Why am I getting port 22 scans from DigitalOcean servers?

February 22, 2015 1.4k views
Gerald
By:
Gerald

The following is a list I have compiled over the past few months for port 22 scans coming from Digital Ocean owned IP addresses. :

IP Address Count
128.199.40.193 1
128.199.41.163 6
128.199.46.245 2
128.199.53.176 1
128.199.64.51 3
128.199.65.43 3
128.199.100.180 6
128.199.101.13 3
128.199.116.46 1
128.199.133.77 6
128.199.143.40 6
128.199.150.69 12
128.199.154.171 3
128.199.169.107 12
128.199.185.43 6
128.199.194.193 3
128.199.196.161 9
128.199.198.197 1
128.199.201.53 2
128.199.206.104 1
128.199.206.158 1
128.199.207.10 2
128.199.218.142 1
128.199.219.180 1
128.199.229.55 3
128.199.230.165 4
128.199.232.39 3
128.199.234.223 6
128.199.246.104 2
128.199.246.223 2
128.199.255.44 1

Could these be signs that the servers have been compromised or abused? What other reasons could there be for scans like these?

Sign In to Comment
1 Answer
Woet February 22, 2015

They are most likely compromised or being used for abuse. Send an e-mail to abuse@digitalocean.com

Report
Have another answer? Share your knowledge.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!