JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 195.231.22.138

195.231.22.138 was found in our database!

This IP was reported 102 times. Confidence of Abuse is 0%: ?

ISP	Aruba S.p.A. - Dedicated servers
Usage Type	Data Center/Web Hosting/Transit
ASN	AS31034
Hostname(s)	lnx04.caffeinapura.it
Domain Name	aruba.it
Country	🇮🇹 Italy
City	Arezzo, Tuscany

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 195.231.22.138

Whois 195.231.22.138

IP Abuse Reports for 195.231.22.138:

This IP address has been reported a total of 102 times from 59 distinct sources. 195.231.22.138 was first reported on May 27th 2023, and the most recent report was 8 months ago.

Old Reports: The most recent abuse report for this IP address is from 8 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 BlueWire Hosting	2025-10-20 14:10:46 (8 months ago)	Probing for application vulnerabilities	Brute-Force Web App Attack
🇦🇺 MAGIC	2025-10-20 01:02:03 (8 months ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇩🇪 LRob.fr	2025-10-17 09:32:28 (8 months ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇨🇿 ddw	2025-10-15 05:02:32 (8 months ago)	WordPress XMLRPC.PHP Access Attempt.	Hacking Web App Attack
🇩🇪 LRob.fr	2025-10-03 02:33:25 (8 months ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇺🇸 myagent.site	2025-10-02 01:51:20 (8 months ago)	Blocking for trying to access an exploit file: /xmlrpc.php	Hacking
Anonymous	2025-09-30 19:36:53 (8 months ago)	195.231.22.138 - - [30/Sep/2025:21:36:51 +0200] "POST /xmlrpc.php HTTP/2.0" 403 153 "-" "Mozilla/5.0 ... show more 195.231.22.138 - - [30/Sep/2025:21:36:51 +0200] "POST /xmlrpc.php HTTP/2.0" 403 153 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0" show less	Web App Attack
🇺🇸 mnsf	2025-07-28 21:05:04 (10 months ago)	Too many Status 40X (12) Scanning/Probing (12)	Brute-Force Web App Attack
🇲🇹 Malta	2025-07-28 11:08:39 (10 months ago)	195.231.22.138 - - [28/Jul/2025:13:08:39 +0200] "GET /wp-json/wp/v2/users HTTP/1.1" "Mozilla/5.0 (Wi ... show more 195.231.22.138 - - [28/Jul/2025:13:08:39 +0200] "GET /wp-json/wp/v2/users HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0" show less	VPN IP Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-07-04 22:01:59 (11 months ago)	(mod_security) mod_security (id:225170) triggered by 195.231.22.138 (lnx04.caffeinapura.it): 1 in th ... show more (mod_security) mod_security (id:225170) triggered by 195.231.22.138 (lnx04.caffeinapura.it): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 04 18:01:54.015344 2025] [security2:error] [pid 29009:tid 29009] [client 195.231.22.138:33072] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.prostar.industries\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.prostar.industries"] [uri "/wp-json/wp/v2/users"] [unique_id "aGhPUocnOFV7xufUJTJVuQAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-04 08:04:25 (11 months ago)	(mod_security) mod_security (id:225170) triggered by 195.231.22.138 (lnx04.caffeinapura.it): 1 in th ... show more (mod_security) mod_security (id:225170) triggered by 195.231.22.138 (lnx04.caffeinapura.it): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 04 04:04:18.549226 2025] [security2:error] [pid 30171:tid 30171] [client 195.231.22.138:35718] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|cosplayculture.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "cosplayculture.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aGeLApDKvSo42th0YPTyiQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-04 00:16:43 (11 months ago)	(mod_security) mod_security (id:225170) triggered by 195.231.22.138 (lnx04.caffeinapura.it): 1 in th ... show more (mod_security) mod_security (id:225170) triggered by 195.231.22.138 (lnx04.caffeinapura.it): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 03 20:16:35.232331 2025] [security2:error] [pid 11999:tid 11999] [client 195.231.22.138:33402] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.spacebooger.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.spacebooger.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aGcdYwEH9YgXiALdokah8gAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-03 06:51:44 (11 months ago)	(mod_security) mod_security (id:225170) triggered by 195.231.22.138 (lnx04.caffeinapura.it): 1 in th ... show more (mod_security) mod_security (id:225170) triggered by 195.231.22.138 (lnx04.caffeinapura.it): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 03 02:51:35.964049 2025] [security2:error] [pid 25359:tid 25359] [client 195.231.22.138:34662] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.michaelcarrollgreen.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.michaelcarrollgreen.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aGYod4jX0feYVdEfYpNHVgAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-01 03:19:41 (11 months ago)	(mod_security) mod_security (id:225170) triggered by 195.231.22.138 (lnx04.caffeinapura.it): 1 in th ... show more (mod_security) mod_security (id:225170) triggered by 195.231.22.138 (lnx04.caffeinapura.it): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 30 23:19:34.115291 2025] [security2:error] [pid 1042639:tid 1042690] [client 195.231.22.138:38810] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|gochemless.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "gochemless.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aGNTxgpXUheDb_8LGOlQEwAAAQ8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-06-30 01:15:08 (11 months ago)	(mod_security) mod_security (id:225170) triggered by 195.231.22.138 (lnx04.caffeinapura.it): 1 in th ... show more (mod_security) mod_security (id:225170) triggered by 195.231.22.138 (lnx04.caffeinapura.it): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 29 21:15:05.354155 2025] [security2:error] [pid 849465:tid 849465] [client 195.231.22.138:37114] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.innolympics.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.innolympics.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aGHlGcryod58Paal1nRy8wAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 102 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇪 198.235.24.217

🇨🇴 181.142.130.144

🇺🇸 172.234.218.245

🇨🇴 172.69.185.133

🇨🇳 123.158.37.16

🇸🇬 84.252.92.26

🇱🇹 81.30.98.49

🇺🇸 74.249.192.245

🇨🇳 47.101.11.110

🇧🇷 187.107.8.110

🇨🇳 183.197.86.77

🇿🇦 104.22.45.116

🇨🇳 1.192.61.19

🇮🇩 172.71.161.134

🇨🇾 172.68.130.152

🇭🇰 154.221.20.92

🇪🇸 79.117.171.8

🇺🇸 66.132.195.75

🇬🇧 35.203.210.146

🇯🇵 172.70.49.20