AbuseIPDB » 185.220.100.252

Check an IP Address, Domain Name, or Subnet

e.g. 3.236.46.172, microsoft.com, or 5.188.10.0/24

185.220.100.252 was found in our database!

This IP was reported 15,524 times. Confidence of Abuse is 100%: ?

100%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	F3 Netze E.V.
Usage Type	Data Center/Web Hosting/Transit
Hostname(s)	tor-exit-1.zbau.f3netze.de
Domain Name	f3netze.de
Country	Germany
City	Hassfurt, Bayern

IP info including ISP, Usage Type, and Location provided by IP2Location. Updated monthly.

Report 185.220.100.252

Whois 185.220.100.252

IP Abuse Reports for 185.220.100.252:

This IP address has been reported a total of 15,524 times from 626 distinct sources. 185.220.100.252 was first reported on November 21st 2020, and the most recent report was 15 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	Date	Comment	Categories
ThreatBook.io	15 hours ago	ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/185.220.100.252 ... show moreThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/185.220.100.252 2023-09-20 18:49:39 /favicon.ico show less	Web App Attack
Anonymous	21 hours ago	plussize.fitness 185.220.100.252 [20/Sep/2023:20:21:39 +0200] "POST /xmlrpc.php HTTP/1.1" 200 5451 " ... show moreplussize.fitness 185.220.100.252 [20/Sep/2023:20:21:39 +0200] "POST /xmlrpc.php HTTP/1.1" 200 5451 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-en) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4" plussize.fitness 185.220.100.252 [20/Sep/2023:20:21:41 +0200] "POST /xmlrpc.php HTTP/1.1" 200 5451 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-en) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4" show less	Web App Attack
tmiland	20 Sep 2023	(wordpress_xmlrpc) WordPress XMLPRC Attack 185.220.100.252 (DE/Germany/tor-exit-1.zbau.f3netze.de): ... show more(wordpress_xmlrpc) WordPress XMLPRC Attack 185.220.100.252 (DE/Germany/tor-exit-1.zbau.f3netze.de): 3 in the last 3600 secs show less	Blog Spam Brute-Force Web App Attack
Leo Lemos	20 Sep 2023	185.220.100.252 - - [20/Sep/2023:12:19:02 -0300] "POST /xmlrpc.php HTTP/1.1" 200 6889 "-" "Mozilla/5 ... show more185.220.100.252 - - [20/Sep/2023:12:19:02 -0300] "POST /xmlrpc.php HTTP/1.1" 200 6889 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36" 185.220.100.252 - - [20/Sep/2023:12:19:03 -0300] "POST /xmlrpc.php HTTP/1.1" 200 6889 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36" 185.220.100.252 - - [20/Sep/2023:12:19:04 -0300] "POST /xmlrpc.php HTTP/1.1" 200 6889 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36" 185.220.100.252 - - [20/Sep/2023:12:19:06 -0300] "POST /xmlrpc.php HTTP/1.1" 200 6889 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36" show less	Brute-Force Web App Attack
plzenskypruvodce.cz	20 Sep 2023	[Wed Sep 20 04:12:36.581639 2023] [access_compat:error] [pid 1596102:tid 139831627597568] [client 18 ... show more[Wed Sep 20 04:12:36.581639 2023] [access_compat:error] [pid 1596102:tid 139831627597568] [client 185.220.100.252:26925] AH01797: client denied by server configuration: /var/www/lubosluka.com/www/xmlrpc.php [Wed Sep 20 04:12:36.883913 2023] [access_compat:error] [pid 1596102:tid 139831501903616] [client 185.220.100.252:26925] AH01797: client denied by server configuration: /var/www/lubosluka.com/www/xmlrpc.php ... show less	Web App Attack
ThreatBook.io	20 Sep 2023	ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/185.220.100.252 ... show moreThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/185.220.100.252 2023-09-19 11:12:59 / 2023-09-19 11:13:00 / show less	Web App Attack
cusezar.com	19 Sep 2023	185.220.100.252 /xmlrpc.php	Brute-Force
Steve	19 Sep 2023	Abuse of XMLRPC	Brute-Force Web App Attack
Kenshin869	18 Sep 2023	Wordpress unauthorized access attempt	Brute-Force
expandmade.com	18 Sep 2023	unauthorized rest api call [18/Sep/2023:03:25:14 "GET /wp-json/wp/v2/users/5"]	Web App Attack
ISPLtd	17 Sep 2023	Sep 17 10:04:30 SRC=185.220.100.252 PROTO=TCP SPT=16901 DPT=5889 SYN Sep 17 10:04:31 SRC=185.2 ... show moreSep 17 10:04:30 SRC=185.220.100.252 PROTO=TCP SPT=16901 DPT=5889 SYN Sep 17 10:04:31 SRC=185.220.100.252 PROTO=TCP SPT=16901 DPT=5889 SYN Sep 17 10:04:33 SRC=185.220.100.252 PROTO=TCP SPT=16901 DPT=5889 WIND ... show less	Port Scan
icllc-webadmin	17 Sep 2023	[Sun Sep 17 05:06:49.679115 2023] [access_compat:error] [pid 38655] [client 185.220.100.252:50323] A ... show more[Sun Sep 17 05:06:49.679115 2023] [access_compat:error] [pid 38655] [client 185.220.100.252:50323] AH01797: client denied by server configuration: /var/www/gaylydaily.us/html/xmlrpc.php [Sun Sep 17 05:06:49.905747 2023] [access_compat:error] [pid 38655] [client 185.220.100.252:50323] AH01797: client denied by server configuration: /var/www/gaylydaily.us/html/xmlrpc.php [Sun Sep 17 05:06:50.051510 2023] [access_compat:error] [pid 38655] [client 185.220.100.252:50323] AH01797: client denied by server configuration: /var/www/gaylydaily.us/html/xmlrpc.php [Sun Sep 17 05:06:50.226413 2023] [access_compat:error] [pid 38655] [client 185.220.100.252:50323] AH01797: client denied by server configuration: /var/www/gaylydaily.us/html/xmlrpc.php ... show less	Hacking Brute-Force
woutvde	17 Sep 2023		Web App Attack
ThreatBook.io	17 Sep 2023	ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/185.220.100.252 ... show moreThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/185.220.100.252 2023-09-16 05:38:05 /apple-touch-icon.png show less	Web App Attack
Tha_14	16 Sep 2023	Limit on login attempts is reached	Brute-Force