JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 207.180.231.195

207.180.231.195 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 75%: ?

75%

ISP	Contabo GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS51167
Hostname(s)	vmi3380203.contaboserver.net
Domain Name	contabo.com
Country	🇫🇷 France
City	Lauterbourg, Grand Est

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 207.180.231.195

Whois 207.180.231.195

IP Abuse Reports for 207.180.231.195:

This IP address has been reported a total of 14 times from 13 distinct sources. 207.180.231.195 was first reported on June 18th 2026, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇵🇱 dcnet	2026-06-19 06:00:08 (3 days ago)	FortiGate detected DOS attack from IPv4 address 207.180.231.195	DDoS Attack
🇺🇸 Matthew Ping	2026-06-19 06:00:01 (3 days ago)	ModSecurity rule 949110 triggered on server. Web application attack blocked by CSF/LFD.	Web App Attack Hacking
🇫🇷 ELYAZ	2026-06-18 22:13:37 (3 days ago)	(y3) Failed access -byebye- from 207.180.231.195 (FR/France/vmi3380203.contaboserver.net): (CF_ENAB ... show more (y3) Failed access -byebye- from 207.180.231.195 (FR/France/vmi3380203.contaboserver.net): (CF_ENABLE) show less	Hacking
🇩🇪 LRob.fr	2026-06-18 20:30:16 (3 days ago)	Repeated 403 errors, blocked by Fail2ban in custom-403 jail	Bad Web Bot
🇩🇪 LRob.fr	2026-06-18 20:15:09 (3 days ago)	WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail	Web App Attack
🇳🇱 Roderic	2026-06-18 19:49:45 (3 days ago)	(apache-scanners) Failed apache-scanners trigger with match [redacted])	Port Scan
Anonymous	2026-06-18 18:41:01 (3 days ago)	Automated vulnerability scanning and sensitive file probing against a secured web server. Attempted ... show more Automated vulnerability scanning and sensitive file probing against a secured web server. Attempted access to sensitive configuration files and common vulnerability paths. show less	Brute-Force Web App Attack
🇳🇱 ConsulHosting	2026-06-18 18:22:24 (3 days ago)	Excessive failed CAPTCHA attempts (CAPTCHA DoS)	Web App Attack
Anonymous	2026-06-18 18:05:31 (3 days ago)	Blocked: Reason='Vulnerability probing — PHP scan detected (15/60 min)'; Requests=15	Port Scan
Anonymous	2026-06-18 18:05:03 (3 days ago)	Bot / scanning and/or hacking attempts: GET /.git-credentials HTTP/1.1, GET /env.save HTTP/1.1, GET ... show more Bot / scanning and/or hacking attempts: GET /.git-credentials HTTP/1.1, GET /env.save HTTP/1.1, GET /.svn/entries HTTP/1.1, GET /env.docker HTTP/1.1, GET /smtp.conf HTTP/1.1, GET /id_rsa HTTP/1.1, GET /env.credentials HTTP/1.1, GET /env.aws HTTP/1.1, GET /settings.php HTTP/1.1, GET /database.yml HTTP/1.1, GET /mail.ini HTTP/1.1, GET /server.key HTTP/1.1, GET /postfix.conf HTTP/1.1, GET /.env.save HTTP/1.1, GET /.env.local.php HTTP/1.1, GET /env.public HTTP/1.1, GET /env.example HTTP/1.1, GET /.aws/credentials HTTP/1.1, GET /env.private HTTP/1.1, GET /.env.production HTTP/1.1, GET /config/secure.yml HTTP/1.1, GET /.env.secrets HTTP/1.1, GET /env.ci HTTP/1.1, GET /.env.docker HTTP/1.1, GET /.env.private HTTP/1.1, GET /env.dev HTTP/1.1, GET /.env.kubernetes HTTP/1.1, GET /secrets.yml HTTP/1.1, GET /.env.aws HTTP/1.1, GET /.env.dev HTTP/1.1, GET /.git/config HTTP/1.1, GET /.aws/config HTTP/1.1, GET /env.local HTTP/1.1, GET /.env.old HTTP/1.1, GET /env.backup HTTP/1.1 show less	Hacking Web App Attack
🇫🇷 Octopuce	2026-06-18 17:31:13 (3 days ago)	Aggressive web search of vulnerable pages: /.env.local /.env /db.sql /dump.sql /backup.zip ...	Web App Attack
🇮🇹 VHosting	2026-06-18 17:10:03 (3 days ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 17:08:43 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 207.180.231.195 (vmi3380203.contaboserver.net): ... show more (mod_security) mod_security (id:210492) triggered by 207.180.231.195 (vmi3380203.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 13:08:37.201626 2026] [security2:error] [pid 9664:tid 9664] [client 207.180.231.195:56113] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "alexgitlin.com"] [uri "/.env.private"] [unique_id "ajQmFXvgDjaAqpPtFa55QwAAACI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 nyt	2026-06-18 14:59:13 (3 days ago)	Credential Harvest	Web App Attack

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 172.69.58.190

🇸🇬 159.65.11.235

🇯🇵 156.227.232.198

🇰🇿 95.82.88.104

🇬🇧 87.236.176.123

🇨🇦 85.217.149.41

🇧🇪 34.156.129.119

🇷🇴 2.57.122.177

🇨🇳 221.225.180.112

🇲🇽 187.204.100.141

🇧🇷 179.48.229.117

🇨🇴 170.254.229.191

🇺🇸 138.68.232.170

🇨🇳 117.50.89.245

🇻🇳 113.172.59.98

🇮🇳 110.227.213.163

🇱🇹 81.30.98.144

🇮🇹 78.134.49.171

🇫🇮 74.125.114.158

🇺🇸 18.224.94.82