JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 191.252.205.45

191.252.205.45 was found in our database!

This IP was reported 52 times. Confidence of Abuse is 0%: ?

ISP	Locaweb Serviços de Internet S/A
Usage Type	Data Center/Web Hosting/Transit
ASN	AS27715
Hostname(s)	vps41564.publiccloud.com.br
Domain Name	locaweb.com.br
Country	🇧🇷 Brazil
City	Sao Paulo, Sao Paulo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 191.252.205.45

Whois 191.252.205.45

IP Abuse Reports for 191.252.205.45:

This IP address has been reported a total of 52 times from 20 distinct sources. 191.252.205.45 was first reported on June 17th 2024, and the most recent report was 6 months ago.

Old Reports: The most recent abuse report for this IP address is from 6 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇮 Shaik Sai Meera	2025-12-05 00:40:09 (6 months ago)	IM360 WAF: Block Drupal/Joomla spammers	Brute-Force Bad Web Bot
🇩🇪 FeG Deutschland	2024-10-23 06:49:02 (1 year ago)	Looking for CMS/PHP/SQL vulnerablilities - 13	Exploited Host Web App Attack
Anonymous	2024-10-23 05:45:56 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2024-10-22 00:02:40 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇲🇹 Malta	2024-10-16 22:21:32 (1 year ago)	191.252.205.45 - - [17/Oct/2024:00:21:32 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows ... show more 191.252.205.45 - - [17/Oct/2024:00:21:32 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.109 Safari/537.36" show less	VPN IP Hacking Web App Attack
🇦🇺 MAGIC	2024-07-09 17:07:05 (1 year ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇺🇸 TPI-Abuse	2024-07-09 02:37:43 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 191.252.205.45 (vps41564.publiccloud.com.br): 1 ... show more (mod_security) mod_security (id:240335) triggered by 191.252.205.45 (vps41564.publiccloud.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 08 22:37:36.257658 2024] [security2:error] [pid 1031082] [client 191.252.205.45:35444] [client 191.252.205.45] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 191.252.205.45 (+1 hits since last alert)\|www.slcmetalhurdacilik.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.slcmetalhurdacilik.com"] [uri "/xmlrpc.php"] [unique_id "ZoyicH84J4P6BDjPoTKsoAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2024-07-08 12:27:01 (1 year ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack
🇺🇸 myagent.site	2024-07-08 01:41:28 (1 year ago)	Banned for posting to wp-login.php without referer {"log":"admin","pwd":"Jimmysellshouses@2022","wp- ... show more Banned for posting to wp-login.php without referer {"log":"admin","pwd":"Jimmysellshouses@2022","wp-submit":"Log In","redirect_to":"http:\/\/jimmysellshouses.com\/wp-admin\/","testcookie":"1"} show less	Hacking
🇳🇱 Linuxmalwarehuntingnl	2024-07-03 08:57:47 (1 year ago)	Unauthorized connection attempt	Brute-Force
🇺🇸 TPI-Abuse	2024-06-26 08:52:09 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 191.252.205.45 (vps41564.publiccloud.com.br): 1 ... show more (mod_security) mod_security (id:240335) triggered by 191.252.205.45 (vps41564.publiccloud.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 26 04:52:00.194846 2024] [security2:error] [pid 19974] [client 191.252.205.45:38810] [client 191.252.205.45] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 191.252.205.45 (+1 hits since last alert)\|www.ibeautyexchange.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.ibeautyexchange.com"] [uri "/xmlrpc.php"] [unique_id "ZnvWsHXSXNTTJEZOKQFywAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇲🇹 Malta	2024-06-26 08:29:00 (1 year ago)	191.252.205.45 - - [26/Jun/2024:10:29:00 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; ... show more 191.252.205.45 - - [26/Jun/2024:10:29:00 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36" Brute-force password attempt show less	Hacking Brute-Force Web App Attack
🇲🇹 Malta	2024-06-25 06:52:04 (1 year ago)	191.252.205.45 - - [25/Jun/2024:08:52:04 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; ... show more 191.252.205.45 - - [25/Jun/2024:08:52:04 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36" Brute-force password attempt show less	Hacking Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2024-06-25 06:30:45 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 191.252.205.45 (vps41564.publiccloud.com.br): 1 ... show more (mod_security) mod_security (id:240335) triggered by 191.252.205.45 (vps41564.publiccloud.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 25 02:30:37.774092 2024] [security2:error] [pid 21363] [client 191.252.205.45:46316] [client 191.252.205.45] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 191.252.205.45 (+1 hits since last alert)\|isci.global\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "isci.global"] [uri "/xmlrpc.php"] [unique_id "ZnpkDW7tspU2534tvTkzlgAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-06-25 00:43:22 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 191.252.205.45 (vps41564.publiccloud.com.br): 1 ... show more (mod_security) mod_security (id:240335) triggered by 191.252.205.45 (vps41564.publiccloud.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 24 20:43:18.203779 2024] [security2:error] [pid 5059] [client 191.252.205.45:44996] [client 191.252.205.45] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 191.252.205.45 (+1 hits since last alert)\|instagenii.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "instagenii.com"] [uri "/xmlrpc.php"] [unique_id "ZnoSplWwt1ZQf8yqJo2XhQAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 52 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 178.16.53.104

🇷🇴 2.57.121.112

🇺🇸 161.123.130.223

🇳🇱 144.31.54.15

🇨🇳 43.226.39.177

🇰🇷 34.64.140.141

🇦🇺 16.176.125.169

🇺🇸 3.19.217.177

🇨🇳 49.235.148.123

🇳🇱 45.153.34.112

🇳🇱 45.148.10.147

🇸🇬 45.78.198.199

🇨🇱 34.176.202.206

🇰🇷 211.193.245.27

🇺🇸 207.110.232.227

🇺🇸 166.70.146.204

🇮🇳 106.219.236.120

🇳🇱 89.21.67.173

🇸🇬 13.229.135.183

🇧🇷 2804:12b0:810c:1d00:f117:217e:8fa0:f9c3