JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.38.195.229

185.38.195.229 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 29%: ?

29%

ISP	APT_Cable_Memaliaj
Usage Type	Fixed Line ISP
ASN	AS209277
Domain Name	apt.al
Country	🇦🇱 Albania
City	Tepelene, Gjirokaster County

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.38.195.229

Whois 185.38.195.229

IP Abuse Reports for 185.38.195.229:

This IP address has been reported a total of 19 times from 11 distinct sources. 185.38.195.229 was first reported on November 22nd 2025, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-04 21:47:10 (2 weeks ago)	Attac	Brute-Force
🇺🇸 TPI-Abuse	2026-06-04 21:15:45 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 185.38.195.229 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 185.38.195.229 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 17:15:40.631265 2026] [security2:error] [pid 25060:tid 25060] [client 185.38.195.229:33803] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 185.38.195.229 (+1 hits since last alert)\|kh6jim.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kh6jim.com"] [uri "/xmlrpc.php"] [unique_id "aiHq_KJ8uPU96lr6hp89QQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-04 19:12:22 (2 weeks ago)		Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 10:53:11 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 185.38.195.229 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 185.38.195.229 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 06:53:06.041335 2026] [security2:error] [pid 29425:tid 29425] [client 185.38.195.229:55147] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 185.38.195.229 (+1 hits since last alert)\|goseethenurse.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "goseethenurse.com"] [uri "/xmlrpc.php"] [unique_id "aiFZEkBgP69gZvZlqygy9wAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 netclix.gr	2026-06-04 10:50:20 (2 weeks ago)	(wordpress) Failed wordpress login from 185.38.195.229 (AL/Albania/-): (CF_ENABLE)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-04 07:48:39 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 185.38.195.229 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 185.38.195.229 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 03:48:32.413254 2026] [security2:error] [pid 24051:tid 24051] [client 185.38.195.229:51718] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 185.38.195.229 (+1 hits since last alert)\|maffiniandbearce.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "maffiniandbearce.com"] [uri "/xmlrpc.php"] [unique_id "aiEt0F80a9o276EJ_MuAfAAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-04 04:30:54 (2 weeks ago)	[redacted] 185.38.195.229 - - [04/Jun/2026:06:30:14 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ... show more [redacted] 185.38.195.229 - - [04/Jun/2026:06:30:14 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.4)" [redacted] 185.38.195.229 - - [04/Jun/2026:06:30:22 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 185.38.195.229 - - [04/Jun/2026:06:30:32 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.4)" [redacted] 185.38.195.229 - - [04/Jun/2026:06:30:43 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.1; WordPress/6.4; http://site16645942.com" [redacted] 185.38.195.229 - - [04/Jun/2026:06:30:54 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.1)" ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 15:04:47 (3 weeks ago)	(mod_security) mod_security (id:240335) triggered by 185.38.195.229 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 185.38.195.229 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 11:04:40.660539 2026] [security2:error] [pid 23053:tid 23053] [client 185.38.195.229:61123] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 185.38.195.229 (+1 hits since last alert)\|joevallone.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "joevallone.com"] [uri "/xmlrpc.php"] [unique_id "aiBCiMh6goORmc90vwvcHgAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 12:19:50 (3 weeks ago)	(mod_security) mod_security (id:240335) triggered by 185.38.195.229 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 185.38.195.229 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 08:19:46.285971 2026] [security2:error] [pid 16082:tid 16082] [client 185.38.195.229:3056] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 185.38.195.229 (+1 hits since last alert)\|tracytappan.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tracytappan.net"] [uri "/xmlrpc.php"] [unique_id "aiAb4vCn-GD5Uf2JZ70pfAAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-03 10:36:14 (3 weeks ago)	Attac	Brute-Force
Anonymous	2026-05-24 06:30:17 (1 month ago)	Attac	Brute-Force
🇩🇪 bsoft.de	2026-05-24 04:56:18 (1 month ago)	185.38.195.229 - - [24/May/2026:06:55:57 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12. ... show more 185.38.195.229 - - [24/May/2026:06:55:57 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.5; WordPress/6.2; http://site44710275.com" 185.38.195.229 - - [24/May/2026:06:56:07 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.1; WordPress/6.4; http://site60785921.com" 185.38.195.229 - - [24/May/2026:06:56:17 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" show less	Web App Attack
🇩🇪 SCHAPPY	2026-04-17 06:13:56 (2 months ago)	IMAP/POP3 connection attempts using blacklisted username.	DDoS Attack Email Spam Hacking
🇨🇭 backslash	2026-04-11 15:27:17 (2 months ago)	block ruleset 6B63410D189E6343B910F7440B8499558BEC52EB	Bad Web Bot
🇩🇪 LRob.fr	2026-03-22 17:45:05 (3 months ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇮 213.232.122.143

🇫🇮 147.185.133.62

🇯🇵 115.179.102.180

🇺🇸 66.132.186.245

🇮🇩 182.9.36.100

🇳🇱 176.65.148.158

🇺🇸 162.216.149.188

🇺🇸 162.216.149.174

🇨🇳 117.135.210.68

🇨🇳 111.124.201.223

🇭🇰 103.126.93.138

🇭🇰 45.195.24.120

🇯🇵 23.81.44.23

🇪🇸 212.227.235.203

🇬🇧 193.163.125.230

🇳🇱 169.150.196.12

🇷🇺 138.124.69.150

🇹🇭 125.24.94.207

🇬🇧 104.28.240.59

🇭🇰 101.36.112.101