JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.213.155.237

185.213.155.237 was found in our database!

This IP was reported 32 times. Confidence of Abuse is 19%: ?

19%

ISP	31173 Services AB infrastructure in Frankfurt, DE.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS39351
Domain Name	31173.se
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.213.155.237

Whois 185.213.155.237

IP Abuse Reports for 185.213.155.237:

This IP address has been reported a total of 32 times from 21 distinct sources. 185.213.155.237 was first reported on April 25th 2024, and the most recent report was 13 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 sipio	2026-06-19 15:08:09 (13 hours ago)	SIP brute force / scan (30 attempts/min) on SBC node	DDoS Attack FTP Brute-Force Hacking
🇩🇪 FeG Deutschland	2026-05-22 23:05:26 (4 weeks ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 2	Exploited Host Web App Attack
🇫🇷 conseilgouz	2026-05-19 08:49:43 (1 month ago)	loe-12 : Block return, carriage return, ... characters=>/kunena/lm-mailmodif/feed?format=feed%27&amp ... show more loe-12 : Block return, carriage return, ... characters=>/kunena/lm-mailmodif/feed?format=feed%27&type=rss(') show less	Hacking
🇺🇸 TPI-Abuse	2026-05-19 06:48:16 (1 month ago)	(mod_security) mod_security (id:211180) triggered by 185.213.155.237 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:211180) triggered by 185.213.155.237 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 19 02:48:11.179239 2026] [security2:error] [pid 19115:tid 19123] [client 185.213.155.237:23870] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "50"] [id "211180"] [rev "3"] [msg "COMODO WAF: Session Fixation: SessionID Parameter Name with No Referer\|\|www.aafm.us\|F\|2"] [data "Matched Data: phpsessid found within REQUEST_HEADERS: 0"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.aafm.us"] [uri "/providers.php"] [unique_id "agwHq78A0NH7i_iVSbkSTgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-02-09 04:12:29 (4 months ago)	Blocked by UFW (TCP on 51413) Source port: 50574 TTL: 117 Packet length: 52 TOS: 0x00 This report ( ... show more Blocked by UFW (TCP on 51413) Source port: 50574 TTL: 117 Packet length: 52 TOS: 0x00 This report (for 185.213.155.237) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
Anonymous	2026-01-29 05:06:44 (4 months ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
Anonymous	2026-01-05 05:35:34 (5 months ago)	Malicious activity detected	Hacking Web App Attack
🇺🇸 fortypoundhead	2025-12-12 21:28:02 (6 months ago)	SQL Injection Attempt	SQL Injection Web App Attack
🇺🇸 LockBlock	2025-12-03 05:24:21 (6 months ago)	2025-12-03 05:24:21: Minecraft server scan detected from 185.213.155.237 on port 25565 of racknerd-e ... show more 2025-12-03 05:24:21: Minecraft server scan detected from 185.213.155.237 on port 25565 of racknerd-e7e1a9 show less	Port Scan
🇺🇸 cpxducky	2025-12-03 05:24:19 (6 months ago)	2025-12-03 05:24:19: Minecraft server scan detected from 185.213.155.237 on port 25565 of mail.cpxdu ... show more 2025-12-03 05:24:19: Minecraft server scan detected from 185.213.155.237 on port 25565 of mail.cpxducky.com show less	Port Scan
🇳🇱 FREAKISH	2025-12-03 05:24:11 (6 months ago)	2025-12-03 06:24:11: Minecraft server scan detected from 185.213.155.237 on port 25565 of 127.0.0.1	Port Scan
🇺🇸 myagent.site	2025-11-28 09:30:59 (6 months ago)	Blocking for trying to access an exploit file: /wp-config.php.BAK	Hacking
🇺🇸 TPI-Abuse	2025-11-28 08:30:32 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 185.213.155.237 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.213.155.237 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 28 03:30:24.645337 2025] [security2:error] [pid 21828:tid 21828] [client 185.213.155.237:34036] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "surrenderhouse.com"] [uri "/wp-config.php.old"] [unique_id "aSldoMOM-9XCmLNetWSi6QAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇦 URAN Publishing Service	2025-11-28 08:13:18 (6 months ago)	185.213.155.237 - - [28/Nov/2025:10:13:17 +0200] "GET /wp-config.php.SAVE HTTP/1.1" 404 277 "-" "Moz ... show more 185.213.155.237 - - [28/Nov/2025:10:13:17 +0200] "GET /wp-config.php.SAVE HTTP/1.1" 404 277 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2025-11-28 07:39:09 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 185.213.155.237 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.213.155.237 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 28 02:39:04.246803 2025] [security2:error] [pid 7927:tid 7927] [client 185.213.155.237:47540] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "surf-sci-eng.com"] [uri "/wp-config.php.dist"] [unique_id "aSlRmEaqt9jrTDKfmZepPAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 32 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 198.235.24.107

🇺🇸 72.48.27.34

🇹🇼 211.72.207.199

🇨🇭 209.99.189.177

🇩🇪 209.50.183.10

🇨🇦 209.50.177.129

🇺🇸 107.174.125.28

🇳🇱 45.156.87.7

🇳🇱 45.142.193.169

🇺🇸 45.3.51.255

🇩🇪 45.3.44.155

🇦🇷 186.137.180.72

🇨🇴 186.98.211.49

🇨🇦 184.160.96.106

🇵🇹 176.79.152.203

🇺🇸 172.98.32.10

🇩🇪 165.232.117.238

🇩🇪 151.123.177.74

🇮🇳 117.202.213.157

🇩🇪 104.207.55.223