JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.196.161.189

185.196.161.189 was found in our database!

This IP was reported 69 times. Confidence of Abuse is 51%: ?

51%

ISP	REGISTER S.P.A.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS35130
Domain Name	register.it
Country	🇮🇹 Italy
City	Milan, Lombardy

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.196.161.189

Whois 185.196.161.189

IP Abuse Reports for 185.196.161.189:

This IP address has been reported a total of 69 times from 28 distinct sources. 185.196.161.189 was first reported on October 3rd 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 dynamix	2026-06-11 14:33:29 (1 day ago)	WordPress wp-login.php Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 11:51:15 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 185.196.161.189 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 185.196.161.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 07:51:09.456752 2026] [security2:error] [pid 21224:tid 21224] [client 185.196.161.189:37512] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.bzbdesigns.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.bzbdesigns.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aiqhLQPNaWSapKRAtRwp5wAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 screwlooseit.com.au	2026-06-10 03:33:13 (2 days ago)	Blocked by CSF 13 firewall - Rule: IT/Italy/-	Web App Attack
🇺🇸 TPI-Abuse	2026-06-09 07:23:32 (3 days ago)	(mod_security) mod_security (id:225170) triggered by 185.196.161.189 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 185.196.161.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 03:23:25.908207 2026] [security2:error] [pid 30532:tid 30532] [client 185.196.161.189:37972] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|allfloridamedia.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "allfloridamedia.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aie_bYmjTlJ8f7BMkxHcKQAAACA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 17:36:23 (5 days ago)	(mod_security) mod_security (id:225170) triggered by 185.196.161.189 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 185.196.161.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 13:36:18.980924 2026] [security2:error] [pid 16898:tid 16898] [client 185.196.161.189:38398] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.lockdownclaim.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.lockdownclaim.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aiWsEr4BS6US_1ILuhRYDAAAACk"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 screwlooseit.com.au	2026-06-07 08:33:54 (5 days ago)	Blocked by CSF 13 firewall - Rule: IT/Italy/-	Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 20:48:15 (5 days ago)	(mod_security) mod_security (id:225170) triggered by 185.196.161.189 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 185.196.161.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 16:48:09.254695 2026] [security2:error] [pid 3441:tid 3441] [client 185.196.161.189:48690] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.yuichiro.us\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.yuichiro.us"] [uri "/wp-json/wp/v2/users"] [unique_id "aiSHiW-ZFX-zzEhGA3kEUQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 20:19:56 (6 days ago)	(mod_security) mod_security (id:225170) triggered by 185.196.161.189 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 185.196.161.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 16:19:52.099330 2026] [security2:error] [pid 11814:tid 11814] [client 185.196.161.189:53308] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|kulacenterky.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "kulacenterky.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aiMvaNE3EEsLtKZmbbH9ugAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-05 19:45:26 (6 days ago)	Multiple WAF Violations	Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 07:29:06 (1 week ago)	(mod_security) mod_security (id:225170) triggered by 185.196.161.189 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 185.196.161.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 03:29:00.396083 2026] [security2:error] [pid 14286:tid 14286] [client 185.196.161.189:51468] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|altoshp.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "altoshp.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ah_XvDgph0MSx_fwkjhz0wAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-31 01:41:26 (1 week ago)	[server.tmg.gr] httpd-suspicious-path: sites=aidshep2018.gr; logs=/var/log/httpd/domains/aidshep2018 ... show more [server.tmg.gr] httpd-suspicious-path: sites=aidshep2018.gr; logs=/var/log/httpd/domains/aidshep2018.gr.log; samples=/wp-json/wp/v2/users \| /?author=1 \| /?author=2 show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 00:42:57 (1 week ago)	(mod_security) mod_security (id:225170) triggered by 185.196.161.189 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 185.196.161.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 30 20:42:52.109030 2026] [security2:error] [pid 4563:tid 4563] [client 185.196.161.189:54690] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.digi-estudio.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.digi-estudio.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ahuEDBtoqjNfnfdzQLNQtQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-29 10:42:06 (2 weeks ago)	(mod_security) mod_security (id:225170) triggered by 185.196.161.189 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 185.196.161.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 06:42:01.971485 2026] [security2:error] [pid 6905:tid 6905] [client 185.196.161.189:40182] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.frelsburg.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.frelsburg.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ahltebwpZ53UgJxuW4hDmwAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Mangelot Hosting	2026-05-29 02:19:11 (2 weeks ago)	(wp_login_try) srv101 WP Login Attempt 185.196.161.189 (IT/Italy/-): 10 in the last 3600 secs; Ports ... show more (wp_login_try) srv101 WP Login Attempt 185.196.161.189 (IT/Italy/-): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
Anonymous	2026-05-28 15:07:24 (2 weeks ago)	[redacted] 185.196.161.189 - - [28/May/2026:17:07:20 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" ... show more [redacted] 185.196.161.189 - - [28/May/2026:17:07:20 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0" [redacted] 185.196.161.189 - - [28/May/2026:17:07:20 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:42.0) Gecko/20100101 Firefox/42.0" [redacted] 185.196.161.189 - - [28/May/2026:17:07:21 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" [redacted] 185.196.161.189 - - [28/May/2026:17:07:21 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0" [redacted] 185.196.161.189 - - [28/May/2026:17:07:21 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0" [redacted] 1 ... show less	Hacking Web App Attack

Showing 1 to 15 of 69 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 183.197.46.164

🇨🇦 85.217.149.23

🇫🇷 85.217.140.38

🇺🇸 206.0.68.175

🇹🇭 203.154.158.195

🇳🇱 185.213.174.22

🇺🇸 174.102.190.217

🇨🇳 171.217.92.33

🇯🇵 160.251.202.50

🇩🇪 116.202.20.68

🇻🇳 113.172.124.25

🇺🇸 107.167.34.125

🇺🇸 65.111.1.29

🇱🇺 64.89.161.184

🇳🇱 45.148.10.152

🇺🇸 3.131.142.122

🇨🇳 171.8.138.165

🇫🇮 147.185.133.194

🇨🇳 119.251.179.179

🇺🇸 91.230.168.25