JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 167.172.130.224

167.172.130.224 was found in our database!

This IP was reported 7 times. Confidence of Abuse is 27%: ?

27%

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	🇺🇸 United States of America
City	North Bergen, New Jersey

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 167.172.130.224

Whois 167.172.130.224

IP Abuse Reports for 167.172.130.224:

This IP address has been reported a total of 7 times from 6 distinct sources. 167.172.130.224 was first reported on May 20th 2026, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 eselpcore.com	2026-05-22 22:18:41 (3 weeks ago)	Web authentication failures	Brute-Force Web App Attack
🇫🇮 tjs	2026-05-21 12:30:00 (3 weeks ago)	web attack	Hacking Web App Attack
🇦🇺 LiftUp Hosting	2026-05-21 09:39:59 (3 weeks ago)	Honeypot hit: HTTP/1.1 request on 3001 GET /composer.json User-Agent: Mozilla/5.0 (X11; Linux x86_6 ... show more Honeypot hit: HTTP/1.1 request on 3001 GET /composer.json User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0 Safari/537.36 Accept: / Accept-Encoding: zstd,gzip,deflate,br; 3001 [9] TCP show less	Hacking Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-21 06:52:50 (3 weeks ago)	(mod_security) mod_security (id:949110) triggered by 167.172.130.224 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:949110) triggered by 167.172.130.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 02:52:44.377802 2026] [security2:error] [pid 8096:tid 8096] [client 167.172.130.224:46216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "192.64.150.240"] [uri "/composer.json"] [unique_id "ag6rvKSC1wZhmcHaYcSZpAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-21 04:37:08 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 167.172.130.224 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 167.172.130.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 00:37:01.600273 2026] [security2:error] [pid 31801:tid 31801] [client 167.172.130.224:56332] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.61"] [uri "/wp-config.php.bak"] [unique_id "ag6L7bC1Lbb7WNfrox1R3gAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Savvii	2026-05-20 07:01:38 (3 weeks ago)	20 attempts against mh-misbehave-ban on ec102966	Brute-Force Bad Web Bot Web App Attack
🇵🇱 swiszczu	2026-05-20 06:27:51 (3 weeks ago)	Fail2Ban automatic report: Multiple forbidden requests in short amount of time: 167.172.130.224 - - ... show more Fail2Ban automatic report: Multiple forbidden requests in short amount of time: 167.172.130.224 - - [20/May/2026:08:27:50 +0200] "GET /.env HTTP/1.1" 403 555 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0 Safari/537.36" "-" 167.172.130.224 - - [20/May/2026:08:27:50 +0200] "GET /robots.txt HTTP/1.1" 403 555 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0 Safari/537.36" "-" 167.172.130.224 - - [20/May/2026:08:27:50 +0200] "GET /sitemap.xml HTTP/1.1" 403 555 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0 Safari/537.36" "-" 167.172.130.224 - - [20/May/2026:08:27:50 +0200] "GET /.well-known/security.txt HTTP/1.1" 403 555 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0 Safari/537 show less	Hacking Web App Attack

Showing 1 to 7 of 7 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.238

🇺🇸 193.3.53.6

🇬🇧 188.240.59.33

🇨🇳 183.94.185.140

🇦🇪 176.205.254.176

🇬🇧 134.209.189.113

🇨🇳 120.48.97.237

🇺🇸 100.1.156.140

🇧🇷 45.71.123.226

🇸🇦 37.104.192.192

🇧🇪 34.156.50.251

🇩🇪 34.107.51.107

🇧🇪 34.78.221.221

🇨🇦 146.190.245.220

🇸🇦 129.208.234.9

🇹🇭 113.53.151.23

🇨🇳 112.86.225.124

🇮🇳 110.224.170.249

🇸🇬 103.11.48.84

🇭🇰 101.36.110.164