JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.209.196.152

185.209.196.152 was found in our database!

This IP was reported 24 times. Confidence of Abuse is 31%: ?

31%

ISP	31173 Services AB infrastructure in Frankfurt, DE.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS39351
Domain Name	31173.se
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.209.196.152

Whois 185.209.196.152

IP Abuse Reports for 185.209.196.152:

This IP address has been reported a total of 24 times from 22 distinct sources. 185.209.196.152 was first reported on February 4th 2024, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇩 zam	2026-06-23 00:04:38 (1 hour ago)	185.209.196.152 - - [23/Jun/2026:00:03:51 +0000] "GET /wp-login.php HTTP/1.1" 404 81174 185.209.196. ... show more 185.209.196.152 - - [23/Jun/2026:00:03:51 +0000] "GET /wp-login.php HTTP/1.1" 404 81174 185.209.196.152 - - [23/Jun/2026:00:04:11 +0000] "GET /blog/wp-login.php HTTP/1.1" 404 81174 185.209.196.152 - - [23/Jun/2026:00:04:12 +0000] "GET /blog/wp-login.php HTTP/1.1" 404 81174 185.209.196.152 - - [23/Jun/2026:00:04:21 +0000] "GET /wp/wp-login.php HTTP/1.1" 404 81174 185.209.196.152 - - [23/Jun/2026:00:04:22 +0000] "GET /blog/wp-login.php HTTP/1.1" 404 81174 {"log":"185.209.196.152 - - [23/Jun/2026:00:04:24 +0000] "GET /word show less	Web App Attack
🇫🇷 ELYAZ	2026-06-22 19:08:52 (6 hours ago)	(y4) Failed scan -byebye- from 185.209.196.152 (DE/Germany/-): (CF_ENABLE)	Hacking
🇦🇺 gregoo23	2026-06-22 18:19:26 (7 hours ago)	185.209.196.152 - - [23/Jun/2026:04:19:18 +1000] "GET /blog/wp-login.php HTTP/1.1" 410 592 "-" "Mozi ... show more 185.209.196.152 - - [23/Jun/2026:04:19:18 +1000] "GET /blog/wp-login.php HTTP/1.1" 410 592 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 185.209.196.152 - - [23/Jun/2026:04:19:22 +1000] "GET /wp/wp-login.php HTTP/1.1" 404 70192 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 185.209.196.152 - - [23/Jun/2026:04:19:25 +1000] "GET /wordpress/wp-login.php HTTP/1.1" 404 70173 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/120.0.2210.91" ... show less	Bad Web Bot Web App Attack
🇧🇪 cmbplf	2026-06-22 14:33:43 (11 hours ago)	5.121 requests with url.path */xmlrpc.php	Brute-Force Bad Web Bot
🇩🇪 Carsten	2026-05-24 07:09:28 (4 weeks ago)	GET [index.php?artnr=30&inhalt=artikel%27]	Port Scan
🇫🇷 conseilgouz	2026-04-23 14:01:29 (1 month ago)	hae-12 : Block return, carriage return, ... characters=>/plan-du-site?id=1&view=html%27(')	Hacking
🇳🇱 mieg	2026-04-23 13:57:20 (1 month ago)	Web vulnerability probing	Brute-Force Web App Attack
🇨🇭 backslash	2026-03-28 04:51:03 (2 months ago)	block ruleset Badbot using very old user-agents 5CF3CDB778C7D82564405B86B9242E612F378C68	Bad Web Bot
🇩🇪 FeG Deutschland	2026-03-28 04:39:24 (2 months ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 2	Exploited Host Web App Attack
🇺🇸 oncord	2026-03-11 02:17:38 (3 months ago)	Form spam	Web Spam
Anonymous	2026-03-06 22:30:10 (3 months ago)	\| Multiple SQL injection attempts from same source ip.(multiple servers)	Web App Attack Hacking SQL Injection
🇬🇧 Mendip_Defender	2026-03-05 15:56:08 (3 months ago)	185.209.196.152 - - [05/Mar/2026:15:56:04 +0000] "GET /wp-content/plugins/give/give.php HTTP/1.0" 40 ... show more 185.209.196.152 - - [05/Mar/2026:15:56:04 +0000] "GET /wp-content/plugins/give/give.php HTTP/1.0" 404 4876 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 185.209.196.152 - - [05/Mar/2026:15:56:05 +0000] "GET /wp-content/plugins/woocommerce-gateway-paypal-powered-by-braintree/woocommerce-gateway-paypal-powered-by-braintree.php HTTP/1.0" 404 4876 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 185.209.196.152 - - [05/Mar/2026:15:56:05 +0000] "GET /wp-content/plugins/woo-payment-gateway/woo-payment-gateway.php HTTP/1.0" 404 4876 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" ... show less	Hacking Web App Attack
🇨🇭 barateza	2026-02-14 11:00:05 (4 months ago)	WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail	Web App Attack
🇮🇩 Burayot	2026-01-20 18:30:22 (5 months ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 185.209.196.152 (DE/Germany/-): 1 i ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 185.209.196.152 (DE/Germany/-): 1 in the last 3600 secs show less	Web App Attack
Anonymous	2025-12-12 13:14:28 (6 months ago)	Blocked: Reason='Auto-block via DW'; Requests=0	Hacking

Showing 1 to 15 of 24 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.25.89.74

🇩🇪 141.11.187.237

🇸🇬 103.134.154.138

🇫🇷 85.217.140.52

🇺🇸 2a04:c300:400::187

🇵🇰 223.123.36.77

🇺🇸 216.244.66.241

🇨🇦 85.217.149.41

🇸🇪 83.226.181.38

🇲🇳 66.181.185.135

🇸🇬 45.82.78.104

🇪🇸 34.175.86.178

🇰🇷 1.238.106.229

🇰🇷 221.162.63.153

🇺🇸 216.180.246.37

🇪🇬 197.42.194.202

🇺🇸 194.187.179.38

🇷🇺 178.207.10.91

🇳🇱 176.65.132.218

🇨🇦 138.197.143.91