JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.195.19.198

185.195.19.198 was found in our database!

This IP was reported 15 times. Confidence of Abuse is 0%: ?

ISP	M247 Europe SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Hostname(s)	mluei-198.bametar.com
Domain Name	m247.com
Country	🇷🇴 Romania
City	Bucharest, Bucharest

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.195.19.198

Whois 185.195.19.198

IP Abuse Reports for 185.195.19.198:

This IP address has been reported a total of 15 times from 8 distinct sources. 185.195.19.198 was first reported on December 13th 2024, and the most recent report was 1 year ago.

Old Reports: The most recent abuse report for this IP address is from 1 year ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Helper-at-AbuseIP	2025-01-26 23:43:00 (1 year ago)	Tries to log on with various user name / password combinations. This another attempt from 185.19 ... show more Tries to log on with various user name / password combinations. This another attempt from 185.195.19.xxx. With the same method there were attemps from 185.195.19.195 185.195.19.196 185.195.19.198 185.195.19.200 185.195.19.202 185.195.19.203 over the past 12 month. show less	FTP Brute-Force Port Scan Hacking Brute-Force
🇺🇸 TPI-Abuse	2025-01-15 23:57:52 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 185.195.19.198 (mluei-198.bametar.com): 1 in th ... show more (mod_security) mod_security (id:210730) triggered by 185.195.19.198 (mluei-198.bametar.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 15 18:57:47.853509 2025] [security2:error] [pid 26320:tid 26337] [client 185.195.19.198:34215] [client 185.195.19.198] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|dpscsde.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "dpscsde.com"] [uri "/backups/mysql.sql"] [unique_id "Z4hLe9EmDCPXsBNAnXOjnAAAAQ0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-01-11 03:47:12 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 185.195.19.198 (mluei-198.bametar.com): 1 in th ... show more (mod_security) mod_security (id:210492) triggered by 185.195.19.198 (mluei-198.bametar.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 10 22:47:07.525456 2025] [security2:error] [pid 22605:tid 22605] [client 185.195.19.198:40591] [client 185.195.19.198] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.nationalenq.com"] [uri "/restore/sftp-config.json"] [unique_id "Z4HpuwsM4UtyaVW5SvVx6wAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 NorikOdin	2025-01-06 08:54:00 (1 year ago)	FritzBox attack with multiple usernames	Hacking
🇺🇸 TPI-Abuse	2025-01-05 22:22:19 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 185.195.19.198 (mluei-198.bametar.com): 1 in th ... show more (mod_security) mod_security (id:210730) triggered by 185.195.19.198 (mluei-198.bametar.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 05 17:22:13.131583 2025] [security2:error] [pid 19421:tid 19421] [client 185.195.19.198:10131] [client 185.195.19.198] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|trafficstopper.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "trafficstopper.com"] [uri "/dump.sql"] [unique_id "Z3sGFaXs0QDpiC0m47KbJgAAACI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-01-05 11:58:21 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 185.195.19.198 (mluei-198.bametar.com): 1 in th ... show more (mod_security) mod_security (id:210730) triggered by 185.195.19.198 (mluei-198.bametar.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 05 06:58:18.415990 2025] [security2:error] [pid 21864:tid 21864] [client 185.195.19.198:31705] [client 185.195.19.198] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.crypto-stamps.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.crypto-stamps.com"] [uri "/backup.sql"] [unique_id "Z3pz2kEBLpRPECDlcixGSAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 KNomis	2025-01-04 17:34:00 (1 year ago)	Ongoing Credential Stuffing against my FritzBox	Hacking Brute-Force Bad Web Bot
🇩🇪 MichaBe	2025-01-03 19:59:00 (1 year ago)	Unauthorized access attempt on fritzbox (20 times) different login names	Hacking Brute-Force
Anonymous	2024-12-29 11:55:33 (1 year ago)	Malicious activity detected	Hacking Web App Attack
🇺🇸 TPI-Abuse	2024-12-25 22:19:26 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 185.195.19.198 (mluei-198.bametar.com): 1 in th ... show more (mod_security) mod_security (id:210730) triggered by 185.195.19.198 (mluei-198.bametar.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 25 17:19:21.452058 2024] [security2:error] [pid 5125:tid 5150] [client 185.195.19.198:13693] [client 185.195.19.198] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|peapage.productions\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "peapage.productions"] [uri "/bak/sql.sql"] [unique_id "Z2yE6dBhHlhcWT9GTY2hHQAAANc"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2024-12-24 22:24:14 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇩🇪 Helper-at-AbuseIP	2024-12-15 23:57:00 (1 year ago)	Tries to log in with various user names / password combinations.	FTP Brute-Force Port Scan Hacking Brute-Force
🇺🇸 mnsf	2024-12-14 01:10:09 (1 year ago)	Too many Status 40X (15)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2024-12-13 05:10:15 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 185.195.19.198 (mluei-198.bametar.com): 1 in th ... show more (mod_security) mod_security (id:210730) triggered by 185.195.19.198 (mluei-198.bametar.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 13 00:10:10.761766 2024] [security2:error] [pid 20595:tid 20595] [client 185.195.19.198:42823] [client 185.195.19.198] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ezecredit.net\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ezecredit.net"] [uri "/backup/sql.sql"] [unique_id "Z1vBsrR9usjqPmVk0QX5iwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-12-13 03:58:18 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 185.195.19.198 (mluei-198.bametar.com): 1 in th ... show more (mod_security) mod_security (id:210730) triggered by 185.195.19.198 (mluei-198.bametar.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 12 22:58:11.016452 2024] [security2:error] [pid 4017173:tid 4017173] [client 185.195.19.198:26487] [client 185.195.19.198] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mapleleaf-marketing.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mapleleaf-marketing.com"] [uri "/www.sql"] [unique_id "Z1uw07gnTza5vOsFgMkF4gAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 15 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇷 173.249.52.138

🇮🇳 223.181.68.9

🇬🇧 193.163.125.58

🇩🇪 147.45.222.123

🇸🇬 114.119.130.177

🇺🇸 76.22.126.231

🇩🇪 69.5.169.132

🇬🇧 35.203.211.133

🇧🇪 34.53.135.16

🇬🇧 2a06:4880:a000::d0

🇮🇹 212.171.24.193

🇱🇹 185.2.228.48

🇲🇾 180.74.216.90

🇫🇮 178.20.210.151

🇫🇷 173.212.198.79

🇮🇳 122.175.109.162

🇨🇳 111.9.22.102

🇭🇰 101.32.208.70

🇺🇸 66.220.149.141

🇺🇸 66.132.224.29