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Packets-Decreaser.NET	2024-09-03 13:17:11 (1 year ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇮🇩 hermawan	2024-07-02 01:22:28 (1 year ago)	[Tue Jul 02 08:22:25.450229 2024] [security2:error] [pid 476667:tid 135580925036096] [client 165.22. ... show more [Tue Jul 02 08:22:25.450229 2024] [security2:error] [pid 476667:tid 135580925036096] [client 165.22.61.104:55399] [client 165.22.61.104] ModSecurity: Access denied with code 403 (phase 2). Pattern match "." at ARGS_NAMES:rest_route. [file "/etc/modsecurity/coreruleset-4.3.0/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "642"] [id "921170"] [msg "HTTP Parameter Pollution ()"] [data "Matched Data: r found within ARGS_NAMES:rest_route: rest_route request_line = GET /?rest_route=/wp/v2/users/ HTTP/1.1"] [ver "OWASP_CRS/4.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "capec/1000/152/137/15/460"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/"] [unique_id "ZoNWUTIpbYvgmGLvGEMQpgAAAAQ"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[476713] [MrHRi4lOV4k] [ZoNWUTIpbYvgmGLvGEMQpgAAAAQ] keep_alive=[0] [2024-07-02 08:22:25.450235] [R:ZoNWUTIpbYvgmGLvGEMQpgAAAAQ] UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64) ... show less	Hacking Web App Attack
🇮🇩 hermawan	2024-06-24 10:05:01 (1 year ago)	[Mon Jun 24 17:04:46.504790 2024] [security2:error] [pid 297398:tid 133268114507328] [client 165.22. ... show more [Mon Jun 24 17:04:46.504790 2024] [security2:error] [pid 297398:tid 133268114507328] [client 165.22.61.104:56639] [client 165.22.61.104] ModSecurity: Access denied with code 403 (phase 2). Pattern match "." at ARGS_NAMES:rest_route. [file "/etc/modsecurity/coreruleset-4.3.0/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "642"] [id "921170"] [msg "HTTP Parameter Pollution ()"] [data "Matched Data: r found within ARGS_NAMES:rest_route: rest_route request_line = GET /?rest_route=/wp/v2/users/ HTTP/1.1"] [ver "OWASP_CRS/4.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "capec/1000/152/137/15/460"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/"] [unique_id "ZnlEvm93FHIWCxdxHKtGxwAAAJw"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[297468] [3ecW6S8Se2Q] [ZnlEvm93FHIWCxdxHKtGxwAAAJw] keep_alive=[0] [2024-06-24 17:04:46.504795] [R:ZnlEvm93FHIWCxdxHKtGxwAAAJw] UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64) ... show less	Hacking Web App Attack
🇮🇩 hermawan	2024-06-19 04:38:48 (1 year ago)	[Wed Jun 19 11:38:45.991784 2024] [security2:error] [pid 679125:tid 128415348819520] [client 165.22. ... show more [Wed Jun 19 11:38:45.991784 2024] [security2:error] [pid 679125:tid 128415348819520] [client 165.22.61.104:52461] [client 165.22.61.104] ModSecurity: Access denied with code 403 (phase 2). Pattern match "." at ARGS_NAMES:rest_route. [file "/etc/modsecurity/coreruleset-4.3.0/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "643"] [id "921170"] [msg "HTTP Parameter Pollution ()"] [data "Matched Data: r found within ARGS_NAMES:rest_route: rest_route request_line = GET /?rest_route=/wp/v2/users/ HTTP/1.1"] [ver "OWASP_CRS/4.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "capec/1000/152/137/15/460"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/"] [unique_id "ZnJg1afYXmCRgiNHiDn8DAAAAgM"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[679170] [FBUTxka39lU] [ZnJg1afYXmCRgiNHiDn8DAAAAgM] keep_alive=[0] [2024-06-19 11:38:45.991787] [R:ZnJg1afYXmCRgiNHiDn8DAAAAgM] UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64) ... show less	Hacking Web App Attack
🇮🇩 hermawan	2024-06-19 02:15:11 (1 year ago)	[Wed Jun 19 09:14:13.714280 2024] [security2:error] [pid 559995:tid 127828861388352] [client 165.22. ... show more [Wed Jun 19 09:14:13.714280 2024] [security2:error] [pid 559995:tid 127828861388352] [client 165.22.61.104:64019] [client 165.22.61.104] ModSecurity: Access denied with code 403 (phase 2). Pattern match "." at ARGS_NAMES:rest_route. [file "/etc/modsecurity/coreruleset-4.3.0/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "643"] [id "921170"] [msg "HTTP Parameter Pollution ()"] [data "Matched Data: r found within ARGS_NAMES:rest_route: rest_route request_line = GET /?rest_route=/wp/v2/users/ HTTP/1.1"] [ver "OWASP_CRS/4.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "capec/1000/152/137/15/460"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/"] [unique_id "ZnI-9fQYQYiIGK9h8qJXfgAAAEA"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[560037] [/DAWwYRYBdU] [ZnI-9fQYQYiIGK9h8qJXfgAAAEA] keep_alive=[0] [2024-06-19 09:14:13.714284] [R:ZnI-9fQYQYiIGK9h8qJXfgAAAEA] UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64) ... show less	Hacking Web App Attack
