AbuseIPDB » 172.68.92.206
172.68.92.206 was found in our database!
This IP was reported 7 times. Confidence of
Abuse
is 0% : ?
ISP
Cloudflare, Inc.
Usage Type
Data Center/Web Hosting/Transit
ASN
AS13335
Domain Name
cloudflare.com
Country
๐ช๐ธ
Spain
City
Barcelona, Catalonia
IP info including ISP, Usage Type, and Location provided
by IPInfo . Updated weekly.
Important Note: 172.68.92.206 is an IP address from within
our whitelist belonging to the subnet
172.64.0.0/13 ,
which we identify as: "Cloudflare Reverse Proxy" .
Whitelisted netblocks are typically owned by trusted entities, such as Google
or Microsoft who may use them for search engine spiders. However, these same entities
sometimes also provide cloud servers and mail services which are easily abused. Pay special
attention when trusting or distrusting these IPs.
IP Abuse Reports for 172.68.92.206 :
This IP address has been reported a total of
7
times from
6 distinct
sources.
172.68.92.206 was first reported on
June 25th 2025 , and the most recent report was
5 days ago .
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
Reporter
IoA Timestamp (UTC)
Comment
Categories
Anonymous
2026-06-28 23:55:52
(5 days ago)
Unauthorized connection attempt
Port Scan
Hacking
Exploited Host
๐ฉ๐ช
acadeova
2026-05-29 08:31:25
(1 month ago)
๐จ Recon detected (nft drop)
SRC=172.68.92.206
Observed=TCP dpt=80 in=enp0s6 ttl=57
Time=recent(journ ...
show more
๐จ Recon detected (nft drop)
SRC=172.68.92.206
Observed=TCP dpt=80 in=enp0s6 ttl=57
Time=recent(journalctl: 10 minutes ago)
Assessment=Generic scanning / reconnaissance (PORT_SCAN)
show less
Port Scan
Anonymous
2026-04-06 04:33:40
(2 months ago)
2026-04-06T06:33:37.731984+02:00 nimbus sshd[84779]: Invalid user jenkins from 172.68.92.206 port 64 ...
show more
2026-04-06T06:33:37.731984+02:00 nimbus sshd[84779]: Invalid user jenkins from 172.68.92.206 port 64280
2026-04-06T06:33:37.892277+02:00 nimbus sshd[84779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.68.92.206
2026-04-06T06:33:40.127640+02:00 nimbus sshd[84779]: Failed password for invalid user jenkins from 172.68.92.206 port 64280 ssh2
...
show less
Brute-Force
SSH
๐ช๐ธ
robotstxt
2025-10-02 00:02:07
(9 months ago)
172.68.92.206 - - [01/Oct/2025:22:25:57 +0000] "GET /phpMyAdmin-4.5.4.1-all-languages HTTP/2.0" 404 ...
show more
172.68.92.206 - - [01/Oct/2025:22:25:57 +0000] "GET /phpMyAdmin-4.5.4.1-all-languages HTTP/2.0" 404 29977 "https://ccoo.cat/phpMyAdmin-4.5.4.1-all-languages" rt="0.458" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.201 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" "35.247.243.242,185.73.114.228" h="www.ccoo.cat" sn="www.ccoo.cat" ru="/phpMyAdmin-4.5.4.1-all-languages" u="/index.php" ucs="-" ua="unix:/var/run/php/ccoocat82.sock" us="404" uct="0.000" urt="0.458"
172.68.92.206 - - [01/Oct/2025:22:25:57 +0000] "GET /phpMyAdmin-4.5.4.1-all-languages HTTP/2.0" 404 29977 "https://ccoo.cat/phpMyAdmin-4.5.4.1-all-languages" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.201 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" "35.247.243.242,185.73.114.228"
172.68.92.206 - - [01/Oct/2025:23:5
...
show less
Bad Web Bot
๐ช๐ธ
el-brujo
2025-09-30 08:17:09
(9 months ago)
30/Sep/2025:10:17:09.063971 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ...
show more
30/Sep/2025:10:17:09.063971 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 172.68.92.206] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1056"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".inc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "el-hacker.org"] [uri "/manuales/Lenguajes de Progr
...
show less
Hacking
Web App Attack
๐ช๐ธ
el-brujo
2025-09-30 05:50:56
(9 months ago)
30/Sep/2025:07:50:56.586684 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ...
show more
30/Sep/2025:07:50:56.586684 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 172.68.92.206] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1056"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".inc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "el-hacker.org"] [uri "/manuales/Lenguajes de Progr
...
show less
Hacking
Web App Attack
Anonymous
2025-06-25 18:38:46
(1 year ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Showing 1 to
7
of 7 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown ๐ฉ
Recently Reported IPs: