JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 67.227.37.118

67.227.37.118 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 26%: ?

26%

ISP	code200 UAB
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13332
Hostname(s)	67.227.37.118.rdns.ColocationAmerica.com
Domain Name	code200.global
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 67.227.37.118

Whois 67.227.37.118

IP Abuse Reports for 67.227.37.118:

This IP address has been reported a total of 12 times from 6 distinct sources. 67.227.37.118 was first reported on February 23rd 2025, and the most recent report was 6 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-05-29 22:01:30 (6 days ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-28. show less	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-05-27 14:42:29 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 67.227.37.118 (67.227.37.118.rdns.ColocationAme ... show more (mod_security) mod_security (id:210730) triggered by 67.227.37.118 (67.227.37.118.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 10:42:20.446240 2026] [security2:error] [pid 17378:tid 17378] [client 67.227.37.118:53993] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.agirlwithaguitar.misscharlottemusic.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.agirlwithaguitar.misscharlottemusic.com"] [uri "/backup.sql"] [unique_id "ahcCzIVq8Vj2MdOIUy4hAAAAAAw"], referer: https://www.google.com/search?q=www.agirlwithaguitar.misscharlottemusic.com show less	Brute-Force Bad Web Bot Web App Attack
🇦🇹 René Hickersberger	2026-05-27 02:19:31 (1 week ago)	malicious bot detected: violations="ignored-robots-policy"; user_agent="Mozilla/5.0 AppleWebKit/537. ... show more malicious bot detected: violations="ignored-robots-policy"; user_agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ChatGPT-User/1.0; +https://openai.com/bot)" show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-27 00:22:16 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 67.227.37.118 (67.227.37.118.rdns.ColocationAme ... show more (mod_security) mod_security (id:210492) triggered by 67.227.37.118 (67.227.37.118.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 20:22:08.742134 2026] [security2:error] [pid 856:tid 856] [client 67.227.37.118:57705] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rdj.us.pappakotis.com"] [uri "/.env.development.local"] [unique_id "ahY5ML_7Iy3V0217SBrccgAAAA0"], referer: https://www.google.com/search?q=rdj.us.pappakotis.com show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 as211431.net	2026-05-26 18:33:21 (1 week ago)	Triggered Cloudflare WAF (linkMaze) from US. Action taken: LINK_MAZE_INJECTED Protocol: HTTP/1.1 (GE ... show more Triggered Cloudflare WAF (linkMaze) from US. Action taken: LINK_MAZE_INJECTED Protocol: HTTP/1.1 (GET method) Endpoint: / UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-26 18:11:12 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 67.227.37.118 (67.227.37.118.rdns.ColocationAme ... show more (mod_security) mod_security (id:210492) triggered by 67.227.37.118 (67.227.37.118.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 14:11:00.934736 2026] [security2:error] [pid 1624:tid 1645] [client 67.227.37.118:46977] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.hylakaplan.com.howiek.com"] [uri "/.env.development"] [unique_id "ahXiNN9MNizNEy_9mp5SgwAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 HandyTreff.de	2026-01-28 09:13:14 (4 months ago)	Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -34.771 (Bad < -10 / Very Bad < -20 ... show more Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -34.771 (Bad < -10 / Very Bad < -20 / Extreme < -35) \| UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0. show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 18:52:27 (5 months ago)	(mod_security) mod_security (id:211190) triggered by 67.227.37.118 (67.227.37.118.rdns.ColocationAme ... show more (mod_security) mod_security (id:211190) triggered by 67.227.37.118 (67.227.37.118.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 13:52:18.622807 2025] [security2:error] [pid 22841:tid 23008] [client 67.227.37.118:43265] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|www.kettlehill.net\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/f5-release"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kettlehill.net"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "aVLN4rvqJPp5jxktaSF88AAAAMk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-29 10:55:19 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 67.227.37.118 (67.227.37.118.rdns.ColocationAme ... show more (mod_security) mod_security (id:210730) triggered by 67.227.37.118 (67.227.37.118.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 29 05:55:12.769246 2025] [security2:error] [pid 16336:tid 16459] [client 67.227.37.118:46591] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.kettlehill.kettlehill.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.kettlehill.com"] [uri "/MyErrors.log"] [unique_id "aSrREKnJOm1YDoPVTL7DCQAAAhM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-27 01:15:07 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 67.227.37.118 (67.227.37.118.rdns.ColocationAme ... show more (mod_security) mod_security (id:210492) triggered by 67.227.37.118 (67.227.37.118.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 21:15:03.858423 2025] [security2:error] [pid 653296:tid 653328] [client 67.227.37.118:54959] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.net"] [uri "/.env.prod.local"] [unique_id "aIV9l75epZI5Xx2m9slB2AAAAVQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-30 02:01:00 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 67.227.37.118 (67.227.37.118.rdns.ColocationAme ... show more (mod_security) mod_security (id:210492) triggered by 67.227.37.118 (67.227.37.118.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 22:00:54.419670 2025] [security2:error] [pid 3947406:tid 3947406] [client 67.227.37.118:42375] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whm.farmers123.com"] [uri "/wp-content/plugins/adaptive-images/adaptive-images-script.php"] [unique_id "aDkRVrGP6E0ofQGQZynV-gAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-02-23 09:00:21 (1 year ago)	\| A web attack returned code 200 (success).	Hacking SQL Injection Web App Attack

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.180.246.235

🇵🇭 139.135.75.190

🇷🇴 92.118.39.62

🇺🇸 89.106.84.74

🇬🇧 35.203.211.230

🇨🇭 209.99.190.172

🇮🇷 193.151.140.91

🇸🇪 171.25.158.24

🇺🇸 162.216.150.9

🇺🇸 155.2.215.25

🇮🇳 117.251.168.93

🇮🇳 117.247.23.131

🇺🇸 66.132.224.20

🇺🇸 66.132.172.192

🇳🇱 45.148.10.152

🇹🇷 212.64.216.142

🇧🇷 205.210.31.186

🇹🇼 198.235.24.42

🇺🇸 150.107.38.200

🇨🇱 129.151.114.255