JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 203.159.81.97

203.159.81.97 was found in our database!

This IP was reported 52 times. Confidence of Abuse is 14%: ?

14%

ISP	VPN Consumer Network Services
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	vpnconsumer.com
Country	🇮🇱 Israel
City	Tel Aviv, Tel Aviv

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 203.159.81.97

Whois 203.159.81.97

IP Abuse Reports for 203.159.81.97:

This IP address has been reported a total of 52 times from 24 distinct sources. 203.159.81.97 was first reported on March 20th 2024, and the most recent report was 57 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 dynamix	2026-06-23 02:17:57 (57 minutes ago)	Multiple WAF Violations	Web App Attack
🇬🇧 consul.to	2026-06-22 20:42:05 (6 hours ago)	Web attack/malicious scanning detected	Web App Attack
Anonymous	2026-02-23 22:38:09 (3 months ago)	[redacted] 203.159.81.97 - - [23/Feb/2026:23:38:04 +0100] "GET /wp-admin/maint/file.php HTTP/1.1" 40 ... show more [redacted] 203.159.81.97 - - [23/Feb/2026:23:38:04 +0100] "GET /wp-admin/maint/file.php HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" [redacted] 203.159.81.97 - - [23/Feb/2026:23:38:05 +0100] "GET /.well-known/acme-challenge/admin.php HTTP/1.1" 404 236 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0" [redacted] 203.159.81.97 - - [23/Feb/2026:23:38:05 +0100] "GET /wp-admin/theme-editor.php HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36" [redacted] 203.159.81.97 - - [23/Feb/2026:23:38:05 +0100] "GET /wp-admin/css/colors/blue/abc.php HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3" [redacted] 203.159.81.97 - - [23/Feb/2026:23:38:06 +0100] "GET /wp-admin/maint/wond ... show less	Hacking Web App Attack
Anonymous	2026-02-23 19:56:19 (3 months ago)	[redacted] 203.159.81.97 - - [23/Feb/2026:20:56:13 +0100] "GET /wp-admin/network/ HTTP/1.1" 404 236 ... show more [redacted] 203.159.81.97 - - [23/Feb/2026:20:56:13 +0100] "GET /wp-admin/network/ HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0" [redacted] 203.159.81.97 - - [23/Feb/2026:20:56:13 +0100] "GET /wp-admin/css/colors/sunrise/ HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0" [redacted] 203.159.81.97 - - [23/Feb/2026:20:56:15 +0100] "GET /wp-admin/css/colors/ectoplasm/ HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36" [redacted] 203.159.81.97 - - [23/Feb/2026:20:56:16 +0100] "GET /wp-admin/js/dist/ HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36" [redacted] 203.159.81.97 - - [23/Feb/2026:20:56:17 +0100] "GET /wp-admin/js/widgets/ HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Macintos ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-02-22 16:54:04 (4 months ago)	(mod_security) mod_security (id:240000) triggered by 203.159.81.97 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240000) triggered by 203.159.81.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 22 11:53:17.332595 2026] [security2:error] [pid 31439:tid 31439] [client 203.159.81.97:60787] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder\|\|lemontreefoods.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "lemontreefoods.com"] [uri "/images/stories/themes.php"] [unique_id "aZs0fR5TE00qe0DXnCCj0AAAAFA"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-02-22 13:51:43 (4 months ago)	Multiple WAF Violations	Web App Attack
🇺🇸 TPI-Abuse	2026-02-16 03:41:29 (4 months ago)	(mod_security) mod_security (id:240000) triggered by 203.159.81.97 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240000) triggered by 203.159.81.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 22:41:25.240084 2026] [security2:error] [pid 29164:tid 29164] [client 203.159.81.97:51797] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder\|\|www.bordalo-es.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "www.bordalo-es.com"] [uri "/images/stories/themes.php"] [unique_id "aZKR5Sk9kRpvNv2EO5VXBQAAAB8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2026-02-09 18:17:39 (4 months ago)	Blocking for trying to access an exploit file: /cgi-bin/autoload_classmap.php	Hacking
Anonymous	2026-01-26 20:02:58 (4 months ago)	wordpress-trap	Web App Attack
🇺🇸 TPI-Abuse	2026-01-06 16:36:00 (5 months ago)	(mod_security) mod_security (id:240000) triggered by 203.159.81.97 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240000) triggered by 203.159.81.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 06 11:35:53.249803 2026] [security2:error] [pid 19906:tid 19906] [client 203.159.81.97:52311] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder\|\|engravedweddingflutes.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "engravedweddingflutes.com"] [uri "/images/stories/themes.php"] [unique_id "aV056fIBOqjzxIWhA-cvJgAAACI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 paissangroup	2026-01-06 16:14:33 (5 months ago)	Multiple WAF Violations	Web App Attack
🇫🇷 dynamix	2026-01-06 08:58:35 (5 months ago)	Multiple WAF Violations	Web App Attack
🇳🇱 Mangelot Hosting	2025-12-29 18:51:13 (5 months ago)	(upload_shell) srv102 Shell upload 203.159.81.97 (IL/Israel/-): 1 in the last 3600 secs; Ports: ; D ... show more (upload_shell) srv102 Shell upload 203.159.81.97 (IL/Israel/-): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
Anonymous	2025-11-26 01:59:00 (6 months ago)	wordpress-trap	Web App Attack
Anonymous	2025-11-17 12:12:54 (7 months ago)	\| A web attack returned code 200 (success).	Hacking SQL Injection Web App Attack

Showing 1 to 15 of 52 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2a03:2880:15ff:46::

🇨🇳 171.42.247.111

🇨🇳 125.36.251.30

🇺🇦 194.44.140.201

🇩🇪 193.124.20.247

🇨🇳 183.166.94.133

🇨🇳 182.112.4.207

🇷🇺 176.53.182.81

🇩🇪 165.232.123.153

🇺🇸 162.142.125.12

🇵🇰 154.208.54.10

🇬🇧 142.93.39.5

🇭🇰 101.36.111.179

🇵🇱 87.251.64.145

🇫🇷 85.217.140.49

🇩🇪 47.245.132.119

🇰🇿 2.135.146.53

🇺🇸 2a03:2880:15ff:45::

🇫🇮 2a01:4f9:c012:804::1

🇺🇸 172.237.156.206