JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.213.155.197

185.213.155.197 was found in our database!

This IP was reported 241 times. Confidence of Abuse is 100%: ?

100%

ISP	31173 Services AB infrastructure in Frankfurt, DE.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS39351
Domain Name	31173.se
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.213.155.197

Whois 185.213.155.197

IP Abuse Reports for 185.213.155.197:

This IP address has been reported a total of 241 times from 131 distinct sources. 185.213.155.197 was first reported on March 26th 2023, and the most recent report was 5 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇺 clapper	2026-06-22 22:46:51 (5 hours ago)	(mod_security) mod_security (id:949110) triggered by 185.213.155.197 (DE/Germany/-): 5 in the last 6 ... show more (mod_security) mod_security (id:949110) triggered by 185.213.155.197 (DE/Germany/-): 5 in the last 600 secs; ID: rub show less	Brute-Force Bad Web Bot
🇨🇭 4server	2026-06-22 21:25:37 (6 hours ago)	[MonJun2223:25:31.3375442026][security2:error][pid3164729:tid3164734][client185.213.155.197:0]ModSec ... show more [MonJun2223:25:31.3375442026][security2:error][pid3164729:tid3164734][client185.213.155.197:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"fondazionemontgrand.ch\"][uri\"/\"][unique_id\"ajmoS4xLf6qFlkKCDoPWTgAAAEM\"]\,referer:http://fondazionemontgrand.ch show less	Hacking Web App Attack
🇺🇸 Gabriel Camargo	2026-06-22 21:05:57 (7 hours ago)	185.213.155.197 - - [22/Jun/2026:16:05:36 -0500] "GET / HTTP/1.1" 301 178 "http://jersalud.isismaweb ... show more 185.213.155.197 - - [22/Jun/2026:16:05:36 -0500] "GET / HTTP/1.1" 301 178 "http://jersalud.isismaweb.com" "Mozilla/5.0 (X11; Linux x86_64; rv:1.9.6.20) Gecko/ Firefox/3.6.11" 185.213.155.197 - - [22/Jun/2026:16:05:46 -0500] "GET / HTTP/1.1" 301 178 "http://jersalud.isismaweb.com" "Mozilla/5.0 (X11; Linux x86_64; rv:1.9.6.20) Gecko/ Firefox/3.6.11" 185.213.155.197 - - [22/Jun/2026:16:05:56 -0500] "GET / HTTP/1.1" 301 178 "http://jersalud.isismaweb.com" "Mozilla/5.0 (X11; Linux x86_64; rv:1.9.6.20) Gecko/ Firefox/3.6.11" ... show less	Brute-Force SSH
🇪🇸 masterguru	2026-06-22 07:59:29 (20 hours ago)	Inbound Anomaly Score Exceeded (Total Score: 5). Operator GE matched 5 at TX:anomaly_score. (949110- ... show more Inbound Anomaly Score Exceeded (Total Score: 5). Operator GE matched 5 at TX:anomaly_score. (949110-122) show less	Hacking
🇩🇪 4server	2026-06-22 04:34:36 (23 hours ago)	[MonJun2206:34:32.0527152026][security2:error][pid1552808:tid1552875][client185.213.155.197:0]ModSec ... show more [MonJun2206:34:32.0527152026][security2:error][pid1552808:tid1552875][client185.213.155.197:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"special-home.ch\"][uri\"/\"][unique_id\"aji7WIIXHBtaOalxwTeyTAAAAAk\"]\,referer:https://special-home.ch show less	Port Scan Brute-Force Web App Attack
🇮🇪 tarlabs	2026-06-21 18:32:59 (1 day ago)	IP banned by Fail2Ban (TLS jail)	Hacking
Anonymous	2026-06-21 14:04:57 (1 day ago)	Ports: *; Direction: 0; Trigger: CT_LIMIT	Brute-Force SSH
🇨🇭 Ribeye375	2026-06-21 12:10:17 (1 day ago)	HIPS apache-modsecurity - Block tcp/http,https	Web App Attack
Anonymous	2026-06-21 02:14:12 (2 days ago)	Bot / seems abusive / Apache connections: 20	DDoS Attack Web Spam Bad Web Bot Web App Attack
Anonymous	2026-06-21 01:25:11 (2 days ago)	IP banned by Fail2Ban in jail nginx-abusive-ips	Web App Attack Brute-Force Bad Web Bot
🇺🇸 Starburst SysOp Team	2026-06-20 20:50:15 (2 days ago)	Malware host (X-Forwarded-For) detected by rbl.malware.expert. RBL lookup of 197.155.213.185.rbl.mal ... show more Malware host (X-Forwarded-For) detected by rbl.malware.expert. RBL lookup of 197.155.213.185.rbl.malware.expert succeeded at REQUEST_HEADERS:x-forwarded-for. (1001000-mnz6-3) show less	Hacking
🇩🇪 4server	2026-06-20 09:43:27 (2 days ago)	[SatJun2011:43:24.9409202026][security2:error][pid2406918:tid2406990][client185.213.155.197:0]ModSec ... show more [SatJun2011:43:24.9409202026][security2:error][pid2406918:tid2406990][client185.213.155.197:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"bozza.avcolor.ch\"][uri\"/\"][unique_id\"ajZgvI5-1gPvLRbirtAJagAAAIs\"]\,referer:https://bozza.avcolor.ch show less	Port Scan Brute-Force Web App Attack
🇩🇪 grassau.com	2026-06-20 08:57:26 (2 days ago)	Port Scan detected from 185.213.155.197 (DE/Germany/Hesse/Frankfurt am Main/-).	Port Scan
Anonymous	2026-06-19 21:10:16 (3 days ago)	IP banned by Fail2Ban in jail nginx-abusive-ips	Web App Attack Brute-Force Bad Web Bot
🇫🇷 Rom74	2026-06-19 18:51:21 (3 days ago)	[Fri Jun 19 20:51:16.596685 2026] [security2:error] [pid 47729:tid 130967471548096] [client 185.213. ... show more [Fri Jun 19 20:51:16.596685 2026] [security2:error] [pid 47729:tid 130967471548096] [client 185.213.155.197:58000] [client 185.213.155.197] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nextcloud.ton-espace.com"] [uri "/"] [unique_id "ajWPpPNwNrx2gLumcAtM9QAAAEM"], referer: https://nextcloud.ton-espace.com [Fri Jun 19 20:51:20.233454 2026] [security2:error] [pid 47729:tid 130966521616064] [client 185.213.155.197:58010] [client 185.213.155.197] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id ... show less	Web App Attack

Showing 1 to 15 of 241 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 209.50.183.115

🇹🇳 196.238.166.12

🇺🇸 192.3.37.46

🇳🇬 102.140.97.134

🇺🇸 98.89.204.118

🇱🇹 91.224.92.17

🇵🇰 58.65.216.55

🇺🇸 45.79.168.172

🇨🇦 45.3.41.128

🇺🇸 45.3.39.251

🇺🇸 45.3.39.49

🇺🇸 34.230.221.101

🇵🇪 2620:0:877:5100::44

🇰🇷 222.239.251.12

🇩🇪 209.50.191.42

🇺🇸 207.90.244.25

🇩🇪 104.207.54.26

🇳🇱 91.92.40.4

🇬🇧 89.37.172.137

🇬🇧 89.37.172.135