JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.68.18.52

185.68.18.52 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 72%: ?

72%

ISP	Hosting Ukraine LTD
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200000
Hostname(s)	business-11.default-host.net
Domain Name	ukraine.com.ua
Country	🇺🇦 Ukraine
City	Kyiv, Kyiv City

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.68.18.52

Whois 185.68.18.52

IP Abuse Reports for 185.68.18.52:

This IP address has been reported a total of 17 times from 15 distinct sources. 185.68.18.52 was first reported on October 5th 2021, and the most recent report was 38 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇷 setupgr	2026-06-10 23:46:19 (38 minutes ago)	(mod_security) mod_security (id:900001) triggered by 185.68.18.52: 1 in the last 86400 secs; Ports: ... show more (mod_security) mod_security (id:900001) triggered by 185.68.18.52: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Thu Jun 11 02:46:16.216412 2026] [security2:error] [pid 1859174:tid 1859304] [remote 185.68.18.52:34486] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|alloweddomain2\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "74"] [id "900001"] [msg "Blocked WP Login attempt on domain: ftiaxtomonosou.gr"] [severity "CRITICAL"] [tag "security"] [hostname "ftiaxtomonosou.gr"] [uri "/wp-login.php"] [unique_id "ain3SPXgkX-T0UDyoqUAxgAAwBA"] show less	Port Scan
🇦🇺 screwlooseit.com.au	2026-06-10 23:03:03 (1 hour ago)	Blocked by CSF 13 firewall - Rule: WPLOGIN UA/Ukraine/business-11.default-host.net	Web App Attack
🇳🇴 jad@	2026-06-10 22:39:57 (1 hour ago)	ThreatFeed automated detection: malicious HTTP scanning / exploit attempts. Signatures: wp_login. Ob ... show more ThreatFeed automated detection: malicious HTTP scanning / exploit attempts. Signatures: wp_login. Observed by 1 sensor(s); 2 hits. show less	Brute-Force Web App Attack
🇫🇷 tecnicorioja	2026-06-10 22:01:35 (2 hours ago)	wp-login attack [10/Jun/2026:16:17:09	Brute-Force Web App Attack
🇫🇷 dynamix	2026-06-10 17:19:32 (7 hours ago)	WordPress wp-login.php Brute Force Attack	Brute-Force Web App Attack
🇲🇾 Rizzy	2026-06-10 17:10:13 (7 hours ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇺🇸 nyt	2026-06-10 15:49:14 (8 hours ago)	Repeated WordPress login POSTs blocked by WAF (3 in 6h)	Brute-Force Web App Attack
🇺🇸 TAY	2026-06-10 14:42:45 (9 hours ago)	185.68.18.52 - - [10/Jun/2026:22:41:53 +0800] "POST /wp-login.php HTTP/1.1" 200 2974 "https://www.au ... show more 185.68.18.52 - - [10/Jun/2026:22:41:53 +0800] "POST /wp-login.php HTTP/1.1" 200 2974 "https://www.autism-cvc.org/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 185.68.18.52 - - [10/Jun/2026:22:42:23 +0800] "POST /wp-login.php HTTP/1.1" 200 2979 "https://autism-cvc.org/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 185.68.18.52 - - [10/Jun/2026:22:42:44 +0800] "POST /wp-login.php HTTP/1.1" 200 2977 "https://autism-cvc.org/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" ... show less	Brute-Force
🇩🇪 brechtr	2026-06-10 13:47:47 (10 hours ago)	[Press84-BanHammer] bad username — Sourced from: www.langsvlaamsewegen.be — Request: POST /wp-login. ... show more [Press84-BanHammer] bad username — Sourced from: www.langsvlaamsewegen.be — Request: POST /wp-login.php show less	Brute-Force
🇩🇪 Marc	2026-06-10 13:17:40 (11 hours ago)	185.68.18.52 - - [10/Jun/2026:13:19:33 +0200] "GET /wp-login.php HTTP/2.0" 200 3973 "-" "Mozilla/5.0 ... show more 185.68.18.52 - - [10/Jun/2026:13:19:33 +0200] "GET /wp-login.php HTTP/2.0" 200 3973 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 185.68.18.52 - - [10/Jun/2026:13:19:34 +0200] "POST /wp-login.php HTTP/2.0" 200 4644 "https://www.bente-personaldienstleistung.de/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 185.68.18.52 - - [10/Jun/2026:14:41:23 +0200] "GET /wp-login.php HTTP/2.0" 200 4086 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 185.68.18.52 - - [10/Jun/2026:14:41:24 +0200] "POST /wp-login.php HTTP/2.0" 403 11140 "https://saatschule.de/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 185.68.18.52 - - [10/Jun/2026:15:17:39 +0200] "GET /wp-login.php HTTP/2.0" 200 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x6 show less	Brute-Force Web App Attack
🇺🇸 TAY	2026-06-10 12:42:43 (11 hours ago)	185.68.18.52 - - [10/Jun/2026:20:41:41 +0800] "POST /wp-login.php HTTP/1.1" 200 2979 "https://autism ... show more 185.68.18.52 - - [10/Jun/2026:20:41:41 +0800] "POST /wp-login.php HTTP/1.1" 200 2979 "https://autism-cvc.org/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 185.68.18.52 - - [10/Jun/2026:20:42:18 +0800] "POST /wp-login.php HTTP/1.1" 200 2977 "https://autism-cvc.org/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 185.68.18.52 - - [10/Jun/2026:20:42:42 +0800] "POST /wp-login.php HTTP/1.1" 200 2974 "https://www.autism-cvc.org/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" ... show less	Brute-Force
🇺🇸 jormaster3k	2026-06-10 11:19:09 (13 hours ago)	Attack against WordPress	Web App Attack
🇩🇪 london2038.com	2026-06-10 11:11:12 (13 hours ago)	Attacking WordPress 185.68.18.52 - - [10/Jun/2026:13:11:09 +0200] "POST /wp-login.php HTTP/2.0" 503 ... show more Attacking WordPress 185.68.18.52 - - [10/Jun/2026:13:11:09 +0200] "POST /wp-login.php HTTP/2.0" 503 19291 "https://<REDACTED>/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" show less	Brute-Force Web App Attack
🇮🇹 VHosting	2026-06-10 10:49:59 (13 hours ago)	Detected mail brute force attack from 4 different servers	Brute-Force
🇲🇹 Malta	2026-06-10 10:45:05 (13 hours ago)	185.68.18.52 - - [10/Jun/2026:12:45:05 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows NT ... show more 185.68.18.52 - - [10/Jun/2026:12:45:05 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" Brute-force password attempt show less	Hacking Web App Attack Brute-Force

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇭 179.43.182.202

🇨🇦 89.251.0.202

🇺🇸 66.132.195.51

🇬🇧 35.203.211.83

🇪🇸 34.175.225.171

🇻🇳 27.79.3.188

🇷🇺 194.85.69.22

🇳🇱 176.65.148.84

🇺🇸 162.216.150.147

🇺🇸 109.105.210.55

🇮🇩 103.148.100.146

🇮🇩 101.255.162.184

🇩🇪 81.88.34.55

🇺🇸 44.214.135.15

🇺🇸 205.210.31.81

🇨🇳 182.92.119.182

🇨🇴 152.200.205.179

🇺🇸 136.107.170.238

🇺🇸 135.232.177.182

🇨🇳 120.85.118.152