🇮🇩 penjaga BRIN	2024-06-13 05:12:35 (1 year ago)	Multiple WP scan detected from same source ip.-240	Web App Attack
🇮🇩 penjaga BRIN	2024-06-11 16:04:27 (1 year ago)	Multiple WP scan detected from same source ip.-111	Web App Attack
🇮🇩 penjaga BRIN	2024-06-10 11:01:30 (2 years ago)	Multiple WP scan detected from same source ip.-111	Brute-Force
🇮🇩 hermawan	2024-06-09 10:39:59 (2 years ago)	[Sun Jun 09 17:39:57.113605 2024] [security2:error] [pid 424810:tid 136016996337216] [client 165.22. ... show more [Sun Jun 09 17:39:57.113605 2024] [security2:error] [pid 424810:tid 136016996337216] [client 165.22.61.104:52626] [client 165.22.61.104] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Client" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.3.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "38"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: Client found within REQUEST_HEADERS:User-Agent: Go-http-client/1.1 request_line = GET /public/assets/filemanager/dialog.php HTTP/1.1"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/public/assets/filemanager/dialog.php"] [unique_id "ZmWGfeKNOen45bSiTfYf2gAAAAQ"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[424856] [7TVip8IJbzY] [ZmWGfeKNOen45bSiTfYf2gAAAAQ] keep_alive=[0] [2024-06-09 17:39:57.113608] [R:ZmWGfeKNOen45bSiTfYf2gAAAAQ] UA:'Go-http-client/1.1' Host:'staklim-jatim.bmkg.go.id' Accept-Encoding:'gzip ... show less	Hacking Web App Attack
🇮🇩 hermawan	2024-06-09 10:12:26 (2 years ago)	[Sun Jun 09 17:12:22.894678 2024] [security2:error] [pid 405038:tid 130462490035776] [client 165.22. ... show more [Sun Jun 09 17:12:22.894678 2024] [security2:error] [pid 405038:tid 130462490035776] [client 165.22.61.104:53048] [client 165.22.61.104] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Client" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.3.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "38"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: Client found within REQUEST_HEADERS:User-Agent: Go-http-client/1.1 request_line = GET /user/file/filemanager/dialog.php HTTP/1.1"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/user/file/filemanager/dialog.php"] [unique_id "ZmWABuragYJqlCFvMBsFhwAAAEI"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[405082] [o9TIRELtfuo] [ZmWABuragYJqlCFvMBsFhwAAAEI] keep_alive=[0] [2024-06-09 17:12:22.894681] [R:ZmWABuragYJqlCFvMBsFhwAAAEI] UA:'Go-http-client/1.1' Host:'staklim-jatim.bmkg.go.id' Accept-Encoding:'gzip ... show less	Hacking Web App Attack
🇮🇩 hermawan	2024-06-08 23:37:35 (2 years ago)	[Sun Jun 09 06:37:33.748824 2024] [security2:error] [pid 206520:tid 134009935889984] [client 165.22. ... show more [Sun Jun 09 06:37:33.748824 2024] [security2:error] [pid 206520:tid 134009935889984] [client 165.22.61.104:57583] [client 165.22.61.104] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Client" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.3.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "38"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: Client found within REQUEST_HEADERS:User-Agent: Go-http-client/1.1 request_line = GET /filemanager/dialog.php HTTP/1.1"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/filemanager/dialog.php"] [unique_id "ZmTrPWQ5f2nvVhYlXIqrlAAAAIQ"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[206566] [/JR+ZtnrEf8] [ZmTrPWQ5f2nvVhYlXIqrlAAAAIQ] keep_alive=[0] [2024-06-09 06:37:33.748827] [R:ZmTrPWQ5f2nvVhYlXIqrlAAAAIQ] UA:'Go-http-client/1.1' Host:'staklim-jatim.bmkg.go.id' Accept-Encoding:'gzip ... show less	Hacking Web App Attack
🇫🇷 security.rdmc.fr	2023-05-16 00:54:58 (3 years ago)	Port Scan Attack proto:UDP src:34033 dst:389	Port Scan
🇬🇧 WebServ	2023-05-15 23:46:04 (3 years ago)	Unauthorized port scan	Brute-Force
Anonymous	2023-05-15 23:20:03 (3 years ago)	Unauthorized connection attempt detected in the last 24 hours	Hacking
Anonymous	2023-05-15 20:28:24 (3 years ago)	Hit honeypot r.	Port Scan Hacking Exploited Host

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 2a05:d014:fb0:c802:cca4:fea7:5ceb:265

🇨🇳 202.105.98.252

🇵🇰 175.107.245.43

🇧🇼 168.167.228.123

🇺🇸 154.92.23.249

🇻🇳 103.138.113.149

🇫🇷 91.231.89.212

🇧🇬 78.128.114.162

🇰🇷 49.247.37.22

🇧🇪 198.235.24.251

🇳🇱 185.223.235.26

🇫🇷 185.177.72.23

🇮🇳 160.250.225.19

🇺🇸 147.185.132.203

🇺🇸 107.150.111.98

🇻🇳 103.172.236.15

🇺🇸 98.90.43.197

🇫🇷 91.196.152.209

🇬🇧 81.19.219.219

🇱🇹 45.227.254.170