JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.21.252.40

185.21.252.40 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 28%: ?

28%

ISP	SRX TECNOLOGIA DA INFORMACAO LTDA
Usage Type	Data Center/Web Hosting/Transit
ASN	AS267507
Hostname(s)	server.mfsantos.com.br
Domain Name	srx.net.br
Country	🇧🇷 Brazil
City	Taquara, Rio Grande do Sul

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.21.252.40

Whois 185.21.252.40

IP Abuse Reports for 185.21.252.40:

This IP address has been reported a total of 12 times from 12 distinct sources. 185.21.252.40 was first reported on April 26th 2026, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇷 JeydasCyber	2026-06-09 13:35:00 (5 days ago)	Boleto Itau - Fake	Fraud Orders
🇺🇸 octageeks.com	2026-04-29 04:06:22 (1 month ago)	Wordpress malicious attack:[octausername]	Web App Attack
🇩🇪 4server	2026-04-29 00:43:50 (1 month ago)	[WedApr2902:43:46.3764542026][security2:error][pid1346074:tid1346091][client185.21.252.40:0]ModSecur ... show more [WedApr2902:43:46.3764542026][security2:error][pid1346074:tid1346091][client185.21.252.40:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"assmra.org\"][uri\"/wp-login.php\"][unique_id\"afFUQiJTZ99JiySpGzuNNAAAAEY\"]\,referer:https://assmra.org/wp-login.php show less	Port Scan Brute-Force Web App Attack
🇨🇿 huginet	2026-04-28 14:38:55 (1 month ago)	185.21.252.40 - - [28/Apr/2026:16:38:54 +0200] "POST /wp-login.php HTTP/1.1" 200 10202 "https://cent ... show more 185.21.252.40 - - [28/Apr/2026:16:38:54 +0200] "POST /wp-login.php HTTP/1.1" 200 10202 "https://centrum-eko-likvidace.org/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" 185.21.252.40 - - [28/Apr/2026:16:38:54 +0200] "POST /wp-login.php HTTP/1.1" 200 10202 "https://centrum-eko-likvidace.org/wp-login.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" ... show less	Web Spam Blog Spam Hacking Bad Web Bot Web App Attack
🇨🇦 KIsmay	2026-04-28 13:17:15 (1 month ago)	Apr 28 09:17:15 www4 WPAudit[3972562]: 185.21.252.40 bestnelson.org "Mozilla/5.0 (X11; Linux x86_64) ... show more Apr 28 09:17:15 www4 WPAudit[3972562]: 185.21.252.40 bestnelson.org "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" best nelson:best nelson01 FAIL Apr 28 09:17:15 www4 WPAudit[3972563]: 185.21.252.40 bestnelson.org "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Safari/605.1.15" Nelson at its Best:admin_2025 FAIL Apr 28 09:17:15 www4 WPAudit[3972564]: 185.21.252.40 bestnelson.org "Mozilla/5.0 (X11; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0" admin:admin.2028 FAIL Apr 28 09:17:15 www4 WPAudit[3972566]: 185.21.252.40 bestnelson.org "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" katietabor-developer:katietabor-developer001 FAIL Apr 28 09:17:15 www4 WPAudit[3972565]: 185.21.252.40 bestnelson.org "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.3 ... show less	Brute-Force Web App Attack
🇺🇸 mnsf	2026-04-28 11:05:30 (1 month ago)	Login Too Frequent (8)	Brute-Force Web App Attack
🇩🇪 LRob.fr	2026-04-28 09:00:16 (1 month ago)	WordPress login brute-force detected by Fail2Ban in plesk-wordpress jail	Brute-Force Web App Attack
🇺🇸 jormaster3k	2026-04-27 16:19:05 (1 month ago)	Attack against WordPress	Web App Attack
🇺🇸 TPI-Abuse	2026-04-27 13:15:41 (1 month ago)	(mod_security) mod_security (id:225170) triggered by 185.21.252.40 (server.mfsantos.com.br): 1 in th ... show more (mod_security) mod_security (id:225170) triggered by 185.21.252.40 (server.mfsantos.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 27 09:15:37.981271 2026] [security2:error] [pid 3632:tid 3632] [client 185.21.252.40:43244] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|lcoor.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "lcoor.org"] [uri "/wp-json/wp/v2/users"] [unique_id "ae9heUTdRbI75N_zZWEOuAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-04-26 21:59:47 (1 month ago)	185.21.252.40 - - [26/Apr/2026:23:59:42 +0200] "POST /wp-login.php HTTP/1.0" 200 3294 "https://www.n ... show more 185.21.252.40 - - [26/Apr/2026:23:59:42 +0200] "POST /wp-login.php HTTP/1.0" 200 3294 "https://www.natc.gov.zm/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" 185.21.252.40 - - [26/Apr/2026:23:59:46 +0200] "POST /wp-login.php HTTP/1.1" 200 2768 "https://www.natc.gov.zm/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" 185.21.252.40 - - [26/Apr/2026:23:59:42 +0200] "POST /wp-login.php HTTP/1.0" 200 3308 "https://www.natc.gov.zm/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Safari/605.1.15" 185.21.252.40 - - [26/Apr/2026:23:59:46 +0200] "POST /wp-login.php HTTP/1.1" 200 2782 "https://www.natc.gov.zm/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Safari/605.1.15" 185.21.252.40 - - [2 ... show less	Brute-Force Web App Attack
🇸🇬 pusathosting.com	2026-04-26 18:40:06 (1 month ago)	24ds22 bruteforce	Brute-Force Web App Attack
Anonymous	2026-04-26 17:19:31 (1 month ago)	Ports: *; Direction: 0; Trigger: CT_LIMIT	Brute-Force SSH

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇪 104.23.221.130

🇰🇷 175.206.1.60

🇨🇭 172.253.11.28

🇫🇷 161.97.121.116

🇺🇸 161.35.188.231

🇯🇵 139.162.113.212

🇨🇳 124.221.217.82

🇮🇩 114.10.47.235

🇲🇦 105.159.198.188

🇳🇬 102.164.37.97

🇭🇰 101.36.127.86

🇮🇳 98.70.48.241

🇺🇸 52.182.143.213

🇩🇪 46.225.66.186

🇸🇬 34.142.128.246

🇮🇹 31.59.89.180

🇺🇸 2a03:2880:f800:16::

🇨🇳 220.194.41.50

🇹🇭 203.172.213.166

🇦🇱 185.226.89.235