JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.252.234.215

185.252.234.215 was found in our database!

This IP was reported 1,253 times. Confidence of Abuse is 92%: ?

92%

ISP	Contabo GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS51167
Hostname(s)	vmi2713575.contaboserver.net
Domain Name	contabo.com
Country	🇫🇷 France
City	Lauterbourg, Grand Est

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.252.234.215

Whois 185.252.234.215

IP Abuse Reports for 185.252.234.215:

This IP address has been reported a total of 1,253 times from 194 distinct sources. 185.252.234.215 was first reported on August 21st 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇵🇱 wHosts	2026-06-28 16:31:21 (1 day ago)	Blocked by Fail2Ban	Web App Attack
🇩🇪 LRob.fr	2026-06-26 19:00:06 (3 days ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
Anonymous	2026-06-25 14:50:20 (4 days ago)	IP banned by Fail2Ban in jail nginx-abusive-ips	Web App Attack Brute-Force Bad Web Bot
🇷🇴 INTEQ	2026-06-25 01:56:59 (4 days ago)	Web attack from 185.252.234.215	Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 18:44:33 (6 days ago)	(mod_security) mod_security (id:225170) triggered by 185.252.234.215 (vmi2713575.contaboserver.net): ... show more (mod_security) mod_security (id:225170) triggered by 185.252.234.215 (vmi2713575.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 14:44:28.755335 2026] [security2:error] [pid 9281:tid 9281] [client 185.252.234.215:35194] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.nomorenicenice.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.nomorenicenice.net"] [uri "/wp-json/wp/v2/users"] [unique_id "ajrUDCTA7vUClvqAsD1Z4QAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 rsiddall	2026-06-23 11:41:17 (6 days ago)	185.252.234.215 - - [23/Jun/2026:07:41:14 -0400] "POST /xmlrpc.php HTTP/1.1" 403 1809 "-" "Mozilla/5 ... show more 185.252.234.215 - - [23/Jun/2026:07:41:14 -0400] "POST /xmlrpc.php HTTP/1.1" 403 1809 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0" 185.252.234.215 - - [23/Jun/2026:07:41:15 -0400] "POST /xmlrpc.php HTTP/1.1" 403 1809 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:51.0) Gecko/20100101 Firefox/51.0" ... show less	Brute-Force
🇩🇪 konseptit	2026-06-22 19:22:11 (1 week ago)	(wordpress) Failed wordpress login from 185.252.234.215 (FR/France/vmi2713575.contaboserver.net)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-22 15:42:31 (1 week ago)	(mod_security) mod_security (id:225170) triggered by 185.252.234.215 (vmi2713575.contaboserver.net): ... show more (mod_security) mod_security (id:225170) triggered by 185.252.234.215 (vmi2713575.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 11:42:24.704025 2026] [security2:error] [pid 2272:tid 2272] [client 185.252.234.215:59312] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|tracytappan.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "tracytappan.net"] [uri "/wp-json/wp/v2/users"] [unique_id "ajlX4F-8YXLSVfFDBIKjeAAAACU"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-21 19:30:18 (1 week ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇺🇸 TPI-Abuse	2026-06-21 02:58:09 (1 week ago)	(mod_security) mod_security (id:225170) triggered by 185.252.234.215 (vmi2713575.contaboserver.net): ... show more (mod_security) mod_security (id:225170) triggered by 185.252.234.215 (vmi2713575.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 22:58:02.811928 2026] [security2:error] [pid 3906:tid 3906] [client 185.252.234.215:58568] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.rohanbyles.com.au\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.rohanbyles.com.au"] [uri "/wp-json/wp/v2/users"] [unique_id "ajdTOiCX7YJpO7--BCxU5gAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-20 18:07:10 (1 week ago)	Attac	Brute-Force
🇺🇸 TPI-Abuse	2026-06-20 15:22:12 (1 week ago)	(mod_security) mod_security (id:225170) triggered by 185.252.234.215 (vmi2713575.contaboserver.net): ... show more (mod_security) mod_security (id:225170) triggered by 185.252.234.215 (vmi2713575.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 11:22:07.672181 2026] [security2:error] [pid 1702:tid 1702] [client 185.252.234.215:55358] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.stop902.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.stop902.org"] [uri "/wp-json/wp/v2/users"] [unique_id "ajawH2nyMSoAxksZVsiTvAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 19:39:21 (1 week ago)	(mod_security) mod_security (id:225170) triggered by 185.252.234.215 (vmi2713575.contaboserver.net): ... show more (mod_security) mod_security (id:225170) triggered by 185.252.234.215 (vmi2713575.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 15:39:17.752707 2026] [security2:error] [pid 32633:tid 32679] [client 185.252.234.215:45904] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.pwihatah.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.pwihatah.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajWa5YJnzudqzA6xEq2n1AAAAUs"] show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 lns.bz	2026-06-17 22:06:31 (1 week ago)	Web app attack [PL.Lu]	Exploited Host Web App Attack
🇫🇷 ✨	2026-06-16 00:54:08 (1 week ago)	Domain : rathbonepartnership.co.uk Rule : xmlrpc 2026-06-16 00:51:50 *hidden-privacy* POST /xmlr ... show more Domain : rathbonepartnership.co.uk Rule : xmlrpc 2026-06-16 00:51:50 *hidden-privacy* POST /xmlrpc.php - 443 - 185.252.234.215 HTTP/1.1 Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:51.0) Gecko/20100101 Firefox/51.0 - rathbonepartnership.co.uk 404 5 0 1484 398 30 - - show less	Web App Attack

Showing 1 to 15 of 1253 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 209.50.186.255

🇩🇪 185.213.155.192

🇺🇸 172.184.210.216

🇺🇸 142.147.163.2

🇮🇳 116.72.103.11

🇵🇰 111.68.102.19

🇰🇪 102.210.149.236

🇯🇵 43.128.232.117

🇺🇸 20.65.144.62

🇺🇸 3.217.171.106

🇪🇹 196.191.50.126

🇧🇷 181.218.172.74

🇯🇵 172.253.6.155

🇨🇳 106.12.86.145

🇲🇲 103.129.76.218

🇩🇪 87.156.185.61

🇸🇬 45.78.206.111

🇻🇳 14.191.43.222

🇺🇸 206.221.176.60

🇧🇷 187.8.64.94