JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 192.159.99.66

192.159.99.66 was found in our database!

This IP was reported 180 times. Confidence of Abuse is 92%: ?

92%

ISP	1337 Services GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS210558
Hostname(s)	192.159.99.66.powered.by.rdp.sh
Domain Name	as210558.net
Country	🇺🇸 United States of America
City	New York City, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 192.159.99.66

Whois 192.159.99.66

IP Abuse Reports for 192.159.99.66:

This IP address has been reported a total of 180 times from 41 distinct sources. 192.159.99.66 was first reported on August 1st 2025, and the most recent report was 7 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 ipblock.com	2026-06-07 03:48:00 (7 hours ago)	IPBlock protected site ID [1887-mw]. Exploit postback	Bad Web Bot Brute-Force Hacking
🇬🇧 Bytemark	2026-06-05 09:03:14 (2 days ago)	192.159.99.66 - - [05/Jun/2026:10:03:13 +0100] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin. ... show more 192.159.99.66 - - [05/Jun/2026:10:03:13 +0100] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 5721 "-" "python-requests/2.25.1" show less	Brute-Force Web App Attack
🇧🇷 SOC PR	2026-06-05 06:33:27 (2 days ago)	IPS: PHPUnit Command Injection (CVE-2017-9841).	Web App Attack
🇮🇩 zam	2026-06-05 00:19:38 (2 days ago)	192.159.99.66 - - [05/Jun/2026:00:19:35 +0000] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin. ... show more 192.159.99.66 - - [05/Jun/2026:00:19:35 +0000] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 236 show less	Web App Attack
🇧🇷 Francisco Carlos	2026-06-04 19:42:09 (2 days ago)	Honeypot captured 3 automated attack/scan requests (JR Save Tech). Types: cve-probe, env-leak, shell ... show more Honeypot captured 3 automated attack/scan requests (JR Save Tech). Types: cve-probe, env-leak, shell-upload. Sample: GET /.env; GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php show less	Hacking Bad Web Bot Web App Attack
🇺🇸 nodepile	2026-06-04 19:05:23 (2 days ago)	Requests denied due to active blacklist hits (tenant=47 method=POST path=/ ua='Mozilla/5.0 (Linux; U ... show more Requests denied due to active blacklist hits (tenant=47 method=POST path=/ ua='Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30') show less	Web App Attack Exploited Host
🇺🇸 ipblock.com	2026-06-04 18:17:00 (2 days ago)	IPBlock protected site ID [3390-wh]. Exploit request, vulnerability scanner.	Hacking Bad Web Bot Web App Attack
🇧🇪 voormedia	2026-06-04 17:37:36 (2 days ago)	Accessed trap at '/.env'	Web App Attack
🇺🇸 ipblock.com	2026-06-04 16:16:00 (2 days ago)	IPBlock protected site ID [669-fx]. Exploit request, vulnerability scanner.	Hacking Bad Web Bot Web App Attack
🇩🇪 FeG Deutschland	2026-06-04 15:50:23 (2 days ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 09:51:18 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 192.159.99.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 192.159.99.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 05:51:02.182333 2026] [security2:error] [pid 23942:tid 23960] [client 192.159.99.66:56511] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.buy-optimum.com"] [uri "/.env"] [unique_id "aiFKhqxZFvrQdIR1ZQ28bAAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-04 09:06:58 (3 days ago)	Abuse Detected (1)	Brute-Force Web App Attack
🇧🇷 Francisco Carlos	2026-06-04 08:59:13 (3 days ago)	Honeypot captured 1 automated attack/scan requests (JR Save Tech). Types: env-leak. Sample: GET /.en ... show more Honeypot captured 1 automated attack/scan requests (JR Save Tech). Types: env-leak. Sample: GET /.env show less	Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2026-05-29 22:02:17 (1 week ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-28. show less	Web App Attack SSH Hacking
🇧🇪 voormedia	2026-05-28 07:48:29 (1 week ago)	Accessed trap at '/.env'	Web App Attack

Showing 1 to 15 of 180 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 2404:7c80:5c:9e38:ef27:5be3:cb40:e9c3

🇮🇳 182.95.177.78

🇸🇬 101.32.248.94

🇪🇸 79.116.23.158

🇳🇱 45.156.87.34

🇩🇪 2.26.1.31

🇺🇸 2604:a880:400:d1:0:4:6c78:c001

🇺🇸 216.218.206.67

🇷🇺 188.92.241.150

🇨🇦 167.114.139.60

🇺🇸 162.216.149.71

🇻🇳 116.110.1.243

🇬🇧 51.195.244.181

🇵🇱 51.75.53.4

🇵🇰 14.1.107.86

🇬🇧 213.166.84.39

🇨🇾 213.149.181.32

🇺🇸 194.195.211.196

🇩🇪 193.169.194.14

🇩🇿 105.97.222.14