JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 203.159.81.54

203.159.81.54 was found in our database!

This IP was reported 62 times. Confidence of Abuse is 11%: ?

11%

ISP	VPN Consumer Network Services
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	vpnconsumer.com
Country	🇮🇱 Israel
City	Tel Aviv, Tel Aviv

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 203.159.81.54

Whois 203.159.81.54

IP Abuse Reports for 203.159.81.54:

This IP address has been reported a total of 62 times from 35 distinct sources. 203.159.81.54 was first reported on May 26th 2023, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 consul.to	2026-06-23 00:03:30 (1 day ago)	Web attack/malicious scanning detected	Web App Attack
🇫🇮 Shaik Sai Meera	2026-05-14 22:05:09 (1 month ago)	IM360 WAF: WordPress plugins/themes version enumeration	Brute-Force FTP Brute-Force Open Proxy
🇦🇹 urnilxfgbez	2026-03-15 23:45:00 (3 months ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇺🇦 gbzret4d	2026-03-15 17:06:32 (3 months ago)	Blocked by CrowdSec. Scenario: crowdsecurity/ssh-bf	Brute-Force SSH
🇫🇷 dynamix	2026-02-24 01:51:22 (4 months ago)	Multiple WAF Violations	Web App Attack
🇫🇷 dynamix	2026-02-23 13:33:58 (4 months ago)	Multiple WAF Violations	Web App Attack
Anonymous	2026-02-23 07:47:39 (4 months ago)	[redacted] 203.159.81.54 - - [23/Feb/2026:08:47:33 +0100] "GET /wp-admin/css/wp-conflg.php HTTP/1.1" ... show more [redacted] 203.159.81.54 - - [23/Feb/2026:08:47:33 +0100] "GET /wp-admin/css/wp-conflg.php HTTP/1.1" 404 236 "-" "Mozilla/5.0 (X11; Linux i686; rv:79.0) Gecko/20100101 Firefox/79.0" [redacted] 203.159.81.54 - - [23/Feb/2026:08:47:34 +0100] "GET /wp-admin/images/index.php HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0" [redacted] 203.159.81.54 - - [23/Feb/2026:08:47:35 +0100] "GET /wp-admin/js/widgets/cloud.php HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; rv:11.0) like Gecko" [redacted] 203.159.81.54 - - [23/Feb/2026:08:47:35 +0100] "GET /adminfuns.php7 HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36" [redacted] 203.159.81.54 - - [23/Feb/2026:08:47:36 +0100] "GET /wp-admin/images/about.php HTTP/1.1" ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-02-22 16:53:19 (4 months ago)	(mod_security) mod_security (id:240000) triggered by 203.159.81.54 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240000) triggered by 203.159.81.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 22 11:52:40.005071 2026] [security2:error] [pid 31437:tid 31437] [client 203.159.81.54:21411] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder\|\|gmsintra.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "gmsintra.org"] [uri "/images/stories/themes.php"] [unique_id "aZs0WOacj0Zpa3GiHav7RwAAAE4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇦 URAN Publishing Service	2026-02-22 11:20:03 (4 months ago)	203.159.81.54 - - [22/Feb/2026:13:20:01 +0200] "GET /wp-content/index.php HTTP/1.1" 404 282 "-" "Moz ... show more 203.159.81.54 - - [22/Feb/2026:13:20:01 +0200] "GET /wp-content/index.php HTTP/1.1" 404 282 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36 OPR/70.0.3728.95" 203.159.81.54 - - [22/Feb/2026:13:20:02 +0200] "GET /cgi-bin/bypass.php HTTP/1.1" 404 190 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0" ... show less	Web App Attack
🇦🇺 nzhost.co.nz	2026-02-09 11:53:52 (4 months ago)	$f2bV_matches	Hacking Brute-Force
Anonymous	2026-01-26 05:30:48 (4 months ago)	wordpress-trap	Web App Attack
Anonymous	2026-01-06 15:18:03 (5 months ago)	wordpress-trap	Web App Attack
🇫🇷 dynamix	2026-01-06 12:16:59 (5 months ago)	Multiple WAF Violations	Web App Attack
🇮🇱 Dolphi	2026-01-02 04:12:14 (5 months ago)	POST //xmlrpc.php	Brute-Force Web App Attack
🇳🇱 Mangelot Hosting	2025-12-29 18:51:13 (5 months ago)	(upload_shell) srv102 Shell upload 203.159.81.54 (IL/Israel/-): 1 in the last 3600 secs; Ports: ; D ... show more (upload_shell) srv102 Shell upload 203.159.81.54 (IL/Israel/-): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack

Showing 1 to 15 of 62 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇬 79.124.40.110

🇻🇳 171.244.141.86

🇷🇺 95.108.213.242

🇷🇺 87.250.224.117

🇺🇸 66.132.224.54

🇩🇪 51.75.64.35

🇰🇷 49.173.219.139

🇹🇭 118.193.57.121

🇷🇺 95.215.108.8

🇳🇱 91.92.40.7

🇫🇷 51.178.183.70

🇮🇳 13.200.231.163

🇹🇼 198.235.24.78

🇫🇷 139.28.219.70

🇩🇪 130.61.73.238

🇳🇱 91.92.40.6

🇰🇷 54.116.53.230

🇺🇸 50.62.22.47

🇸🇬 43.160.197.240

🇺🇸 13.89.124.218