JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.238.72.3

185.238.72.3 was found in our database!

This IP was reported 91 times. Confidence of Abuse is 100%: ?

100%

ISP	ULTIMAHOST.PL SZELIGA sp. j.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS41508
Hostname(s)	www.xbuysell.pl
Domain Name	ultimahost.pl
Country	🇵🇱 Poland
City	Lodz, Lodz Voivodeship

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.238.72.3

Whois 185.238.72.3

IP Abuse Reports for 185.238.72.3:

This IP address has been reported a total of 91 times from 59 distinct sources. 185.238.72.3 was first reported on June 2nd 2026, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇹 urnilxfgbez	2026-06-14 22:45:00 (4 hours ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
Anonymous	2026-06-14 16:18:20 (10 hours ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇧🇷 diego	2026-06-14 15:40:50 (11 hours ago)	[probe-68-69] 2026-06-14 15:21:54, Client: 185.238.72.3, Protocol: 6, Unauthorized activity to HTTP: ... show more [probe-68-69] 2026-06-14 15:21:54, Client: 185.238.72.3, Protocol: 6, Unauthorized activity to HTTP: POST /cgi-bin/../../../../../../../../../../bin/sh show less	Web App Attack
🇪🇪 Selckie	2026-06-14 14:45:04 (12 hours ago)	fail2ban: NGINX unusual impact	Web App Attack
🇫🇮 Yachiyo Runami	2026-06-14 14:30:14 (12 hours ago)	Port Scan on Honeypot \| Ports: 2222/SSH-alt \| Proto: TCP(1) \| Flags: all SYN \| TTL: 52 \| Len: 44B \| ... show more Port Scan on Honeypot \| Ports: 2222/SSH-alt \| Proto: TCP(1) \| Flags: all SYN \| TTL: 52 \| Len: 44B \| Win: 65535(1) \| rDNS: www.xbuysell.pl \| F2B/ufw-honeypot@2026-06-14T14:30:14Z show less	Port Scan Hacking
🇫🇷 adnscom.net	2026-06-14 13:45:05 (13 hours ago)	IPS trigger: Brute force SSH scanning/attack	Brute-Force SSH
🇺🇸 conrad10781	2026-06-14 13:37:58 (13 hours ago)	nginx-cgi-bin	Web App Attack
🇺🇸 xmission.com	2026-06-14 13:36:26 (13 hours ago)	Blocked by UFW (TCP on 2222) Source port: 37484 TTL: 58 Packet length: 40 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 2222) Source port: 37484 TTL: 58 Packet length: 40 TOS: 0x00 This report (for 185.238.72.3) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 RAP	2026-06-14 13:27:26 (13 hours ago)	2026-06-14 13:27:26 UTC Unauthorized activity to TCP port 22. SSH	SSH
🇺🇸 MPL	2026-06-14 12:33:29 (14 hours ago)	tcp/2222 (2 or more attempts)	Port Scan
🇩🇪 iRaphi05	2026-06-14 11:01:57 (15 hours ago)	Honeypot detection: POST request on /cgi-bin/../../../../../../../../../../bin/sh \| User-Agent: libr ... show more Honeypot detection: POST request on /cgi-bin/../../../../../../../../../../bin/sh \| User-Agent: libredtail-http show less	Hacking Web App Attack
🇸🇪 KIDOS	2026-06-14 09:50:10 (16 hours ago)	CrowdSec detected malicious activity	DDoS Attack
Anonymous	2026-06-14 09:48:54 (16 hours ago)	CrowdSec ban: crowdsecurity/ssh-refused-conn	Hacking
🇺🇸 RAP	2026-06-14 09:20:53 (17 hours ago)	2026-06-14 09:20:53 UTC Unauthorized activity to TCP port 23. Telnet	Port Scan
Anonymous	2026-06-14 09:00:01 (17 hours ago)		Port Scan

Showing 1 to 15 of 91 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇦 216.26.239.246

🇳🇱 204.76.203.231

🇺🇸 172.245.43.228

🇩🇪 167.94.145.31

🇺🇸 146.88.240.110

🇩🇪 130.12.181.227

🇨🇳 118.196.114.236

🇹🇷 78.135.73.216

🇧🇷 77.111.101.12

🇷🇺 77.37.179.158

🇺🇸 76.124.3.157

🇺🇸 45.3.35.55

🇺🇸 45.3.32.210

🇹🇳 41.62.137.54

🇮🇪 34.249.195.141

🇧🇪 34.78.71.110

🇺🇸 20.65.194.47

🇨🇳 220.167.232.40

🇺🇸 209.50.173.222

🇺🇸 207.90.244.25