JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 67.227.113.59

67.227.113.59 was found in our database!

This IP was reported 24 times. Confidence of Abuse is 26%: ?

26%

ISP	code200 UAB
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13332
Hostname(s)	67.227.113.59.rdns.ColocationAmerica.com
Domain Name	code200.global
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 67.227.113.59

Whois 67.227.113.59

IP Abuse Reports for 67.227.113.59:

This IP address has been reported a total of 24 times from 8 distinct sources. 67.227.113.59 was first reported on January 15th 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 mnsf	2026-05-29 10:05:56 (1 week ago)	Abuse Detected (1)	Brute-Force Web App Attack
🇳🇱 homeshowdomain.nl	2026-05-28 22:05:19 (1 week ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-27. show less	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-05-28 01:53:20 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 67.227.113.59 (67.227.113.59.rdns.ColocationAme ... show more (mod_security) mod_security (id:210492) triggered by 67.227.113.59 (67.227.113.59.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 21:53:12.472053 2026] [security2:error] [pid 12666:tid 12666] [client 67.227.113.59:51937] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "greed.wisk.org"] [uri "/wp-config.php"] [unique_id "ahegCGThyv9iOw9H2p0bRgAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 22:44:43 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 67.227.113.59 (67.227.113.59.rdns.ColocationAme ... show more (mod_security) mod_security (id:210492) triggered by 67.227.113.59 (67.227.113.59.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 18:43:47.711642 2026] [security2:error] [pid 11335:tid 11335] [client 67.227.113.59:39009] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/config/parameters.yml" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.naturallyneworleans.anthonyjoseph.us"] [uri "/app/config/parameters.yml"] [unique_id "ahdzo-sH0RCz1NMWHlNWKgAAAAE"], referer: https://www.google.com/search?q=www.naturallyneworleans.anthonyjoseph.us show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 OceanTreasure	2026-05-27 20:35:34 (1 week ago)	tcp/443; Environment configuration file exposure attempt: "GET /.env.production" @ 2026-05-27T20:34: ... show more tcp/443; Environment configuration file exposure attempt: "GET /.env.production" @ 2026-05-27T20:34:20Z [proxy] show less	Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 18:05:46 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 67.227.113.59 (67.227.113.59.rdns.ColocationAme ... show more (mod_security) mod_security (id:210492) triggered by 67.227.113.59 (67.227.113.59.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 14:05:41.660544 2026] [security2:error] [pid 31815:tid 31815] [client 67.227.113.59:52727] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "modelengines.info"] [uri "/.env.development"] [unique_id "ahcydWcOQVBMJSekhRe2qwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 15:42:39 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 67.227.113.59 (67.227.113.59.rdns.ColocationAme ... show more (mod_security) mod_security (id:210492) triggered by 67.227.113.59 (67.227.113.59.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 11:42:30.493417 2026] [security2:error] [pid 13822:tid 13822] [client 67.227.113.59:38919] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fritsknuf.com"] [uri "/.env.dusk.local"] [unique_id "ahcQ5nQ-RbpQ4FP7KlHJfAAAAE0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 11:39:10 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 67.227.113.59 (67.227.113.59.rdns.ColocationAme ... show more (mod_security) mod_security (id:210492) triggered by 67.227.113.59 (67.227.113.59.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 07:39:02.694890 2026] [security2:error] [pid 16768:tid 16768] [client 67.227.113.59:35489] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.henrietteg.com"] [uri "/.env.production"] [unique_id "ahbX1l75vI9UhPip3TFmZwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 00:57:31 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 67.227.113.59 (67.227.113.59.rdns.ColocationAme ... show more (mod_security) mod_security (id:210492) triggered by 67.227.113.59 (67.227.113.59.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 20:57:19.144505 2026] [security2:error] [pid 25619:tid 25619] [client 67.227.113.59:36823] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "crearcuestionarios.com"] [uri "/.env.local"] [unique_id "ahZBbxu-pQ5pfe-RxNEBHAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 00:21:25 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 67.227.113.59 (67.227.113.59.rdns.ColocationAme ... show more (mod_security) mod_security (id:210492) triggered by 67.227.113.59 (67.227.113.59.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 20:21:20.517252 2026] [security2:error] [pid 26841:tid 26841] [client 67.227.113.59:50279] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.therocklink.ramoundos.com"] [uri "/.env.local"] [unique_id "ahY5ADQ88ykWYRzAFkl26wAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2026-05-26 22:00:13 (1 week ago)	Auto-ban: >3000 req/min op 2026-05-26	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-01-17 00:11:11 (4 months ago)	(mod_security) mod_security (id:211190) triggered by 67.227.113.59 (67.227.113.59.rdns.ColocationAme ... show more (mod_security) mod_security (id:211190) triggered by 67.227.113.59 (67.227.113.59.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 19:11:04.709812 2026] [security2:error] [pid 22350:tid 22350] [client 67.227.113.59:47339] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|ftp.nbcnewsradio.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /solr/solrdefault/debug/dump?param=ContentStreams&stream.url=file:///etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.nbcnewsradio.com"] [uri "/solr/solrdefault/debug/dump"] [unique_id "aWrTmJGr4lBvXDhNAkZ_wwAAACI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 17:59:48 (5 months ago)	(mod_security) mod_security (id:211190) triggered by 67.227.113.59 (67.227.113.59.rdns.ColocationAme ... show more (mod_security) mod_security (id:211190) triggered by 67.227.113.59 (67.227.113.59.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 12:57:19.927161 2025] [security2:error] [pid 30284:tid 30640] [client 67.227.113.59:59291] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|kettlehill.kettlehill.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /include/exportUser.php?type=3&cla=application&func=_exec&opt=(cat%20/etc/passwd)%3Esrgp.txt"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.kettlehill.com"] [uri "/include/exportUser.php"] [unique_id "aVLA_zko7uys3oTtjZtt1gAAANY"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 MAGIC	2025-11-15 01:08:39 (6 months ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇺🇸 TPI-Abuse	2025-10-29 18:57:45 (7 months ago)	(mod_security) mod_security (id:240950) triggered by 67.227.113.59 (67.227.113.59.rdns.ColocationAme ... show more (mod_security) mod_security (id:240950) triggered by 67.227.113.59 (67.227.113.59.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 29 14:57:37.468405 2025] [security2:error] [pid 18424:tid 18424] [client 67.227.113.59:40047] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)\|\|www.davispickering.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.davispickering.com"] [uri "/_users/org.couchdb.user:poc"] [unique_id "aQJjoTaDEDwCVmFSSKtBIAAAABY"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 24 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 211.223.107.86

🇹🇼 198.235.24.75

🇮🇷 185.74.221.30

🇨🇳 182.204.182.181

🇺🇸 135.232.220.243

🇨🇳 112.6.11.184

🇨🇳 81.70.194.162

🇺🇸 66.132.195.90

🇳🇱 45.148.10.141

🇻🇳 36.50.177.171

🇨🇱 216.155.93.75

🇺🇸 167.71.95.42

🇮🇩 163.7.1.156

🇺🇸 147.185.132.18

🇷🇴 80.94.92.186

🇺🇸 5.78.154.119

🇭🇰 223.197.145.141

🇨🇳 221.234.36.123

🇬🇧 209.97.135.178

🇨🇳 182.43.22.64