JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 165.227.174.159

165.227.174.159 was found in our database!

This IP was reported 38 times. Confidence of Abuse is 14%: ?

14%

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 165.227.174.159

Whois 165.227.174.159

IP Abuse Reports for 165.227.174.159:

This IP address has been reported a total of 38 times from 15 distinct sources. 165.227.174.159 was first reported on October 23rd 2021, and the most recent report was 14 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇷🇺 Albram	2026-06-04 03:15:04 (14 hours ago)	IMAP Brute-Force (IP: 165.227.174.159)	Brute-Force
🇦🇺 PetePK	2026-06-04 02:59:02 (14 hours ago)	Probed 1 time(s): TCP/7000	Port Scan
🇳🇱 jjnxpct	2026-03-27 04:49:23 (2 months ago)	Automated security incident from hosting server. ModSecurity blocked suspicious request targeting UR ... show more Automated security incident from hosting server. ModSecurity blocked suspicious request targeting URI: /vendor/phpunit/phpunit/phpunit.xsd (Rule ID: 920440) - URL file extension is restricted by policy show less	Web App Attack SQL Injection Hacking
🇺🇸 Mundo Bueno	2026-03-27 00:56:46 (2 months ago)	[ISILIA Protection v2.1] Tentative d'accès: //vendor/phpunit/phpunit/phpunit.xsd \| Pays: DE \| UA: Mo ... show more [ISILIA Protection v2.1] Tentative d'accès: //vendor/phpunit/phpunit/phpunit.xsd \| Pays: DE \| UA: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-03-26 16:36:21 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 165.227.174.159 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 165.227.174.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 26 12:36:12.513986 2026] [security2:error] [pid 3164:tid 3164] [client 165.227.174.159:52136] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kimmunity.org\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kimmunity.org"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "acVgfBBGtS0W_RteOeDgxAAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-26 13:00:27 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 165.227.174.159 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 165.227.174.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 26 09:00:20.714678 2026] [security2:error] [pid 31804:tid 31850] [client 165.227.174.159:56908] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|faimreps.com\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "faimreps.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "acUt5L3pnpcvX3724g8DkQAAAJg"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 madeit	2026-03-26 09:58:17 (2 months ago)		Web App Attack
🇺🇸 TPI-Abuse	2026-03-26 03:50:47 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 165.227.174.159 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 165.227.174.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 25 23:50:41.484119 2026] [security2:error] [pid 7238:tid 7238] [client 165.227.174.159:64463] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|claireashton.com\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "claireashton.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "acStEcLhj8udMMdigyF1iAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-26 00:13:37 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 165.227.174.159 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 165.227.174.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 25 20:13:30.971399 2026] [security2:error] [pid 15666:tid 15666] [client 165.227.174.159:61025] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|safeharbourfund.com\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "safeharbourfund.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "acR6Ko7lXxWZMvb_LsNC9wAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-25 21:16:00 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 165.227.174.159 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 165.227.174.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 25 17:15:54.682492 2026] [security2:error] [pid 9166:tid 9166] [client 165.227.174.159:58951] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|urie.to\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "urie.to"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "acRQill4rovDfGLpSp01owAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-25 18:49:19 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 165.227.174.159 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 165.227.174.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 25 14:49:14.540786 2026] [security2:error] [pid 6941:tid 6941] [client 165.227.174.159:51054] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|egrabbagsale.com\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "egrabbagsale.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "acQuKtJktrPc3aKkxzMzBQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-25 18:13:52 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 165.227.174.159 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 165.227.174.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 25 14:13:45.744930 2026] [security2:error] [pid 21580:tid 21580] [client 165.227.174.159:50971] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|chelseafootballprogrammes.com\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "chelseafootballprogrammes.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "acQl2WnT6xT0FHL5K41D4AAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 sefinek.net	2026-03-25 17:17:57 (2 months ago)	Triggered Cloudflare WAF (firewallCustom) from DE. Action: MANAGED_CHALLENGE \| Protocol: HTTP/1.1 (G ... show more Triggered Cloudflare WAF (firewallCustom) from DE. Action: MANAGED_CHALLENGE \| Protocol: HTTP/1.1 (GET) \| Endpoint: //vendor/phpunit/phpunit/phpunit.xsd \| UA: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 • Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-03-25 13:19:27 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 165.227.174.159 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 165.227.174.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 25 09:19:22.773248 2026] [security2:error] [pid 27506:tid 27506] [client 165.227.174.159:52211] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.pathpa.org\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pathpa.org"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "acPg2gSPxWbLzJ5qSfD3ZQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-25 10:07:24 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 165.227.174.159 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 165.227.174.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 25 06:07:19.314444 2026] [security2:error] [pid 3725:tid 3725] [client 165.227.174.159:50143] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|damonmarks.com\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "damonmarks.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "acOz1wcaKRZtlRVbKQo79gAAABM"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 38 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 218.21.214.187

🇹🇷 213.14.61.157

🇮🇶 212.237.122.186

🇹🇭 202.183.141.133

🇹🇳 196.184.140.55

🇫🇮 147.185.133.99

🇺🇸 47.251.68.60

🇧🇷 45.205.1.243

🇦🇷 45.162.21.242

🇳🇱 45.148.10.152

🇬🇧 213.166.84.35

🇦🇷 200.73.131.100

🇧🇷 177.8.249.29

🇺🇸 164.90.156.35

🇻🇳 103.109.187.12

🇮🇳 103.30.81.138

🇷🇺 94.102.28.45

🇪🇸 93.176.158.24

🇺🇸 66.57.151.235

🇸🇦 46.153.52.70