JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 212.227.149.238

212.227.149.238 was found in our database!

This IP was reported 65 times. Confidence of Abuse is 100%: ?

100%

ISP	IONOS SE
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8560
Domain Name	ionos.com
Country	🇪🇸 Spain
City	Logrono, La Rioja

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 212.227.149.238

Whois 212.227.149.238

IP Abuse Reports for 212.227.149.238:

This IP address has been reported a total of 65 times from 39 distinct sources. 212.227.149.238 was first reported on June 15th 2026, and the most recent report was 7 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-17 03:40:02 (7 minutes ago)	Web App Attack, Hacking	Hacking Web App Attack
🇩🇪 expandmade.com	2026-06-17 01:49:47 (1 hour ago)	trolling for wp-login [17/Jun/2026:01:49:47 "GET /wp-login.php"]	Web App Attack
🇺🇸 mnsf	2026-06-17 00:29:02 (3 hours ago)	Login Too Frequent (6)	Brute-Force Web App Attack
Anonymous	2026-06-16 23:59:00 (3 hours ago)	Part of a persistent, large-scale spam campaign. This IP is used to distribute phishing emails promo ... show more Part of a persistent, large-scale spam campaign. This IP is used to distribute phishing emails promoting illicitly modified B-CAS cards. The associated landing pages are intentionally using Cloudflare’s protection to conceal their activities (Cloaking). This is a verified malicious actor involved in long-term fraud and victim tracking. [Illegally modified B-CAS card sales site: https://securl.fyi/9PBCiS -> https://ttzfyzsaprij.xyz/] show less	Web Spam Email Spam Spoofing Phishing
🇩🇪 FeG Deutschland	2026-06-16 22:28:33 (5 hours ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 27	Exploited Host Web App Attack
Anonymous	2026-06-16 16:46:05 (11 hours ago)	Failed Wordpress Logins	Web App Attack
🇩🇪 LRob.fr	2026-06-16 16:15:04 (11 hours ago)	Repeated attacks detected by Fail2Ban in recidive jail	Hacking
🇺🇸 xxkodedxx	2026-06-16 15:47:47 (11 hours ago)	[Zorvexus edge-defense] GET .env / WordPress honeypot probe Trigger: 1× honeypot-get in 10m window. ... show more [Zorvexus edge-defense] GET .env / WordPress honeypot probe Trigger: 1× honeypot-get in 10m window. Active: 15:47:23→15:47:24 UTC Volume: 2 honeypot probe(s) Bait taken: /wp-login.php UA: "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" Auto-banned 30d. zorvexus-banner. show less	Bad Web Bot Web App Attack
🇦🇺 QT	2026-06-16 15:28:17 (12 hours ago)	Unauthorised WordPress admin login attempted at 2026-06-17 01:28:09 +1000	Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 15:16:02 (12 hours ago)	(mod_security) mod_security (id:225170) triggered by 212.227.149.238 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 212.227.149.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 11:15:55.228892 2026] [security2:error] [pid 19408:tid 19408] [client 212.227.149.238:43452] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|scrunchiebuttbikini.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "scrunchiebuttbikini.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "ajFoq-JbzcaaybgmEZjjcgAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2026-06-16 15:15:04 (12 hours ago)	Repeated 503 errors, blocked by Fail2Ban in custom-503 jail	Bad Web Bot Web App Attack
🇩🇪 F242	2026-06-16 15:08:19 (12 hours ago)	Wordpress Login or XMLRPC abuse	Web App Attack
🇦🇺 QT	2026-06-16 15:04:04 (12 hours ago)	Unauthorised WordPress admin login attempted at 2026-06-17 01:03:55 +1000	Web App Attack
🇨🇦 KIsmay	2026-06-16 14:10:02 (13 hours ago)	Jun 16 06:04:09 www4 WPAudit[2133963]: 212.227.149.238 katharinedickerson.com "Mozilla/5.0 (X11; Lin ... show more Jun 16 06:04:09 www4 WPAudit[2133963]: 212.227.149.238 katharinedickerson.com "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0" katharinedickerson:katharinedickerson66 FAIL Jun 16 06:08:13 www4 WPAudit[2134290]: 212.227.149.238 dev.siscobc.com "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0" sisco:Sisco10 FAIL Jun 16 06:22:02 www4 WPAudit[2135249]: 212.227.149.238 www.goldislandforestproducts.ca "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" gifp:gifp44 FAIL Jun 16 09:31:13 www4 WPAudit[2141715]: 212.227.149.238 valhallasafety.com "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" ron:ron000 FAIL Jun 16 10:10:01 www4 WPAudit[2152250]: 212.227.149.238 siscobc.com "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 ... show less	Brute-Force Web App Attack
🇦🇺 FSB.ru - Is it?	2026-06-16 14:07:16 (13 hours ago)	Brute force login for honeypot user accounts	Brute-Force Web App Attack

Showing 1 to 15 of 65 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 198.235.24.25

🇺🇸 167.99.227.24

🇹🇼 111.70.32.50

🇹🇼 111.70.9.87

🇮🇳 106.222.225.160

🇮🇹 83.224.175.43

🇩🇪 69.5.169.227

🇻🇳 58.186.20.143

🇹🇭 49.228.222.23

🇩🇪 49.12.76.0

🇺🇸 43.130.102.223

🇨🇳 14.103.118.248

🇨🇳 1.85.217.127

🇳🇱 174.138.14.189

🇻🇳 115.76.213.240

🇳🇱 45.148.10.151

🇬🇧 35.203.211.190

🇺🇸 198.62.0.180

🇧🇷 179.184.85.167

🇭🇰 152.32.168.34