JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 148.113.202.220

148.113.202.220 was found in our database!

This IP was reported 104 times. Confidence of Abuse is 65%: ?

65%

ISP	OVH Hosting, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS16276
Hostname(s)	vps-9c9c4d3a.vps.ovh.ca
Domain Name	ovh.net
Country	🇨🇦 Canada
City	Beauharnois, Quebec

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 148.113.202.220

Whois 148.113.202.220

IP Abuse Reports for 148.113.202.220:

This IP address has been reported a total of 104 times from 50 distinct sources. 148.113.202.220 was first reported on December 28th 2025, and the most recent report was 17 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-19 03:49:50 (17 hours ago)	(mod_security) mod_security (id:225170) triggered by 148.113.202.220 (vps-9c9c4d3a.vps.ovh.ca): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 148.113.202.220 (vps-9c9c4d3a.vps.ovh.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 23:49:44.137282 2026] [security2:error] [pid 11835:tid 11835] [client 148.113.202.220:60978] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.splashstation.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.splashstation.org"] [uri "/wp-json/wp/v2/users"] [unique_id "ajS8WH54FZfMJmw2skdZDgAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 screwlooseit.com.au	2026-06-18 18:22:10 (1 day ago)	Blocked by CSF 13 firewall - Rule: US/United States/vps-9c9c4d3a.vps.ovh.ca	Web App Attack
🇩🇪 rh24	2026-06-17 23:35:35 (1 day ago)	(wordpress-user-enum) Failed wordpress-user-enum trigger from 148.113.202.220 (CA/Canada/vps-9c9c4d3 ... show more (wordpress-user-enum) Failed wordpress-user-enum trigger from 148.113.202.220 (CA/Canada/vps-9c9c4d3a.vps.ovh.ca): (CF_ENABLE) show less	Brute-Force
🇺🇸 TPI-Abuse	2026-06-17 20:14:41 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 148.113.202.220 (vps-9c9c4d3a.vps.ovh.ca): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 148.113.202.220 (vps-9c9c4d3a.vps.ovh.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 16:14:35.709647 2026] [security2:error] [pid 9818:tid 9818] [client 148.113.202.220:51416] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|theopinionatedowl.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "theopinionatedowl.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajMAKxeT0r5uerTzULKTZwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 NotCool	2026-06-17 11:32:42 (2 days ago)	[7200] (XMLRPC,WPLOGIN) Login failure/trigger from 148.113.202.220 (CA/Canada/vps-9c9c4d3a.vps.ovh.c ... show more [7200] (XMLRPC,WPLOGIN) Login failure/trigger from 148.113.202.220 (CA/Canada/vps-9c9c4d3a.vps.ovh.ca): 50 in the last 3600 secs show less	Brute-Force
🇺🇸 TPI-Abuse	2026-06-17 10:27:50 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 148.113.202.220 (vps-9c9c4d3a.vps.ovh.ca): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 148.113.202.220 (vps-9c9c4d3a.vps.ovh.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 06:27:42.842559 2026] [security2:error] [pid 20648:tid 20648] [client 148.113.202.220:39888] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.cienmalos.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.cienmalos.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajJ2nn7PwiRzYKFoslCkjgAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 00:43:09 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 148.113.202.220 (vps-9c9c4d3a.vps.ovh.ca): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 148.113.202.220 (vps-9c9c4d3a.vps.ovh.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 20:43:03.797999 2026] [security2:error] [pid 14290:tid 14290] [client 148.113.202.220:57920] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.internetnameregistration.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.internetnameregistration.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajHtlxitWL_C63_3vlFeNAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-16 16:09:35 (3 days ago)	[redacted] 148.113.202.220 - - [16/Jun/2026:18:09:32 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" ... show more [redacted] 148.113.202.220 - - [16/Jun/2026:18:09:32 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0" [redacted] 148.113.202.220 - - [16/Jun/2026:18:09:32 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0" [redacted] 148.113.202.220 - - [16/Jun/2026:18:09:32 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:42.0) Gecko/20100101 Firefox/42.0" [redacted] 148.113.202.220 - - [16/Jun/2026:18:09:32 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0" [redacted] 148.113.202.220 - - [16/Jun/2026:18:09:33 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0" [redacted] 148.113.202.220 - - [16/Jun/2026:18:09:33 +0200] ... show less	Hacking Web App Attack
