JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.213.154.244

185.213.154.244 was found in our database!

This IP was reported 411 times. Confidence of Abuse is 65%: ?

65%

ISP	31173 Services AB infrastructure in Gothenburg, SE.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS39351
Domain Name	31173.se
Country	🇸🇪 Sweden
City	Gothenburg, Vastra Gotaland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.213.154.244

Whois 185.213.154.244

IP Abuse Reports for 185.213.154.244:

This IP address has been reported a total of 411 times from 164 distinct sources. 185.213.154.244 was first reported on April 30th 2022, and the most recent report was 18 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇿 Countryman	2026-06-17 00:10:02 (18 hours ago)	repeated unauthorized VPN login attempt, user sweep	VPN IP Hacking Brute-Force
🇩🇪 formality	2026-06-15 10:28:55 (2 days ago)	Invalid user me from 185.213.154.244 port 56856	Brute-Force SSH
🇷🇺 weke	2026-06-10 03:05:58 (1 week ago)	ip=185.213.154.244 \| user=anand \| pass=anand \| event=cowrie.login.failed \| source=ssh honeypot MSK \| ... show more ip=185.213.154.244 \| user=anand \| pass=anand \| event=cowrie.login.failed \| source=ssh honeypot MSK \| time=2026-06-10T03:05:58.034778Z show less	Brute-Force SSH
🇱🇻 alliance	2026-06-09 05:58:20 (1 week ago)	Jun 9 08:58:17 ***** sshd[3584952]: Invalid user teamspeak from 185.213.154.244 port 50766	Brute-Force SSH
🇩🇪 McClay	2026-06-04 01:07:22 (1 week ago)	Illegal access attempt:2026-06-04T03:07:20.113106+02:00 xn--kster-juait sshd[2071319]: pam_unix(sshd ... show more Illegal access attempt:2026-06-04T03:07:20.113106+02:00 xn--kster-juait sshd[2071319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.213.154.244 2026-06-04T03:07:21.898355+02:00 xn--kster-juait sshd[2071319]: Failed password for invalid user suporte from 185.213.154.244 port 49662 ssh2 ... show less	Brute-Force SSH
🇬🇧 aorth	2026-06-03 19:44:06 (1 week ago)	Jun 03 20:44:06 Invalid user vpn from 185.213.154.244 port 60886	Brute-Force SSH
🇩🇪 invalidLuca	2026-05-27 05:09:11 (3 weeks ago)	[SSH2] Unauthorized connection attempt from 185.213.154.244	Brute-Force SSH
🇺🇸 TPI-Abuse	2026-05-27 03:52:17 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 185.213.154.244 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.213.154.244 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 23:52:11.048483 2026] [security2:error] [pid 19397:tid 19397] [client 185.213.154.244:60896] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "elcalamo.com"] [uri "/.git/index"] [unique_id "ahZqazp-jjZPjJFCT_Z1qgAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 03:35:12 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 185.213.154.244 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.213.154.244 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 23:35:05.864430 2026] [security2:error] [pid 17538:tid 17538] [client 185.213.154.244:34796] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "efhgtc.org"] [uri "/.git/index"] [unique_id "ahZmaXrMCVP3phNfhInPbAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 01:58:45 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 185.213.154.244 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.213.154.244 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 21:58:40.485490 2026] [security2:error] [pid 14031:tid 14031] [client 185.213.154.244:41420] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "centreguephel.org"] [uri "/.git/index"] [unique_id "ahZP0JJf38V2LHCuCNezcAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 big-cloud.nl	2026-05-27 01:36:58 (3 weeks ago)	Try to access /.git/index	Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 01:30:08 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 185.213.154.244 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.213.154.244 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 21:30:04.378176 2026] [security2:error] [pid 12160:tid 12160] [client 185.213.154.244:56878] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "catholicshopper.com"] [uri "/.git/index"] [unique_id "ahZJHD0avTX5WiO46-1Y-gAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 00:52:43 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 185.213.154.244 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.213.154.244 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 20:52:39.167318 2026] [security2:error] [pid 15974:tid 15974] [client 185.213.154.244:40896] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "caquintet.com"] [uri "/.git/index"] [unique_id "ahZAV0lqrtfFVdJTnpm-yAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-05-27 00:33:27 (3 weeks ago)	Web attack/malicious scanning detected	Web App Attack
🇩🇪 kkeyser	2026-05-26 09:34:31 (3 weeks ago)	Failed password for invalid user nitin from 185.213.154.244 port 59022 ssh2	Brute-Force SSH

Showing 1 to 15 of 411 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 182.95.187.86

🇺🇸 165.154.163.207

🇷🇺 138.124.77.177

🇺🇸 96.78.175.41

🇺🇸 216.126.239.17

🇲🇽 189.203.97.234

🇪🇸 185.121.15.184

🇺🇸 173.44.180.6

🇭🇰 144.48.241.162

🇨🇳 117.22.90.245

🇭🇰 103.72.147.77

🇮🇳 103.70.40.36

🇻🇳 103.70.12.139

🇱🇹 62.60.130.14

🇯🇵 8.216.8.118

🇨🇳 223.100.150.158

🇮🇩 103.67.80.61

🇯🇵 103.7.239.131

🇻🇳 103.7.41.144

🇻🇳 103.7.41.117