JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 203.159.81.12

203.159.81.12 was found in our database!

This IP was reported 87 times. Confidence of Abuse is 22%: ?

22%

ISP	VPN Consumer Network Services
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	vpnconsumer.com
Country	🇮🇱 Israel
City	Tel Aviv, Tel Aviv

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 203.159.81.12

Whois 203.159.81.12

IP Abuse Reports for 203.159.81.12:

This IP address has been reported a total of 87 times from 52 distinct sources. 203.159.81.12 was first reported on April 27th 2024, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 nodepile	2026-06-11 07:40:15 (1 day ago)	Repeatedly blocked bad web bot (tenant=82 method=GET path=/wp-content/themes/twentytwenty/about.php ... show more Repeatedly blocked bad web bot (tenant=82 method=GET path=/wp-content/themes/twentytwenty/about.php ua='python-requests/2.34.2') show less	Bad Web Bot
🇺🇦 URAN Publishing Service	2026-06-07 13:44:14 (4 days ago)	203.159.81.12 - - [07/Jun/2026:16:44:13 +0300] "GET /wp-includes/customize/index.php HTTP/1.1" 404 7 ... show more 203.159.81.12 - - [07/Jun/2026:16:44:13 +0300] "GET /wp-includes/customize/index.php HTTP/1.1" 404 707 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36" 203.159.81.12 - - [07/Jun/2026:16:44:13 +0300] "GET /wp-admin/shell20211028.php HTTP/1.1" 404 707 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:77.0) Gecko/20100101 Firefox/77.0" ... show less	Web App Attack
🇫🇷 Octopuce	2026-06-07 07:11:24 (5 days ago)	Aggressive web search of vulnerable pages: /bless.php /O-Simple.php /lock360.php /zwso.php /chosen.p ... show more Aggressive web search of vulnerable pages: /bless.php /O-Simple.php /lock360.php /zwso.php /chosen.php /about.php /admin.php /mah.php /.wp/wso. ... show less	Web App Attack
🇩🇪 ValtonTahiri	2026-02-24 22:24:53 (3 months ago)	Honeypot hit: HTTP GET http://[SOME-IP]/.git/config URL: http://[SOME-IP]/.git/config Method: GET St ... show more Honeypot hit: HTTP GET http://[SOME-IP]/.git/config URL: http://[SOME-IP]/.git/config Method: GET Status: 200 User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:105.0) Gecko/20100101 Firefox/105.0 Host: [SOME-IP] Accept: / Other Headers: accept-encoding: *, connection: keep-alive show less	Hacking Bad Web Bot
Anonymous	2026-02-24 09:45:28 (3 months ago)	[redacted] 203.159.81.12 - - [24/Feb/2026:10:45:23 +0100] "GET /admin/controller/extension/extension ... show more [redacted] 203.159.81.12 - - [24/Feb/2026:10:45:23 +0100] "GET /admin/controller/extension/extension/ HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36" [redacted] 203.159.81.12 - - [24/Feb/2026:10:45:23 +0100] "GET /admin/editor/ HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0" [redacted] 203.159.81.12 - - [24/Feb/2026:10:45:23 +0100] "GET /admin/images/slider/ HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36" [redacted] 203.159.81.12 - - [24/Feb/2026:10:45:23 +0100] "GET /admin/tmp/ HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36" [redacted] 203.159.81.12 - - [24/Feb/2026:10:45:24 +0100] "GET /admin/uploads/ HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Windows NT 10.0; Win6 ... show less	Hacking Web App Attack
🇬🇧 consul.to	2026-02-24 06:21:18 (3 months ago)	Web attack/malicious scanning detected	Web App Attack
🇳🇱 Site.eu	2026-02-24 06:06:43 (3 months ago)	Excessive 404/403 errors	Brute-Force
🇺🇸 hablaxdev	2026-02-22 04:50:00 (3 months ago)	SIP distributed brute force and IRSF fraud against VoIP infrastructure (ASTPP/FreeSWITCH) port 5060. ... show more SIP distributed brute force and IRSF fraud against VoIP infrastructure (ASTPP/FreeSWITCH) port 5060. Coordinated botnet stole SIP credentials via password dictionary attack. Role: credential theft + fraudulent calls (43 calls, 2.73h) to premium rate numbers. Total incident: 1367 calls, 109h, USD 4273 damages. show less	Fraud VoIP Hacking Brute-Force
🇫🇷 dynamix	2026-02-10 15:41:48 (4 months ago)	Multiple WAF Violations	Web App Attack
Anonymous	2026-02-06 05:19:07 (4 months ago)	Aggressive web scan	Web App Attack
Anonymous	2026-01-20 01:19:43 (4 months ago)	Fail2ban: all-services - 2025/12/27 09:50:24203.159.81.12 - - [27/Dec/2025:10:38:01 -0500] "GET /wp- ... show more Fail2ban: all-services - 2025/12/27 09:50:24203.159.81.12 - - [27/Dec/2025:10:38:01 -0500] "GET /wp-admin/maint/bootstrap.php HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" "203.159.81.12" attempts show less	Hacking Web App Attack
Anonymous	2026-01-06 00:08:15 (5 months ago)	<comment>	Web App Attack
🇳🇱 Site.eu	2026-01-05 14:16:17 (5 months ago)	Excessive multi-domain requests	Brute-Force
🇷🇺 sms.ru	2026-01-05 09:41:45 (5 months ago)	/wp-admin/images/bootstrap.php	Web App Attack
🇺🇸 TPI-Abuse	2026-01-05 04:57:00 (5 months ago)	(mod_security) mod_security (id:240000) triggered by 203.159.81.12 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240000) triggered by 203.159.81.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 04 23:56:56.504136 2026] [security2:error] [pid 12169:tid 12169] [client 203.159.81.12:22571] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder\|\|platinummedicalevaluations.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "platinummedicalevaluations.com"] [uri "/images/stories/themes.php"] [unique_id "aVtEmEKWD7RwGSofI7ydcAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 87 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇺 185.117.152.50

🇺🇸 162.216.150.34

🇨🇲 154.70.102.114

🇮🇳 52.66.244.138

🇮🇹 188.152.238.126

🇧🇷 177.5.232.32

🇺🇸 104.236.99.179

🇳🇱 89.21.67.151

🇨🇳 36.62.143.201

🇨🇳 14.103.115.162

🇳🇱 88.151.32.89

🇺🇸 74.7.244.54

🇺🇸 66.132.195.24

🇨🇳 221.12.37.6

🇺🇸 165.154.173.74

🇭🇰 118.193.47.155

🇨🇳 114.237.144.223

🇩🇪 69.5.169.14

🇳🇱 195.211.191.112

🇺🇸 195.184.76.160