JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.220.101.148

185.220.101.148 was found in our database!

This IP was reported 5,936 times. Confidence of Abuse is 100%: ?

100%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	CIA TRIAD SECURITY LLC
Usage Type	Commercial
ASN	AS60729
Hostname(s)	tor-exit-148.relayon.org
Domain Name	relayon.org
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.220.101.148

Whois 185.220.101.148

IP Abuse Reports for 185.220.101.148:

This IP address has been reported a total of 5,936 times from 816 distinct sources. 185.220.101.148 was first reported on November 21st 2020, and the most recent report was 34 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 raph	2026-06-25 18:01:59 (34 minutes ago)	[SQL UNION SELECT] f2b match %{+Q}r for ^.haproxy\[[0-9]+\]: <HOST>:. (GET \|POST ).\?.(UNION%20\| ... show more [SQL UNION SELECT] f2b match %{+Q}r for ^.haproxy\[[0-9]+\]: <HOST>:. (GET \|POST ).\?.(UNION%20\|union%20\|SELECT%20\|select%20).* HTTP/1.1$ show less	SQL Injection
🇪🇸 Francisco Vallejo	2026-06-24 07:52:19 (1 day ago)	2026-06-24T09:46:39.910922+02:00 localhost sshd[1827774]: Failed password for invalid user nagios fr ... show more 2026-06-24T09:46:39.910922+02:00 localhost sshd[1827774]: Failed password for invalid user nagios from 185.220.101.148 port 49615 ssh2 2026-06-24T09:52:13.292474+02:00 localhost sshd[1829179]: Invalid user ubuntu from 185.220.101.148 port 26065 2026-06-24T09:52:13.442631+02:00 localhost sshd[1829179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.220.101.148 2026-06-24T09:52:15.875610+02:00 localhost sshd[1829179]: Failed password for invalid user ubuntu from 185.220.101.148 port 26065 ssh2 2026-06-24T09:52:18.506544+02:00 localhost sshd[1829179]: Failed password for invalid user ubuntu from 185.220.101.148 port 26065 ssh2 ... show less	Brute-Force SSH
🇫🇮 as211431.net	2026-06-23 17:51:53 (2 days ago)	Triggered Cloudflare WAF (firewallCustom) from T1. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from T1. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /.DS_Store UA: Go-http-client/1.1 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇳🇱 Site.eu	2026-06-22 18:24:54 (3 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇮🇩 securejdprop	2026-06-22 06:47:49 (3 days ago)	This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET TOR Known Tor E ... show more This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET TOR Known Tor Exit Node Traffic group 36). Ip 185.220.101.148 performed 'crowdsecurity/suricata-major-severity' (1 events over 0s) at 2026-06-22 06:47:48.445349277 +0000 UTC show less	Hacking Web App Attack
🇬🇧 relianoid.com	2026-06-22 05:11:32 (3 days ago)	POST Abuse detected by Relianoid OSS Load Balancer - relianoid.com	Web Spam
🇩🇪 tentwentyfour	2026-06-19 19:10:54 (5 days ago)	Blocked for brute-forcing WordPress log-in	Brute-Force Web App Attack
🇷🇴 eddy.ro	2026-06-18 07:42:42 (1 week ago)	[Thu Jun 18 10:42:40.890061 2026] [php:error] [pid 2222093] [client 185.220.101.148:10961] script '/ ... show more [Thu Jun 18 10:42:40.890061 2026] [php:error] [pid 2222093] [client 185.220.101.148:10961] script '/var/www/html/index.php' not found or unable to stat [Thu Jun 18 10:42:41.034001 2026] [php:error] [pid 2222093] [client 185.220.101.148:10961] script '/var/www/html/index.php' not found or unable to stat [Thu Jun 18 10:42:41.158877 2026] [php:error] [pid 2222093] [client 185.220.101.148:10961] script '/var/www/html/index.php' not found or unable to stat [Thu Jun 18 10:42:41.266749 2026] [php:error] [pid 2222093] [client 185.220.101.148:10961] script '/var/www/html/index.php' not found or unable to stat [Thu Jun 18 10:42:41.382229 2026] [php:error] [pid 2222093] [client 185.220.101.148:10961] script '/var/www/html/index.php' not found or unable to stat [Thu Jun 18 10:42:41.473070 2026] [php:error] [pid 2222093] [client 185.220.101.148:10961] script '/var/www/html/index.php' not found or unable to stat ... show less	DDoS Attack Web App Attack
🇺🇸 antlac1	2026-06-17 05:03:19 (1 week ago)	crowdsecurity/http-bad-user-agent	Brute-Force Web App Attack
🇩🇪 LRob.fr	2026-06-16 14:15:08 (1 week ago)	Repeated attacks detected by Fail2Ban in recidive jail	Hacking
🇩🇪 LRob.fr	2026-06-15 15:45:03 (1 week ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇩🇪 anycast_ac	2026-06-15 14:26:49 (1 week ago)	[DDoS Attacker] This IP was attacking website nucleardlc.fun and sent 12710 requests on port 443	DDoS Attack Web App Attack
🇦🇺 screwlooseit.com.au	2026-06-14 16:02:31 (1 week ago)	Blocked by CSF 13 firewall - Rule: WPLOGIN DE/Germany/tor-exit-148.relayon.org	Web App Attack
🇩🇪 big-cloud.nl	2026-06-13 04:19:10 (1 week ago)	Try to access /xmlrpc.php	Web App Attack
🇫🇷 MatStef132	2026-06-12 22:49:18 (1 week ago)	MatShield L7: blocked on mathost.eu (ua-quarantined)	Bad Web Bot

Showing 1 to 15 of 5936 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇭 209.99.189.177

🇧🇪 35.187.13.22

🇱🇰 220.247.247.150

🇧🇷 187.120.73.135

🇮🇩 43.243.142.42

🇮🇳 182.79.83.98

🇯🇵 160.251.140.254

🇺🇸 157.245.141.140

🇺🇸 147.182.183.153

🇰🇷 118.33.113.91

🇮🇩 103.186.31.66

🇮🇩 103.168.135.187

🇺🇸 103.143.231.2

🇪🇸 82.223.49.203

🇨🇳 49.234.59.241

🇳🇱 20.229.115.183

🇩🇪 217.154.77.185

🇪🇸 158.158.49.166

🇺🇸 147.185.132.187

🇧🇬 91.191.209.118