JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 156.146.61.52

156.146.61.52 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 19%: ?

19%

ISP	Datacamp Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS60068
Hostname(s)	unn-156-146-61-52.cdn77.com
Domain Name	datacamp.co.uk
Country	🇦🇹 Austria
City	Vienna, State of Vienna

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 156.146.61.52

Whois 156.146.61.52

IP Abuse Reports for 156.146.61.52:

This IP address has been reported a total of 14 times from 12 distinct sources. 156.146.61.52 was first reported on November 30th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-19 18:00:25 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 156.146.61.52 (unn-156-146-61-52.cdn77.com): 1 ... show more (mod_security) mod_security (id:240335) triggered by 156.146.61.52 (unn-156-146-61-52.cdn77.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 14:00:18.421193 2026] [security2:error] [pid 12216:tid 12216] [client 156.146.61.52:59934] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 156.146.61.52 (+1 hits since last alert)\|thesalonx.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thesalonx.com"] [uri "/xmlrpc.php"] [unique_id "ajWDsmCjFjvNnv8ZOueo3gAAACI"] show less	Brute-Force Bad Web Bot Web App Attack
🇸🇬 securejdprop	2026-06-08 14:35:43 (1 week ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-probing. crowdsecurity/http-probing	Hacking Web App Attack
🇩🇪 HoneyPot-FrPri	2026-05-17 17:12:48 (1 month ago)	156.146.61.52 - - [17/May/2026:19:12:47 +0200] "GET /goform/goform_get_cmd_process?isTest=false&cmd= ... show more 156.146.61.52 - - [17/May/2026:19:12:47 +0200] "GET /goform/goform_get_cmd_process?isTest=false&cmd=modem_main_state%2Cpuknumber%2Cpinnumber%2Cpsw_fail_num_str%2Clogin_lock_time%2Cadmin_user%2Cadmin_P ... show less	Bad Web Bot Web App Attack
🇨🇭 Origon	2026-04-16 14:27:49 (2 months ago)	http-wordpress_user-enum - IP: 156.146.61.52 - time="2026-04-16T16:27:49+02:00" level=info msg="(55 ... show more http-wordpress_user-enum - IP: 156.146.61.52 - time="2026-04-16T16:27:49+02:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-wordpress_user-enum by ip 156.146.61.52 (AT/60068) : 4h ban on Ip 156.146.61.52" module=db show less	Web App Attack
🇺🇸 TPI-Abuse	2026-04-15 12:01:10 (2 months ago)	(mod_security) mod_security (id:225170) triggered by 156.146.61.52 (unn-156-146-61-52.cdn77.com): 1 ... show more (mod_security) mod_security (id:225170) triggered by 156.146.61.52 (unn-156-146-61-52.cdn77.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 15 08:01:03.267593 2026] [security2:error] [pid 2858026:tid 2858026] [client 156.146.61.52:54939] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|magnoliahillproductions.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "magnoliahillproductions.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ad99_4pqzaUBDC2cHAQvUgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 [email protected]	2026-01-24 06:42:16 (4 months ago)	156.146.61.52 - - [24/Jan/2026:06:42:12 +0000] "POST /wordpress/xmlrpc.php HTTP/1.1" 200 403 "-" "Mo ... show more 156.146.61.52 - - [24/Jan/2026:06:42:12 +0000] "POST /wordpress/xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0 Safari/537.36" 156.146.61.52 - - [24/Jan/2026:06:42:14 +0000] "POST /wordpress/xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0 Safari/537.36" 156.146.61.52 - - [24/Jan/2026:06:42:15 +0000] "POST /wordpress/xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0 Safari/537.36" ... show less	Web App Attack
🇨🇴 adalbertoreyes.org	2026-01-19 19:27:23 (5 months ago)	CategoryPortScan	Port Scan
🇩🇪 neogenius	2026-01-19 16:00:14 (5 months ago)	Web App Attack	Brute-Force Web App Attack
Anonymous	2026-01-15 19:48:02 (5 months ago)	Malicious activity detected	Hacking Web App Attack
Anonymous	2026-01-14 12:43:03 (5 months ago)	Malicious activity detected	Hacking Web App Attack
🇮🇩 Kencang.ID	2025-12-15 14:23:26 (6 months ago)	Failed Login Attempt 2025-12-15 14:23:26 \| 156.146.61.52 \| Desktop \| Microsoft Edge \| Vienna, Vienna ... show more Failed Login Attempt 2025-12-15 14:23:26 \| 156.146.61.52 \| Desktop \| Microsoft Edge \| Vienna, Vienna, Austria \| DataCamp Limited \| Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.43 show less	FTP Brute-Force Brute-Force
🇩🇪 Reinhard	2025-12-11 20:29:18 (6 months ago)	Unknown activity, but too many attacks with too many users.	Hacking
🇩🇪 conseilgouz	2025-11-30 14:25:44 (6 months ago)	coe-12 : Block return, carriage return, ... characters=>/developpements-joomla?id=1%27(')	Hacking
🇺🇸 masterguru	2025-11-30 13:31:53 (6 months ago)	COMODO WAF: Remote File Access Attempt. Match of "contains cpanel" against "REQUEST_URI" required. ( ... show more COMODO WAF: Remote File Access Attempt. Match of "contains cpanel" against "REQUEST_URI" required. (211190-124) show less	Hacking

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇽 201.165.168.2

🇺🇸 74.208.177.56

🇺🇸 3.87.27.156

🇲🇦 196.75.134.173

🇲🇽 186.96.158.180

🇮🇶 185.166.25.150

🇨🇳 118.196.13.204

🇦🇪 51.112.131.195

🇺🇸 50.6.228.32

🇪🇬 41.128.181.199

🇹🇭 202.29.223.30

🇩🇪 167.94.145.27

🇻🇳 118.70.131.235

🇨🇳 111.38.36.219

🇮🇳 103.160.153.158

🇺🇸 65.49.1.23

🇰🇷 58.229.253.119

🇳🇱 52.233.193.61

🇺🇸 47.251.65.123

🇸🇬 43.160.250.64