JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.213.155.131

185.213.155.131 was found in our database!

This IP was reported 195 times. Confidence of Abuse is 0%: ?

ISP	31173 Services AB infrastructure in Frankfurt, DE.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS39351
Domain Name	31173.se
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.213.155.131

Whois 185.213.155.131

IP Abuse Reports for 185.213.155.131:

This IP address has been reported a total of 195 times from 71 distinct sources. 185.213.155.131 was first reported on March 20th 2023, and the most recent report was 6 months ago.

Old Reports: The most recent abuse report for this IP address is from 6 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2025-12-03 05:57:12 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 185.213.155.131 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.213.155.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 03 00:57:05.810535 2025] [security2:error] [pid 4144:tid 4144] [client 185.213.155.131:54387] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "slimlaw.com"] [uri "/.git/HEAD"] [unique_id "aS_RMVh7I4ZAh-1sYi7amAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 SilverZippo	2025-12-02 11:18:30 (6 months ago)	Web App Attack	Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 09:11:34 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 185.213.155.131 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.213.155.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 04:11:27.769125 2025] [security2:error] [pid 31560:tid 31560] [client 185.213.155.131:65297] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "boblog111.com"] [uri "/.git/HEAD"] [unique_id "aS6tP3hKNHJowfr4nMP-XQAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 betternews.app	2025-11-28 04:39:25 (6 months ago)	"a web request contained keyword ".git"; Suspicious URL: /.git/HEAD"	Web Spam Blog Spam Brute-Force Bad Web Bot Web App Attack
🇬🇧 SecondEdge	2025-11-27 16:52:31 (6 months ago)	A web attack was detected from 185.213.155.131 (Germany / Hesse / Frankfurt am Main) against second- ... show more A web attack was detected from 185.213.155.131 (Germany / Hesse / Frankfurt am Main) against second-edge.com (Git Variable Scan) over 4m51s. show less	Web App Attack
🇳🇱 jjnxpct	2025-11-21 04:46:42 (7 months ago)	Automated security incident from hosting server. ModSecurity blocked suspicious request targeting UR ... show more Automated security incident from hosting server. ModSecurity blocked suspicious request targeting URI: /.git/HEAD (Rule ID: 930130) - Restricted File Access Attempt [Suspicious: .git/ found within REQUEST_FILENAME: /.git/HEAD] show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-11-20 13:57:43 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 185.213.155.131 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.213.155.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 20 08:57:40.239483 2025] [security2:error] [pid 2363787:tid 2363802] [client 185.213.155.131:52536] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "batonrougegazette.com"] [uri "/.git/HEAD"] [unique_id "aR8eVGqVKtWNY0OFX1b23QAAAUM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 kosada.com	2025-11-20 02:58:44 (7 months ago)	Web vulnerability probing: /.git/HEAD	Web App Attack
🇬🇧 CrystalMaker	2025-11-18 15:17:14 (7 months ago)	Vulnerability scan - GET /.git/HEAD; GET /.git/HEAD	Hacking
🇫🇷 ingroscart.it	2025-11-18 05:37:53 (7 months ago)	(mod_security) mod_security triggered on hostname [redacted] 185.213.155.131 (DE/Germany/-)	SQL Injection
🇺🇸 TPI-Abuse	2025-11-18 05:20:20 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 185.213.155.131 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.213.155.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 18 00:20:15.536209 2025] [security2:error] [pid 1170:tid 1170] [client 185.213.155.131:55239] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "onward.ws"] [uri "/.git/HEAD"] [unique_id "aRwCDxJAdEvehYbR1l_D1QAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-17 23:59:27 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 185.213.155.131 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.213.155.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 17 18:59:21.491729 2025] [security2:error] [pid 25612:tid 25612] [client 185.213.155.131:56874] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "compassionfatigue.org"] [uri "/.git/HEAD"] [unique_id "aRu22X64srlaoD-us60s_AAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 Asimar	2025-11-17 11:31:16 (7 months ago)	(mod_security) mod_security triggered on hostname [redacted] 185.213.155.131 (DE/Germany/-): (CF_EN ... show more (mod_security) mod_security triggered on hostname [redacted] 185.213.155.131 (DE/Germany/-): (CF_ENABLE) show less	SQL Injection
🇩🇪 [email protected]	2025-11-17 10:59:48 (7 months ago)	mashauri-courses.org:80 185.213.155.131 - - [17/Nov/2025:10:59:39 +0000] "GET /.git/HEAD HTTP/1.1" 3 ... show more mashauri-courses.org:80 185.213.155.131 - - [17/Nov/2025:10:59:39 +0000] "GET /.git/HEAD HTTP/1.1" 301 672 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" mashauri-courses.org:443 185.213.155.131 - - [17/Nov/2025:10:59:43 +0000] "GET /.git/HEAD HTTP/1.1" 403 3688 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" mashauri-courses.org:80 185.213.155.131 - - [17/Nov/2025:10:59:47 +0000] "GET /.git/HEAD HTTP/1.1" 301 616 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" ... show less	Web App Attack
🇫🇮 as211431.net	2025-11-17 10:06:32 (7 months ago)	Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /.git/HEAD UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot

Showing 1 to 15 of 195 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇯🇵 72.63.109.226

🇹🇭 202.29.228.248

🇺🇸 136.112.177.137

🇩🇪 69.5.169.85

🇧🇷 45.205.1.242

🇫🇷 13.140.180.48

🇰🇬 212.241.4.182

🇰🇷 211.62.73.218

🇵🇱 194.180.49.219

🇬🇧 35.203.210.239

🇨🇳 27.18.58.237

🇬🇧 2a06:4880:c000::f6

🇦🇷 186.158.33.57

🇳🇱 185.223.235.48

🇮🇳 182.95.230.74

🇿🇦 160.119.253.30

🇫🇷 91.231.89.141

🇺🇸 65.49.1.120

🇺🇸 64.62.197.190

🇱🇹 45.227.254.170