JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 5.252.185.197

5.252.185.197 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 54%: ?

54%

ISP	Karolio IT paslaugos, UAB
Usage Type	Data Center/Web Hosting/Transit
ASN	AS209043
Hostname(s)	undefined.hostname.localhost
Domain Name	iproyal.com
Country	🇿🇦 South Africa
City	Centurion, Gauteng

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 5.252.185.197

Whois 5.252.185.197

IP Abuse Reports for 5.252.185.197:

This IP address has been reported a total of 16 times from 8 distinct sources. 5.252.185.197 was first reported on June 10th 2026, and the most recent report was 17 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 LRob.fr	2026-06-17 07:45:09 (17 hours ago)	WordPress login brute-force detected by Fail2Ban in plesk-wordpress jail	Brute-Force Web App Attack
🇫🇷 tilellit.pro	2026-06-17 07:41:27 (17 hours ago)	Fail2Ban banned 5.252.185.197 for security violations in jail wp-armour. Log: 2026/06/17 07:41:26 [e ... show more Fail2Ban banned 5.252.185.197 for security violations in jail wp-armour. Log: 2026/06/17 07:41:26 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 5.252.185.197 \| Target: wplogin" , client: 5.252.185.197, server: [REDACTED], request: "POST /wp-login.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED] ... show less	Web Spam
🇺🇸 TPI-Abuse	2026-06-16 19:07:05 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 5.252.185.197 (undefined.hostname.localhost): 1 ... show more (mod_security) mod_security (id:225170) triggered by 5.252.185.197 (undefined.hostname.localhost): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 15:06:58.822809 2026] [security2:error] [pid 21032:tid 21032] [client 5.252.185.197:47891] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|emelecsrl.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "emelecsrl.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajGe0q4Ppi6f6SW1-9nwYgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 tilellit.pro	2026-06-16 18:01:13 (1 day ago)	Fail2Ban banned 5.252.185.197 for security violations in jail wp-armour. Log: 2026/06/16 18:01:12 [e ... show more Fail2Ban banned 5.252.185.197 for security violations in jail wp-armour. Log: 2026/06/16 18:01:12 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 5.252.185.197 \| Target: wplogin" , client: 5.252.185.197, server: [REDACTED], request: "POST /wp-login.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED] ... show less	Web Spam
🇺🇸 TPI-Abuse	2026-06-16 17:46:02 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 5.252.185.197 (undefined.hostname.localhost): 1 ... show more (mod_security) mod_security (id:225170) triggered by 5.252.185.197 (undefined.hostname.localhost): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 13:45:57.662669 2026] [security2:error] [pid 9174:tid 9174] [client 5.252.185.197:34765] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|thesalonx.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "thesalonx.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajGL1exCKtX1ZHBfccObxQAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 16:32:26 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 5.252.185.197 (undefined.hostname.localhost): 1 ... show more (mod_security) mod_security (id:225170) triggered by 5.252.185.197 (undefined.hostname.localhost): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 12:32:22.457748 2026] [security2:error] [pid 7861:tid 7861] [client 5.252.185.197:56333] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|evolute.io\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "evolute.io"] [uri "/wp-json/wp/v2/users"] [unique_id "ajF6lpKwP12Cfa28CqRSIwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 16:15:25 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 5.252.185.197 (undefined.hostname.localhost): 1 ... show more (mod_security) mod_security (id:225170) triggered by 5.252.185.197 (undefined.hostname.localhost): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 12:15:17.103186 2026] [security2:error] [pid 29607:tid 29607] [client 5.252.185.197:0] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|hvacs-aircon.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "hvacs-aircon.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajF2lFHdFmWZszS1c7vESQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 nyt	2026-06-16 16:12:30 (1 day ago)	WP User Enumeration	Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 15:47:51 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 5.252.185.197 (undefined.hostname.localhost): 1 ... show more (mod_security) mod_security (id:225170) triggered by 5.252.185.197 (undefined.hostname.localhost): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 11:47:47.683724 2026] [security2:error] [pid 29557:tid 29557] [client 5.252.185.197:37673] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.zezel.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.zezel.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajFwI3IZBlKl1i2_gQXL4gAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 FeG Deutschland	2026-06-16 15:10:23 (1 day ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 2	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 14:59:28 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 5.252.185.197 (undefined.hostname.localhost): 1 ... show more (mod_security) mod_security (id:225170) triggered by 5.252.185.197 (undefined.hostname.localhost): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 10:59:23.675241 2026] [security2:error] [pid 15285:tid 15285] [client 5.252.185.197:37463] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|804web.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "804web.net"] [uri "/wp-json/wp/v2/users"] [unique_id "ajFky56QMGGcQJOKMGEQ7wAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇸🇬 securejdprop	2026-06-16 04:47:45 (1 day ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-probing. crowdsecurity/http-probing	Hacking Web App Attack
🇮🇹 VHosting	2026-06-10 19:25:03 (1 week ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇹🇷 baku.hosting	2026-06-10 19:21:52 (1 week ago)	CSF Auto Report: (cpanel) Failed cPanel login from 5.252.185.197 (MZ/Mozambique/undefined.hostname.l ... show more CSF Auto Report: (cpanel) Failed cPanel login from 5.252.185.197 (MZ/Mozambique/undefined.hostname.localhost): 4 in the last 3600 secs show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 15:53:37 (1 week ago)	(mod_security) mod_security (id:225170) triggered by 5.252.185.197 (undefined.hostname.localhost): 1 ... show more (mod_security) mod_security (id:225170) triggered by 5.252.185.197 (undefined.hostname.localhost): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 11:53:31.324927 2026] [security2:error] [pid 8478:tid 8478] [client 5.252.185.197:13451] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.veneerdent.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.veneerdent.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aimIe6t0ID1K6Eo_vtQlpAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 187.1.166.90

🇷🇺 95.215.108.47

🇪🇸 77.81.92.47

🇨🇳 59.175.212.114

🇷🇴 2.57.121.25

🇺🇸 185.251.19.97

🇸🇬 167.99.66.42

🇳🇱 158.94.210.205

🇺🇸 147.185.132.105

🇨🇳 140.206.194.146

🇫🇮 138.124.5.60

🇻🇳 123.30.202.30

🇰🇷 118.131.69.86

🇺🇸 98.80.4.104

🇧🇾 86.57.206.207

🇪🇸 79.145.208.131

🇺🇸 66.132.186.243

🇳🇱 34.12.110.200

🇨🇳 218.58.73.238

🇺🇸 188.213.202.27