JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.201.138.243

185.201.138.243 was found in our database!

This IP was reported 6 times. Confidence of Abuse is 14%: ?

14%

ISP	NETLABS LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS213954
Domain Name	netlabs.com.ua
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.201.138.243

Whois 185.201.138.243

IP Abuse Reports for 185.201.138.243:

This IP address has been reported a total of 6 times from 5 distinct sources. 185.201.138.243 was first reported on March 10th 2026, and the most recent report was 6 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-20 07:37:34 (6 hours ago)	(mod_security) mod_security (id:225170) triggered by 185.201.138.243 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 185.201.138.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 03:37:27.154799 2026] [security2:error] [pid 26267:tid 26267] [client 185.201.138.243:51545] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|popowich.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "popowich.net"] [uri "/wp-json/wp/v2/users"] [unique_id "ajZDNx6X5rwwaDXaaZeu5wAAAAk"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 sefinek.net	2026-06-07 11:26:09 (1 week ago)	Triggered Cloudflare WAF (firewallCustom) from DE. Action: MANAGED_CHALLENGE \| Protocol: HTTP/1.1 (G ... show more Triggered Cloudflare WAF (firewallCustom) from DE. Action: MANAGED_CHALLENGE \| Protocol: HTTP/1.1 (GET) \| Endpoint: /genshin-stella-mod \| UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/26.3 Safari/605.1.15 • Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇨🇦 Dunham Support	2026-04-07 21:46:20 (2 months ago)	(wordpress) Failed wordpress login from 185.201.138.243 (DE/Germany/-)	Brute-Force
🇺🇸 TPI-Abuse	2026-04-04 13:34:50 (2 months ago)	(mod_security) mod_security (id:225170) triggered by 185.201.138.243 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 185.201.138.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 04 09:34:43.780229 2026] [security2:error] [pid 13559:tid 13559] [client 185.201.138.243:45935] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|pamelalambert.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "pamelalambert.com"] [uri "/wp-json/wp/v2/users"] [unique_id "adETc3UDpl3_buoTR7-MegAAABw"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Skyrider	2026-03-28 22:17:10 (2 months ago)	185.201.138.243 - - [28/Mar/2026:23:17:08 +0100] "POST /xmlrpc.php HTTP/2.0" 404 114 "-" "Apache-Htt ... show more 185.201.138.243 - - [28/Mar/2026:23:17:08 +0100] "POST /xmlrpc.php HTTP/2.0" 404 114 "-" "Apache-HttpClient/4.5.13 (Java/11.0.30)" 185.201.138.243 - - [28/Mar/2026:23:17:08 +0100] "GET /wp-login.php HTTP/2.0" 404 178 "https://www.google.com" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" 185.201.138.243 - - [28/Mar/2026:23:17:09 +0100] "GET /wp-login.php HTTP/2.0" 404 178 "https://www.google.com" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" 185.201.138.243 - - [28/Mar/2026:23:17:09 +0100] "GET /wp-admin.php HTTP/2.0" 404 178 "https://www.google.com" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" 185.201.138.243 - - [28/Mar/2026:23:17:09 +0100] "GET /wp-json/wp/v2/users HTTP/2.0" 404 178 "https://www.google.com" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" show less	Bad Web Bot Web App Attack
🇨🇿 lp	2026-03-10 07:40:46 (3 months ago)	Unauthorized VPN login attempts: 2 attempts were recorded from 185.201.138.243 2026-03-10T07:03:41+0 ... show more Unauthorized VPN login attempts: 2 attempts were recorded from 185.201.138.243 2026-03-10T07:03:41+01:00 vpn Access-Reject 'Professor' station: 185.201.138.243 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>' 2026-03-10T07:09:10+01:00 vpn Access-Reject 'DENVER' station: 185.201.138.243 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>' show less	Brute-Force Web App Attack

Showing 1 to 6 of 6 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 106.12.241.195

🇿🇼 66.9.171.97

🇬🇧 2a06:4880:8000::ae

🇧🇷 177.44.71.228

🇨🇳 171.104.83.189

🇺🇸 135.237.126.123

🇷🇴 80.94.92.166

🇨🇳 210.13.99.66

🇺🇸 207.90.244.22

🇹🇼 198.235.24.117

🇮🇷 188.212.68.21

🇺🇸 173.236.215.92

🇬🇧 167.71.132.111

🇺🇸 162.216.150.10

🇺🇸 104.18.54.45

🇫🇷 91.196.152.199

🇫🇷 91.196.152.192

🇸🇬 47.236.194.29

🇯🇵 14.137.237.192

🇷🇴 2.57.122.238