The following is a list I have compiled over the past few months for port 22 scans coming from Digital Ocean owned IP addresses. :
IP Address | Count |
---|---|
128.199.40.193 | 1 |
128.199.41.163 | 6 |
128.199.46.245 | 2 |
128.199.53.176 | 1 |
128.199.64.51 | 3 |
128.199.65.43 | 3 |
128.199.100.180 | 6 |
128.199.101.13 | 3 |
128.199.116.46 | 1 |
128.199.133.77 | 6 |
128.199.143.40 | 6 |
128.199.150.69 | 12 |
128.199.154.171 | 3 |
128.199.169.107 | 12 |
128.199.185.43 | 6 |
128.199.194.193 | 3 |
128.199.196.161 | 9 |
128.199.198.197 | 1 |
128.199.201.53 | 2 |
128.199.206.104 | 1 |
128.199.206.158 | 1 |
128.199.207.10 | 2 |
128.199.218.142 | 1 |
128.199.219.180 | 1 |
128.199.229.55 | 3 |
128.199.230.165 | 4 |
128.199.232.39 | 3 |
128.199.234.223 | 6 |
128.199.246.104 | 2 |
128.199.246.223 | 2 |
128.199.255.44 | 1 |
Could these be signs that the servers have been compromised or abused? What other reasons could there be for scans like these?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
They are most likely compromised or being used for abuse. Send an e-mail to abuse@digitalocean.com