JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.170.153.97

185.170.153.97 was found in our database!

This IP was reported 45 times. Confidence of Abuse is 100%: ?

100%

ISP	SERV.HOST GROUP LTD
Usage Type	Data Center/Web Hosting/Transit
ASN	AS207957
Hostname(s)	a3840926893.serv.host
Domain Name	serv.host
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.170.153.97

Whois 185.170.153.97

IP Abuse Reports for 185.170.153.97:

This IP address has been reported a total of 45 times from 23 distinct sources. 185.170.153.97 was first reported on May 21st 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 nodepile	2026-06-04 22:03:20 (1 day ago)	Requests denied due to active blacklist hits (tenant=82 method=POST path=/customer/address_file/uplo ... show more Requests denied due to active blacklist hits (tenant=82 method=POST path=/customer/address_file/upload ua='Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2751.2 Safari/537.36') show less	Web App Attack Exploited Host
🇩🇪 ecs.ge	2026-06-04 06:01:23 (2 days ago)	Automatic Fail2Ban report from jail plesk-modsecurity: multiple matching events detected.	Web App Attack Hacking
🇩🇪 4server	2026-06-04 05:17:35 (2 days ago)	[ThuJun0407:17:32.7508402026][security2:error][pid2831846:tid2831953][client185.170.153.97:0]ModSecu ... show more [ThuJun0407:17:32.7508402026][security2:error][pid2831846:tid2831953][client185.170.153.97:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"mail.gmint.ch\"][uri\"/wp-content/plugins/wp-automatic/css/wp-automatic.css\"][unique_id\"aiEKbNfKdQbqMcyYjTqsdQAAAQU\"] show less	Port Scan Brute-Force Web App Attack
🇫🇮 [email protected]	2026-06-04 01:46:08 (2 days ago)	Attack attempt against Interwebbi servers; (WPNINJA) Ninja Firewall attack on trackpunkracing.com (W ... show more Attack attempt against Interwebbi servers; (WPNINJA) Ninja Firewall attack on trackpunkracing.com (WP vulnerability) 185.170.153.97 (US/United States/a3840926893.serv.host): 1 in the last 3600 secs (CF_ENABLE); IP: 185.170.153.97; Ports: *; Direction: 0; Trigger: LF_CUSTOMTRIGGER; show less	Web App Attack
🇪🇸 el-brujo	2026-06-03 16:58:34 (2 days ago)	Cloudflare WAF: Request Path: /admin/plugins/ckeditor/fm/connectors/php/upload.php Request Query: ?T ... show more Cloudflare WAF: Request Path: /admin/plugins/ckeditor/fm/connectors/php/upload.php Request Query: ?Type=Image Host: foro.elhacker.net userAgent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0 Action: log Source: firewallManaged ASN Description: SERV.HOST GROUP LTD Country: DE Method: POST Timestamp: 2026-06-03T16:58:34Z ruleId: 6179ae15870a4bb7b2d480d4843b323c. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇺🇸 koinkash.org	2026-06-03 11:55:46 (2 days ago)	They are fraudulent. Malicious threat actor requesting css file /wp-content/plugins/wp-automatic/css ... show more They are fraudulent. Malicious threat actor requesting css file /wp-content/plugins/wp-automatic/css/wp-automatic.css show less	Web App Attack
🇬🇧 consul.to	2026-06-02 14:07:41 (3 days ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 nodepile	2026-06-02 10:40:47 (3 days ago)	Requests denied due to active blacklist hits (tenant=82 method=POST path=/customer/address_file/uplo ... show more Requests denied due to active blacklist hits (tenant=82 method=POST path=/customer/address_file/upload ua='Mozilla/5.0 (X11; Ubuntu; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2672.71 Safari/537.36') show less	Web App Attack Exploited Host
🇫🇮 [email protected]	2026-06-02 09:30:52 (4 days ago)	Attack attempt against Interwebbi servers; (WPNINJA) Ninja Firewall attack on trackpunkracing.com (W ... show more Attack attempt against Interwebbi servers; (WPNINJA) Ninja Firewall attack on trackpunkracing.com (WP vulnerability) 185.170.153.97 (US/United States/a3840926893.serv.host): 1 in the last 3600 secs (CF_ENABLE); IP: 185.170.153.97; Ports: *; Direction: 0; Trigger: LF_CUSTOMTRIGGER; show less	Web App Attack
🇩🇪 Hugopvigo	2026-06-01 20:40:20 (4 days ago)	"2026-06-01 20:40:20+00:00 185.170.153.97 IP con score alto (99) detectada en el log."	Brute-Force SSH
🇫🇷 Baking333	2026-06-01 16:07:50 (4 days ago)	[redacted] 185.170.153.97 - - [01/Jun/2026:17:06:17 +0100] "GET /.env HTTP/1.1" 302 5288 0/44164 "-" ... show more [redacted] 185.170.153.97 - - [01/Jun/2026:17:06:17 +0100] "GET /.env HTTP/1.1" 302 5288 0/44164 "-" "Mozilla/5.0 (Windows NT 6.3; rv:50.0) Gecko/20100101 Firefox/50.0" [redacted] 185.170.153.97 - - [01/Jun/2026:17:07:48 +0100] "GET /[redacted] HTTP/1.1" 302 1559 0/179827 "https://[redacted]/" "Mozilla/5.0 (Windows NT 6.3; rv:50.0) Gecko/20100101 Firefox/50.0" show less	Bad Web Bot Web App Attack
🇧🇪 voormedia	2026-06-01 00:53:14 (5 days ago)	Accessed trap at '/.env'	Web App Attack
🇳🇱 Savvii	2026-05-31 15:34:52 (5 days ago)	20 attempts against mh-misbehave-ban on frost	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-31 14:38:18 (5 days ago)	185.170.153.97 - - [31/May/2026:14:38:17 +0000] "GET /.env HTTP/1.1" 301 532 "-" "Mozilla/5.0 (Windo ... show more 185.170.153.97 - - [31/May/2026:14:38:17 +0000] "GET /.env HTTP/1.1" 301 532 "-" "Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2659.41 Safari/537.36" ... show less	Brute-Force Web App Attack
🇺🇸 nodepile	2026-05-31 10:40:37 (5 days ago)	Requests denied due to active blacklist hits (tenant=82 method=POST path=/customer/address_file/uplo ... show more Requests denied due to active blacklist hits (tenant=82 method=POST path=/customer/address_file/upload ua='Mozilla/5.0 (Windows NT 6.1; rv:50.0) Gecko/20100101 Firefox/50.0') show less	Web App Attack Exploited Host

Showing 1 to 15 of 45 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2a04:c602:409:90:9999::22

🇰🇷 222.102.21.104

🇩🇪 194.187.176.190

🇺🇸 167.172.152.94

🇨🇳 101.33.247.61

🇳🇱 81.19.216.83

🇸🇬 47.82.13.222

🇺🇸 18.191.78.221

🇷🇺 2a0a:5685:3673:81a2:224:21ff:fec5:28a6

🇵🇰 154.57.195.201

🇱🇹 81.30.98.44

🇫🇷 79.91.251.133

🇺🇸 54.215.190.115

🇰🇷 52.79.233.48

🇸🇬 47.245.81.177

🇸🇬 43.106.3.231

🇮🇪 34.240.99.48

🇱🇹 194.165.16.166

🇳🇱 193.176.31.222

🇺🇸 185.238.231.93