JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.223.152.139

185.223.152.139 was found in our database!

This IP was reported 434 times. Confidence of Abuse is 98%: ?

98%

ISP	Invermae Solutions SL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396356
Domain Name	netutils.io
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.223.152.139

Whois 185.223.152.139

IP Abuse Reports for 185.223.152.139:

This IP address has been reported a total of 434 times from 166 distinct sources. 185.223.152.139 was first reported on December 24th 2023, and the most recent report was 8 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 neckaralb-admin.de	2026-06-29 03:05:32 (8 hours ago)	(wordpress) Failed login wp-login.php or xmlrpc.php	Web App Attack
🇪🇸 masterguru	2026-06-27 05:31:56 (2 days ago)	wp-login request blocked, no referer. Pattern match "wp-login.php" at REQUEST_URI. (5001900-122)	Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 10:36:35 (3 days ago)	(mod_security) mod_security (id:234930) triggered by 185.223.152.139 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:234930) triggered by 185.223.152.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 06:36:30.713496 2026] [security2:error] [pid 26430:tid 26430] [client 185.223.152.139:49913] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)\|\|jrqdesign.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "jrqdesign.com"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "aj5WLkGXWSe2Y2vcTCpUmQAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-26 10:28:40 (3 days ago)	"GET /wp-admin/shell.php HTTP/1.1"	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 09:48:58 (3 days ago)	(mod_security) mod_security (id:234930) triggered by 185.223.152.139 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:234930) triggered by 185.223.152.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 05:48:50.631289 2026] [security2:error] [pid 9654:tid 9654] [client 185.223.152.139:58809] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6787"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)\|\|jessemack.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "jessemack.com"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "aj5LAqd4kWlkv3I4eyPMAgAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Octopuce	2026-06-26 09:43:48 (3 days ago)	Aggressive web search of vulnerable pages: /wp-login.php /wp-includes/js/tinymce/themes/about.php /m ... show more Aggressive web search of vulnerable pages: /wp-login.php /wp-includes/js/tinymce/themes/about.php /mah/function.php /wp-content/themes/admin.ph ... show less	Web App Attack
🇺🇸 Lee Daniel	2026-06-26 01:53:02 (3 days ago)	185.223.152.139 - - [25/Jun/2026:21:52:58 -0400] "GET /wp-includes/ HTTP/1.1" 404 39074 "http://seas ... show more 185.223.152.139 - - [25/Jun/2026:21:52:58 -0400] "GET /wp-includes/ HTTP/1.1" 404 39074 "http://seasiderealtybarbados.com/wp-includes/" "Go-http-client/2.0" 185.223.152.139 - - [25/Jun/2026:21:52:58 -0400] "GET /wp-includes/blocks/details/ HTTP/1.1" 404 39097 "http://seasiderealtybarbados.com/wp-includes/blocks/details/" "Go-http-client/2.0" 185.223.152.139 - - [25/Jun/2026:21:52:59 -0400] "GET /wp-content/buy.php HTTP/1.1" 404 39083 "http://seasiderealtybarbados.com/wp-content/buy.php" "Go-http-client/2.0" 185.223.152.139 - - [25/Jun/2026:21:53:00 -0400] "GET /wp-includes/sodium_compat/lib/ HTTP/1.1" 404 39100 "http://seasiderealtybarbados.com/wp-includes/sodium_compat/lib/" "Go-http-client/2.0" 185.223.152.139 - - [25/Jun/2026:21:53:01 -0400] "GET /wp-includes/blocks/image/ HTTP/1.1" 404 39095 "http://seasiderealtybarbados.com/wp-includes/blocks/image/" "Go-http-client/2.0" ... show less	DDoS Attack Web Spam Email Spam Port Scan Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-17 15:28:41 (1 week ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
Anonymous	2026-06-15 09:21:53 (2 weeks ago)	(mod_security) mod_security triggered on hostname [redacted])	SQL Injection
🇺🇸 WeekendWeb	2026-06-12 19:25:59 (2 weeks ago)	Wordpress Vunerability attack	Web App Attack
Anonymous	2026-06-11 05:50:13 (2 weeks ago)	(mod_security) mod_security triggered on hostname [redacted] 185.223.152.139 (US/United States/-)	SQL Injection
🇺🇸 nyt	2026-06-09 00:55:13 (2 weeks ago)	Brute-Force, Web App Attack, suspicious: WP login POST blocked by WAF	Brute-Force Web App Attack
🇬🇧 poundawebsiteltd	2026-06-08 23:49:03 (2 weeks ago)	WP Exploit attempt. Evidence: [REDACTED_DOMAIN]:443 185.223.152.139 - - [09/Jun/2026:00:48:57 +0100] ... show more WP Exploit attempt. Evidence: [REDACTED_DOMAIN]:443 185.223.152.139 - - [09/Jun/2026:00:48:57 +0100] POST /wp-login.php HTTP/1.1 200 6925 https://[REDACTED_DOMAIN]/wp-admin/ Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 show less	Web App Attack
🇩🇪 Viveronese	2026-06-08 16:25:16 (2 weeks ago)	Wordpress vulnerability scanning	Web App Attack
🇩🇪 LRob.fr	2026-06-08 12:30:05 (2 weeks ago)	WordPress login brute-force detected by Fail2Ban in plesk-wordpress jail	Brute-Force Web App Attack

Showing 1 to 15 of 434 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 187.40.215.162

🇨🇳 180.184.75.108

🇷🇴 2.57.122.178

🇷🇴 2.57.121.112

🇮🇹 217.26.178.82

🇺🇸 195.184.76.236

🇺🇸 184.105.139.118

🇵🇭 180.191.51.252

🇫🇷 173.212.195.209

🇹🇭 152.32.247.23

🇩🇪 144.76.57.30

🇿🇼 66.9.171.145

🇰🇷 61.36.200.131

🇧🇷 191.5.176.79

🇺🇸 170.187.165.130

🇺🇸 142.251.151.119

🇩🇪 142.251.14.113

🇩🇪 91.7.151.185

🇬🇧 86.53.163.167

🇧🇬 79.124.58.218