Question

Why am I getting port 22 scans from DigitalOcean servers?

  • Posted February 22, 2015

The following is a list I have compiled over the past few months for port 22 scans coming from Digital Ocean owned IP addresses. :

IP Address Count
128.199.40.193 1
128.199.41.163 6
128.199.46.245 2
128.199.53.176 1
128.199.64.51 3
128.199.65.43 3
128.199.100.180 6
128.199.101.13 3
128.199.116.46 1
128.199.133.77 6
128.199.143.40 6
128.199.150.69 12
128.199.154.171 3
128.199.169.107 12
128.199.185.43 6
128.199.194.193 3
128.199.196.161 9
128.199.198.197 1
128.199.201.53 2
128.199.206.104 1
128.199.206.158 1
128.199.207.10 2
128.199.218.142 1
128.199.219.180 1
128.199.229.55 3
128.199.230.165 4
128.199.232.39 3
128.199.234.223 6
128.199.246.104 2
128.199.246.223 2
128.199.255.44 1

Could these be signs that the servers have been compromised or abused? What other reasons could there be for scans like these?

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

They are most likely compromised or being used for abuse. Send an e-mail to abuse@digitalocean.com