JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.213.154.247

185.213.154.247 was found in our database!

This IP was reported 103 times. Confidence of Abuse is 38%: ?

38%

ISP	31173 Services AB infrastructure in Gothenburg, SE.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS39351
Domain Name	31173.se
Country	🇸🇪 Sweden
City	Gothenburg, Vastra Gotaland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.213.154.247

Whois 185.213.154.247

IP Abuse Reports for 185.213.154.247:

This IP address has been reported a total of 103 times from 57 distinct sources. 185.213.154.247 was first reported on June 7th 2023, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-06 16:10:40 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 185.213.154.247 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.213.154.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 12:10:34.520136 2026] [security2:error] [pid 7255:tid 7260] [client 185.213.154.247:39748] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bobchaos.com"] [uri "/.git/index"] [unique_id "aiRGeg5E9dykk1JXnKPvHgAAAUE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 15:35:44 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 185.213.154.247 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.213.154.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 11:35:40.116665 2026] [security2:error] [pid 30854:tid 30854] [client 185.213.154.247:33180] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "blackballprojects.com"] [uri "/.git/index"] [unique_id "aiQ-TF88dUwyXc6rQYnUSAAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Lino Project	2026-06-06 15:19:44 (2 weeks ago)	185.213.154.247 - - [06/Jun/2026:17:19:40 +0200] "GET /.git/index HTTP/2.0" 302 477 "-" "moving-to-b ... show more 185.213.154.247 - - [06/Jun/2026:17:19:40 +0200] "GET /.git/index HTTP/2.0" 302 477 "-" "moving-to-bins/1.0" ... show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 _tom	2026-06-06 15:11:05 (2 weeks ago)	Automated report (2026-06-06T17:11:05+02:00). Caught probing for exposed Git data.	Hacking Web App Attack Open Proxy VPN IP
🇺🇸 TPI-Abuse	2026-06-06 15:04:16 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 185.213.154.247 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.213.154.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 11:04:12.038532 2026] [security2:error] [pid 28830:tid 28830] [client 185.213.154.247:58498] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bigchus.com"] [uri "/.git/index"] [unique_id "aiQ27IwbdU6DvTM3IuHldwAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 agabeckov	2026-06-01 23:45:46 (3 weeks ago)	Fail2Ban detected brute-force attempt on Cisco Anyconnect	VPN IP Brute-Force
🇩🇪 Admins@FBN	2026-06-01 23:42:48 (3 weeks ago)	VPN Logon Failed: AAA user authentication Rejected user = <flowerscgm>	Brute-Force Exploited Host
🇳🇱 EGP Abuse Dept	2026-05-31 09:00:43 (3 weeks ago)	Unsolicited connection to port 465	Port Scan Hacking
🇫🇮 notelseit	2026-05-27 09:57:49 (4 weeks ago)	2026-05-27T11:57:41.186055+02:00 mail postfix/smtps/smtpd[2848110]: warning: unknown[185.213.154.247 ... show more 2026-05-27T11:57:41.186055+02:00 mail postfix/smtps/smtpd[2848110]: warning: unknown[185.213.154.247]: SASL LOGIN authentication failed: (reason unavailable), [email protected] 2026-05-27T11:57:41.283381+02:00 mail postfix/smtps/smtpd[2848110]: disconnect from unknown[185.213.154.247] ehlo=1 auth=0/1 quit=1 commands=2/3 2026-05-27T11:57:48.260627+02:00 mail postfix/submission/smtpd[2847999]: warning: unknown[185.213.154.247]: SASL LOGIN authentication failed: (reason unavailable), [email protected] ... show less	Brute-Force Email Spam
🇩🇪 conseilgouz	2026-05-17 23:30:45 (1 month ago)	ave-12 : Block return, carriage return, ... characters=>/plan-du-site?id=1&view=html%27(')	Hacking
Anonymous	2026-05-14 01:49:06 (1 month ago)	Try to connect to Port_Scan_51820_stealth	Port Scan
🇭🇺 Lacika555	2026-05-10 12:36:13 (1 month ago)	RdpGuard detected brute-force attempt on SMTP	Brute-Force
🇫🇮 notelseit	2026-05-10 11:35:32 (1 month ago)	2026-05-10T13:28:06.564103+02:00 mail dovecot: imap-login: Disconnected: Connection closed (auth fai ... show more 2026-05-10T13:28:06.564103+02:00 mail dovecot: imap-login: Disconnected: Connection closed (auth failed, 1 attempts in 2 secs): user=<[email protected]>, method=PLAIN, rip=185.213.154.247, lip=65.21.131.50, TLS, session=<mEBu7HRR09y51Zr3> 2026-05-10T13:31:44.024475+02:00 mail dovecot: auth-worker(83317): conn unix:auth-worker (pid=4247,uid=110): auth-worker<179>: sql([email protected],185.213.154.247,<WsR8+XRR1ca51Zr3>): Password mismatch 2026-05-10T13:31:46.121228+02:00 mail dovecot: imap-login: Disconnected: Connection closed (auth failed, 1 attempts in 2 secs): user=<[email protected]>, method=PLAIN, rip=185.213.154.247, lip=65.21.131.50, TLS, session=<WsR8+XRR1ca51Zr3> 2026-05-10T13:35:30.126631+02:00 mail dovecot: auth-worker(83317): conn unix:auth-worker (pid=4247,uid=110): auth-worker<199>: sql([email protected],185.213.154.247,<+c/2BnVRGee51Zr3>): Password mismatch 2026-05-10T13:35:32.223967+02:00 mail dovecot: imap-login: Disconnected: Connection cl ... show less	Brute-Force Email Spam
Anonymous	2026-05-07 06:10:04 (1 month ago)	BruteForce IMAP/POP3/SMTP	Brute-Force
🇩🇪 CELOS-SOC	2026-04-30 04:32:13 (1 month ago)	Multiple Unauthorized SSLVPN Login Attempts	Hacking Brute-Force

Showing 1 to 15 of 103 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇬 152.42.183.183

🇳🇱 81.19.216.70

🇬🇧 35.203.210.95

🇹🇼 34.81.230.204

🇺🇸 2607:ff10:c8:594::d

🇺🇸 195.184.76.91

🇻🇳 171.244.63.18

🇺🇸 147.185.132.191

🇺🇸 91.230.168.255

🇺🇸 91.230.168.252

🇺🇸 47.251.108.216

🇲🇾 47.250.40.21

🇧🇷 34.95.181.133

🇰🇪 197.138.145.10

🇵🇪 161.132.54.218

🇨🇳 150.255.38.152

🇨🇳 124.66.1.228

🇨🇳 124.31.104.107

🇨🇳 123.245.85.70

🇨🇳 120.76.158.232