Anonymous	2026-06-15 21:36:43 (4 days ago)	Attac	Brute-Force
🇺🇸 TPI-Abuse	2026-06-15 16:05:24 (4 days ago)	(mod_security) mod_security (id:225170) triggered by 148.113.202.220 (vps-9c9c4d3a.vps.ovh.ca): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 148.113.202.220 (vps-9c9c4d3a.vps.ovh.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 12:05:18.465367 2026] [security2:error] [pid 27952:tid 27952] [client 148.113.202.220:33980] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.earthtwoworkshop.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.earthtwoworkshop.com"] [uri "/wp/wp-json/wp/v2/users"] [unique_id "ajAivpoemm0wQjxUzgnUygAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 10:00:30 (4 days ago)	(mod_security) mod_security (id:225170) triggered by 148.113.202.220 (vps-9c9c4d3a.vps.ovh.ca): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 148.113.202.220 (vps-9c9c4d3a.vps.ovh.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 06:00:19.639981 2026] [security2:error] [pid 27466:tid 27466] [client 148.113.202.220:53952] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.stop902.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.stop902.org"] [uri "/wp-json/wp/v2/users"] [unique_id "ai_NM4Ig50cBy4HVX5ur_wAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 05:32:11 (5 days ago)	(mod_security) mod_security (id:225170) triggered by 148.113.202.220 (vps-9c9c4d3a.vps.ovh.ca): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 148.113.202.220 (vps-9c9c4d3a.vps.ovh.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 01:32:04.619378 2026] [security2:error] [pid 12358:tid 12358] [client 148.113.202.220:58272] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.asapstarsmogcheck.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.asapstarsmogcheck.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ai481K-g3hcseGSpzukVZAAAAEw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 22:59:50 (5 days ago)	(mod_security) mod_security (id:225170) triggered by 148.113.202.220 (vps-9c9c4d3a.vps.ovh.ca): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 148.113.202.220 (vps-9c9c4d3a.vps.ovh.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 18:59:46.665774 2026] [security2:error] [pid 9106:tid 9131] [client 148.113.202.220:56426] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.datuinc.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.datuinc.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ai3g4nMAHepv_PYQyQl1JwAAAJc"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-13 18:36:11 (6 days ago)	[redacted] 148.113.202.220 - - [13/Jun/2026:20:36:10 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" ... show more [redacted] 148.113.202.220 - - [13/Jun/2026:20:36:10 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0" [redacted] 148.113.202.220 - - [13/Jun/2026:20:36:10 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0" [redacted] 148.113.202.220 - - [13/Jun/2026:20:36:10 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0" [redacted] 148.113.202.220 - - [13/Jun/2026:20:36:10 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0" [redacted] 148.113.202.220 - - [13/Jun/2026:20:36:10 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0" ... show less	Hacking Web App Attack
Anonymous	2026-06-12 22:02:13 (6 days ago)	Attac	Brute-Force

Showing 1 to 15 of 104 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇬 194.5.82.164

🇮🇳 139.59.36.109

🇧🇷 205.210.31.217

🇹🇼 198.235.24.107

🇧🇷 189.127.172.48

🇮🇩 163.7.3.154

🇨🇴 152.200.181.42

🇹🇷 95.173.172.200

🇳🇱 45.153.34.195

🇺🇸 44.106.118.227

🇺🇸 192.34.128.202

🇵🇪 161.132.50.236

🇺🇸 138.197.200.106

🇺🇸 44.17.12.174

🇧🇪 34.78.189.165

🇮🇩 103.153.190.105

🇳🇱 91.92.40.27

🇳🇱 91.92.40.4

🇺🇸 44.90.188.217

🇺🇸 23.234.88.149