JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.213.154.206

185.213.154.206 was found in our database!

This IP was reported 156 times. Confidence of Abuse is 53%: ?

53%

ISP	31173 Services AB infrastructure in Gothenburg, SE.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS39351
Domain Name	31173.se
Country	🇸🇪 Sweden
City	Gothenburg, Vastra Gotaland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.213.154.206

Whois 185.213.154.206

IP Abuse Reports for 185.213.154.206:

This IP address has been reported a total of 156 times from 64 distinct sources. 185.213.154.206 was first reported on September 6th 2023, and the most recent report was 8 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 NetGuard	2026-06-18 08:26:22 (8 hours ago)	#honeypot #netguard247 #ciscoasa Captured by NetGuard 24/7 T-Pot honeypot (netguard24-7.com). Timest ... show more #honeypot #netguard247 #ciscoasa Captured by NetGuard 24/7 T-Pot honeypot (netguard24-7.com). Timestamp: 2026-06-18T08:26:22.663+00:00 Attacker IP: 185.213.154.206 \| Port: N/A \| Country: Sweden Honeypot: ciscoasa \| Attack: unknown Source: NetGuard 24/7 (netguard24-7.com) \| PhantomGrid Defense show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 06:17:21 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 185.213.154.206 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.213.154.206 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 02:17:17.936521 2026] [security2:error] [pid 28283:tid 28283] [client 185.213.154.206:41980] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bddev.com"] [uri "/.git/index"] [unique_id "aipS7RoW_xEmHfgdNAoKngAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇭🇺 bcsaba	2026-06-11 05:59:39 (1 week ago)	Probing for .git: 185.213.154.206 - - [11/Jun/2026:07:40:01 +0200] "GET /.git/index HTTP/2.0" 403 14 ... show more Probing for .git: 185.213.154.206 - - [11/Jun/2026:07:40:01 +0200] "GET /.git/index HTTP/2.0" 403 146 "-" "moving-to-bins/1.0" show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 05:56:48 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 185.213.154.206 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.213.154.206 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 01:56:43.350961 2026] [security2:error] [pid 21863:tid 21876] [client 185.213.154.206:40888] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "baronlongford.com"] [uri "/.git/index"] [unique_id "aipOG5m9d8mFVMasYOOoygAAAYo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-11 05:05:33 (1 week ago)	Abuse Detected (3)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 04:14:15 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 185.213.154.206 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.213.154.206 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 00:14:11.927353 2026] [security2:error] [pid 395:tid 395] [client 185.213.154.206:54180] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "assistfeed.com"] [uri "/.git/index"] [unique_id "aio2Ex2g-_H5XY7oOq8xHAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Major Hostility	2026-06-11 03:41:27 (1 week ago)	"GET /.git/index HTTP/1.1" 404 "GET /.git/index HTTP/1.1" 404	Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 03:37:08 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 185.213.154.206 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.213.154.206 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 23:37:05.283358 2026] [security2:error] [pid 20478:tid 20483] [client 185.213.154.206:52834] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arrowsinthequiver.com"] [uri "/.git/index"] [unique_id "aiotYVVDnW9RxKAS0QZEUAAAAMI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 NetGuard	2026-06-10 08:09:22 (1 week ago)	#honeypot #netguard247 #ciscoasa Captured by NetGuard 24/7 T-Pot honeypot (netguard24-7.com). Timest ... show more #honeypot #netguard247 #ciscoasa Captured by NetGuard 24/7 T-Pot honeypot (netguard24-7.com). Timestamp: 2026-06-10T08:09:22.875+00:00 Attacker IP: 185.213.154.206 \| Port: N/A \| Country: Sweden Honeypot: ciscoasa \| Attack: unknown Source: NetGuard 24/7 (netguard24-7.com) \| PhantomGrid Defense show less	Web App Attack
🇬🇧 consul.to	2026-06-08 11:00:46 (1 week ago)	Web attack/malicious scanning detected	Web App Attack
🇨🇭 SnapDragon	2026-06-04 06:55:00 (2 weeks ago)	Failed to log in via user account "admin". Source IP address: 185.213.154.206	Brute-Force
🇮🇪 hollenal	2026-06-03 15:50:45 (2 weeks ago)	Failed to log in. User: fockyou_25. Source IP: 185.213.154.206	Brute-Force Web App Attack
🇺🇸 NetGuard	2026-06-01 11:18:04 (2 weeks ago)	#honeypot #netguard247 #ciscoasa Captured by NetGuard 24/7 T-Pot honeypot (netguard24-7.com). Timest ... show more #honeypot #netguard247 #ciscoasa Captured by NetGuard 24/7 T-Pot honeypot (netguard24-7.com). Timestamp: 2026-06-01T11:18:04.465+00:00 Attacker IP: 185.213.154.206 \| Port: N/A \| Country: Sweden Honeypot: ciscoasa \| Attack: unknown Source: NetGuard 24/7 (netguard24-7.com) \| PhantomGrid Defense show less	Web App Attack
🇷🇺 Agrohim	2026-05-28 00:10:32 (3 weeks ago)	Gate Inet blocked for categories:	DDoS Attack Ping of Death Port Scan Hacking Brute-Force
Anonymous	2026-05-26 12:31:01 (3 weeks ago)	Try to connect to Port_Scan_51820_stealth	Port Scan

Showing 1 to 15 of 156 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇭 209.99.189.177

🇩🇪 192.109.200.78

🇺🇸 146.135.32.68

🇺🇸 107.175.232.135

🇳🇬 102.88.137.80

🇺🇸 71.235.27.139

🇫🇷 51.68.34.131

🇨🇳 43.136.39.92

🇺🇸 198.62.4.76

🇯🇵 163.44.101.215

🇭🇰 152.32.215.244

🇧🇩 103.171.69.66

🇨🇳 101.126.92.162

🇳🇱 45.198.224.115

🇳🇱 45.148.10.157

🇨🇳 27.24.141.95

🇺🇸 198.62.5.81

🇧🇷 190.8.8.124

🇺🇸 172.174.17.234

🇺🇸 147.185.132.150