JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 149.248.63.183

149.248.63.183 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 95%: ?

95%

ISP	Vultr Holdings, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS20473
Hostname(s)	149.248.63.183.vultrusercontent.com
Domain Name	vultr.com
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 149.248.63.183

Whois 149.248.63.183

IP Abuse Reports for 149.248.63.183:

This IP address has been reported a total of 21 times from 17 distinct sources. 149.248.63.183 was first reported on June 24th 2026, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇲🇽 octageeks.com	2026-06-26 04:12:03 (1 hour ago)	Wordpress malicious attack:[octascan]	Web App Attack
🇨🇿 ddw	2026-06-25 23:59:39 (5 hours ago)	Access Violation Attempts - Multiple 403 Forbidden responses.	Hacking Bad Web Bot Web App Attack
🇺🇸 etu brutus	2026-06-25 22:04:11 (7 hours ago)	149.248.63.183 has been banned for [WebApp Attack] ...	Hacking Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2026-06-25 21:45:08 (7 hours ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
🇩🇪 Lino Project	2026-06-25 19:14:13 (10 hours ago)	149.248.63.183 - - [25/Jun/2026:21:14:10 +0200] "GET /wp-content/plugins/fix/up.php HTTP/1.1" 404 13 ... show more 149.248.63.183 - - [25/Jun/2026:21:14:10 +0200] "GET /wp-content/plugins/fix/up.php HTTP/1.1" 404 139728 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" ... show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 psauxit	2026-06-25 14:32:55 (14 hours ago)	Fail2Ban - NGINX bad requests 400-401-403-404-444, high level vulnerability scanning, commonly xmlrp ... show more Fail2Ban - NGINX bad requests 400-401-403-404-444, high level vulnerability scanning, commonly xmlrpc_attack, wp-login brute force, excessive crawling/scraping show less	Web App Attack Hacking
🇬🇷 setupgr	2026-06-25 13:13:23 (16 hours ago)	(mod_security) mod_security (id:11000011) triggered by 149.248.63.183 (CA/Canada/Ontario/Toronto (Ol ... show more (mod_security) mod_security (id:11000011) triggered by 149.248.63.183 (CA/Canada/Ontario/Toronto (Old Toronto)/-/[AS20473 AS-VULTR]): 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Thu Jun 25 16:13:18.993503 2026] [security2:error] [pid 358185:tid 358297] [client 149.248.63.183:61551] ModSecurity: Access denied with code 406 (phase 1). Matched phrase "vultrusercontent.com" at REMOTE_HOST. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "131"] [id "11000011"] [msg "BLOCKED BAD DOMAIN: 149.248.63.183.vultrusercontent.com"] [severity "CRITICAL"] [hostname "pose.gr"] [uri "/wp-content/plugins/fix/up.php"] [unique_id "aj0pbjpPCootS5mrGd4ZuQAAAZY"] show less	Port Scan
🇭🇺 bcsaba	2026-06-25 12:06:15 (17 hours ago)	Looking for WP exploit 149.248.63.183 - - [25/Jun/2026:14:06:13 +0200] "GET //wp-content/plugins/fix ... show more Looking for WP exploit 149.248.63.183 - - [25/Jun/2026:14:06:13 +0200] "GET //wp-content/plugins/fix/up.php HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" show less	Web App Attack
🇩🇪 london2038.com	2026-06-25 11:20:20 (17 hours ago)	Probing for exploits 149.248.63.183 - - [25/Jun/2026:13:20:16 +0200] "GET //wp-content/plugins/fix/u ... show more Probing for exploits 149.248.63.183 - - [25/Jun/2026:13:20:16 +0200] "GET //wp-content/plugins/fix/up.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" 149.248.63.183 - - [25/Jun/2026:13:20:17 +0200] "GET //wp-content/plugins/fix/up.php HTTP/1.1" 301 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" show less	Hacking Web App Attack
🇭🇺 bcsaba	2026-06-25 10:30:28 (18 hours ago)	Looking for WP exploit 149.248.63.183 - - [25/Jun/2026:12:30:27 +0200] "GET //wp-content/plugins/fix ... show more Looking for WP exploit 149.248.63.183 - - [25/Jun/2026:12:30:27 +0200] "GET //wp-content/plugins/fix/up.php HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" show less	Web App Attack
🇺🇸 RLDD	2026-06-25 09:15:00 (20 hours ago)	WP probing for vulnerabilities -lev	Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-06-24 22:06:02 (1 day ago)	Fail2Ban - [WEB]Custom exploit pattern detected on customexploits ... [ice01,wa01,wa02]	Hacking Brute-Force Bad Web Bot Web App Attack
🇧🇪 cmbplf	2026-06-24 21:01:16 (1 day ago)	2.375 requests to many distinct domains in 1 hour (3w2d20h)	Brute-Force Bad Web Bot
🇫🇷 ELYAZ	2026-06-24 20:50:15 (1 day ago)	(y3) Failed access -byebye- from 149.248.63.183 (CA/Canada/149.248.63.183.vultrusercontent.com): (C ... show more (y3) Failed access -byebye- from 149.248.63.183 (CA/Canada/149.248.63.183.vultrusercontent.com): (CF_ENABLE) show less	Hacking
🇩🇪 london2038.com	2026-06-24 20:39:52 (1 day ago)	Probing for exploits 149.248.63.183 - - [24/Jun/2026:22:39:49 +0200] "GET //wp-content/plugins/fix/u ... show more Probing for exploits 149.248.63.183 - - [24/Jun/2026:22:39:49 +0200] "GET //wp-content/plugins/fix/up.php HTTP/1.1" 301 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" 149.248.63.183 - - [24/Jun/2026:22:39:48 +0200] "GET //wp-content/plugins/fix/up.php HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" show less	Hacking Web App Attack

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 184.105.247.220

🇩🇪 69.5.169.162

🇺🇸 66.132.195.110

🇺🇸 65.49.1.16

🇰🇼 62.150.51.201

🇱🇹 62.60.130.14

🇬🇧 35.203.210.156

🇬🇧 216.226.76.30

🇺🇸 216.25.89.76

🇵🇰 203.135.42.52

🇩🇪 185.242.3.226

🇸🇦 178.81.221.73

🇯🇵 162.43.120.162

🇻🇳 103.82.195.111

🇺🇸 66.132.172.96

🇱🇹 45.227.254.170

🇧🇷 45.205.1.242

🇮🇳 35.234.210.200

🇺🇸 20.163.15.220

🇺🇸 141.11.88.22