AbuseIPDB » 185.207.107.216

185.207.107.216 was found in our database!

This IP was reported 1,380 times. Confidence of Abuse is 99%: ?

99%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	netcup GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS197540
Hostname(s)	NurembergTor11.quetzalcoatl-relays.org
Domain Name	netcup.de
Country	Germany
City	Nurnberg, Bavaria

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 185.207.107.216

Whois 185.207.107.216

IP Abuse Reports for 185.207.107.216:

This IP address has been reported a total of 1,380 times from 261 distinct sources. 185.207.107.216 was first reported on June 16th 2022, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
i-turnradio.nl	2025-07-17 06:03:03 (1 hour ago)	2025-07-17 @ 08:03:03 (CET) ~ Blocked based on risk assessment and prior abuse reports	Web App Attack
oncord	2025-07-16 18:09:02 (13 hours ago)	Form spam	Web Spam
LRob.fr	2025-07-16 14:15:15 (17 hours ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
mnsf	2025-07-16 02:05:00 (1 day ago)	Too many Status 40X (11)	Brute-Force Web App Attack
ThreatBook.io	2025-07-15 22:10:14 (1 day ago)	ThreatBook Intelligence: tor_proxy,Zombie more details on https://threatbook.io/ip/185.207.107.216<b ... show moreThreatBook Intelligence: tor_proxy,Zombie more details on https://threatbook.io/ip/185.207.107.216 2025-07-15 09:57:39 http://d3azdm1q0gvo54.cloudfront.net/ 2025-07-15 13:58:58 /favicon.ico show less	Web App Attack
Anonymous	2025-07-15 05:45:03 (2 days ago)	IP banned by Fail2Ban in jail nginx-abusive-ips	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-07-15 01:45:14 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 185.207.107.216 (NurembergTor11.quetzalcoatl-re ... show more(mod_security) mod_security (id:210492) triggered by 185.207.107.216 (NurembergTor11.quetzalcoatl-relays.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 14 21:45:01.209264 2025] [security2:error] [pid 1619:tid 1619] [client 185.207.107.216:34512] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.puregoldmorgans.com"] [uri "/.git/config"] [unique_id "aHWynfCW2VR1sk7EGbT2TQAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack
oncord	2025-07-14 18:50:51 (2 days ago)	Form spam	Web Spam
TPI-Abuse	2025-07-14 11:13:17 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 185.207.107.216 (NurembergTor11.quetzalcoatl-re ... show more(mod_security) mod_security (id:210492) triggered by 185.207.107.216 (NurembergTor11.quetzalcoatl-relays.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 14 07:13:09.459416 2025] [security2:error] [pid 1488:tid 1488] [client 185.207.107.216:14246] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "randykincaid.com"] [uri "/.git/config"] [unique_id "aHTmRYGXO0E243R-5FnoTwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
oncord	2025-07-13 09:43:51 (3 days ago)	Form spam	Web Spam
TPI-Abuse	2025-07-13 05:58:10 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 185.207.107.216 (NurembergTor11.quetzalcoatl-re ... show more(mod_security) mod_security (id:210492) triggered by 185.207.107.216 (NurembergTor11.quetzalcoatl-relays.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 13 01:58:05.483575 2025] [security2:error] [pid 21895:tid 21898] [client 185.207.107.216:25010] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "davidchapamusic.com"] [uri "/wp-config.php.tpl"] [unique_id "aHNK7Tf0XxqLSUn0_6sMcQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-07-12 21:49:01 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 185.207.107.216 (NurembergTor11.quetzalcoatl-re ... show more(mod_security) mod_security (id:210492) triggered by 185.207.107.216 (NurembergTor11.quetzalcoatl-relays.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 12 17:48:54.671809 2025] [security2:error] [pid 3919:tid 3919] [client 185.207.107.216:21448] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "weird.eco"] [uri "/wp-config.php_OLD_BK"] [unique_id "aHLYRrGwq1Ld0pyEvB5QaAAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
oncord	2025-07-12 06:05:49 (5 days ago)	Form spam	Web Spam
ᴀʀᴛ	2025-07-10 21:59:26 (6 days ago)	Triggered Cloudflare WAF (l7ddos) from T1. ASN: 197540 (NETCUP-AS netcup GmbH) Protocol: ... show moreTriggered Cloudflare WAF (l7ddos) from T1. ASN: 197540 (NETCUP-AS netcup GmbH) Protocol: HTTP/2 (GET method) UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	DDoS Attack Bad Web Bot
ᴀʀᴛ	2025-07-10 10:51:20 (6 days ago)	Triggered Cloudflare WAF (l7ddos) from T1. ASN: 197540 (NETCUP-AS netcup GmbH) Protocol: ... show moreTriggered Cloudflare WAF (l7ddos) from T1. ASN: 197540 (NETCUP-AS netcup GmbH) Protocol: HTTP/2 (GET method) UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 show less	DDoS Attack Bad Web Bot

Showing 1 to 15 of 1380 reports

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩

Recently Reported IPs:

65.49.1.142

83.222.190.254

120.157.221.32

195.178.110.224

103.144.247.183

147.185.132.225

104.152.52.62

14.139.243.12

137.184.141.3

20.172.70.65

193.32.162.145

113.87.187.58

152.32.204.21

5.255.100.84

194.0.234.20

176.65.148.61

167.94.138.53

198.235.24.58

45.78.193.10

8.219.231.133