JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 148.113.180.195

148.113.180.195 was found in our database!

This IP was reported 184 times. Confidence of Abuse is 51%: ?

51%

ISP	OVH Hosting, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS16276
Hostname(s)	vps-c8bcbf0e.vps.ovh.ca
Domain Name	ovh.net
Country	🇨🇦 Canada
City	Beauharnois, Quebec

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 148.113.180.195

Whois 148.113.180.195

IP Abuse Reports for 148.113.180.195:

This IP address has been reported a total of 184 times from 59 distinct sources. 148.113.180.195 was first reported on October 17th 2025, and the most recent report was 9 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 ger-stg-sifi1	2026-06-27 18:11:22 (9 hours ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇺🇸 nationaleventpros.com	2026-06-27 10:22:55 (17 hours ago)	WordPress login attempt	Brute-Force
🇺🇸 TPI-Abuse	2026-06-10 06:03:09 (2 weeks ago)	(mod_security) mod_security (id:225170) triggered by 148.113.180.195 (vps-c8bcbf0e.vps.ovh.ca): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 148.113.180.195 (vps-c8bcbf0e.vps.ovh.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 02:03:03.871983 2026] [security2:error] [pid 24134:tid 24146] [client 148.113.180.195:38150] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.datuinc.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.datuinc.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aij-Fw8pF0VXhVXugxV0zQAAAEk"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-08 12:36:22 (2 weeks ago)	[redacted] 148.113.180.195 - - [08/Jun/2026:14:36:20 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" ... show more [redacted] 148.113.180.195 - - [08/Jun/2026:14:36:20 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0" [redacted] 148.113.180.195 - - [08/Jun/2026:14:36:20 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0" [redacted] 148.113.180.195 - - [08/Jun/2026:14:36:20 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:97.0) Gecko/20100101 Firefox/97.0" [redacted] 148.113.180.195 - - [08/Jun/2026:14:36:20 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0" [redacted] 148.113.180.195 - - [08/Jun/2026:14:36:20 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0" [redacted] 148.113.180.195 - - [08/Jun/2026:14:3 ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 02:46:10 (2 weeks ago)	(mod_security) mod_security (id:225170) triggered by 148.113.180.195 (vps-c8bcbf0e.vps.ovh.ca): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 148.113.180.195 (vps-c8bcbf0e.vps.ovh.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 22:46:05.060527 2026] [security2:error] [pid 25857:tid 25857] [client 148.113.180.195:37158] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.tgaguide.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.tgaguide.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aiYs7VvRknxK6ualZD1F-QAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 05:10:40 (2 weeks ago)	(mod_security) mod_security (id:225170) triggered by 148.113.180.195 (vps-c8bcbf0e.vps.ovh.ca): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 148.113.180.195 (vps-c8bcbf0e.vps.ovh.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 01:10:35.429304 2026] [security2:error] [pid 18074:tid 18074] [client 148.113.180.195:54218] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|wealthsec.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "wealthsec.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aiT9S5l2TBjx2Xdg-_MaxwAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-07 04:11:39 (2 weeks ago)	(wordpress) Failed wordpress login from 148.113.180.195 (CA/Canada/vps-c8bcbf0e.vps.ovh.ca)	Brute-Force
🇸🇪 vaia.cloud	2026-06-07 03:49:01 (3 weeks ago)	trying wp-login.php/xmlrpc.php 63 times in 1 minutes	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 03:39:53 (3 weeks ago)	(mod_security) mod_security (id:225170) triggered by 148.113.180.195 (vps-c8bcbf0e.vps.ovh.ca): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 148.113.180.195 (vps-c8bcbf0e.vps.ovh.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 23:39:48.323361 2026] [security2:error] [pid 17085:tid 17085] [client 148.113.180.195:42494] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.georgegourmet.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.georgegourmet.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aiToBLrWZGCs8L40blpcVQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 big-cloud.nl	2026-06-06 22:48:33 (3 weeks ago)	Try to access /xmlrpc.php	Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 21:37:36 (3 weeks ago)	(mod_security) mod_security (id:225170) triggered by 148.113.180.195 (vps-c8bcbf0e.vps.ovh.ca): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 148.113.180.195 (vps-c8bcbf0e.vps.ovh.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 17:37:29.379200 2026] [security2:error] [pid 11623:tid 11623] [client 148.113.180.195:42054] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|kdgsf.xyz\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "kdgsf.xyz"] [uri "/wp-json/wp/v2/users"] [unique_id "aiSTGSzCUWBBdL61vX8scQAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-06 19:22:42 (3 weeks ago)	[server.tmg.gr] httpd-suspicious-path: sites=crisis-management2018.eu; logs=/var/log/httpd/domains/c ... show more [server.tmg.gr] httpd-suspicious-path: sites=crisis-management2018.eu; logs=/var/log/httpd/domains/crisis-management2018.eu.log; samples=/wp-json/wp/v2/users \| /?author=1 \| /author/admin/ show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 01:05:23 (3 weeks ago)	(mod_security) mod_security (id:225170) triggered by 148.113.180.195 (vps-c8bcbf0e.vps.ovh.ca): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 148.113.180.195 (vps-c8bcbf0e.vps.ovh.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 21:05:18.154490 2026] [security2:error] [pid 12436:tid 12436] [client 148.113.180.195:47972] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.littlecreekrvranch.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.littlecreekrvranch.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aiNyTl-DjQxsW2THzNLH2gAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-05 16:48:16 (3 weeks ago)	WordPress wp-login.php Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 04:24:13 (3 weeks ago)	(mod_security) mod_security (id:225170) triggered by 148.113.180.195 (vps-c8bcbf0e.vps.ovh.ca): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 148.113.180.195 (vps-c8bcbf0e.vps.ovh.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 00:24:10.130526 2026] [security2:error] [pid 23635:tid 23635] [client 148.113.180.195:36688] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.tcomputerguy.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.tcomputerguy.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aiD96ijUG_3XgCfltCGQhQAAAC0"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 184 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇭 172.161.73.175

🇩🇪 172.70.246.56

🇧🇩 113.11.21.61

🇺🇸 3.219.52.86

🇳🇱 192.42.116.101

🇮🇳 183.83.197.226

🇸🇬 172.70.142.50

🇺🇸 162.216.150.174

🇪🇸 162.158.122.86

🇨🇦 85.217.149.54

🇳🇱 81.19.216.105

🇩🇪 64.226.126.224

🇨🇳 42.229.132.79

🇩🇪 37.114.41.210

🇺🇸 207.90.244.25

🇳🇱 176.65.148.156

🇺🇸 172.86.119.72

🇩🇪 128.1.34.69

🇱🇰 112.134.214.31

🇮🇳 103.97.215.11