AbuseIPDB » 80.255.13.7

80.255.13.7 was found in our database!

This IP was reported 38 times. Confidence of Abuse is 15%: ?

15%

ISP	PRIVAX LTD
Usage Type	Data Center/Web Hosting/Transit
ASN	AS201011
Hostname(s)	backup1.upjersnet.de
Domain Name	core-backbone.com
Country	Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 80.255.13.7

Whois 80.255.13.7

IP Abuse Reports for 80.255.13.7:

This IP address has been reported a total of 38 times from 26 distinct sources. 80.255.13.7 was first reported on May 28th 2022, and the most recent report was 3 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
Anonymous	2025-06-15 18:00:55 (3 hours ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2025-06-10 02:35:04 (5 days ago)	BruteForce IMAP/POP3	Brute-Force
silisoftware.com	2024-12-27 22:43:11 (5 months ago)	/<domain>.sql	Web App Attack
Anonymous	2024-11-24 11:57:54 (6 months ago)	Action: Block, Reason: DDOS attack detected	DDoS Attack
TPI-Abuse	2024-09-10 20:38:37 (9 months ago)	(mod_security) mod_security (id:225170) triggered by 80.255.13.7 (backup1.upjersnet.de): 1 in the la ... show more(mod_security) mod_security (id:225170) triggered by 80.255.13.7 (backup1.upjersnet.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 10 16:38:32.747315 2024] [security2:error] [pid 4439:tid 4439] [client 80.255.13.7:41231] [client 80.255.13.7] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.transparentforest.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.transparentforest.com"] [uri "/blog/wp-json/wp/v2/users/"] [unique_id "ZuCuSFBpD8Eh-_L5SRPP0AAAADA"] show less	Brute-Force Bad Web Bot Web App Attack
BestFans.com	2024-09-08 11:55:40 (9 months ago)	Credential brute-force attacks on webpage logins	Brute-Force
Anonymous	2024-08-31 10:51:51 (9 months ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
syokadmin	2024-08-29 21:51:38 (9 months ago)	*Port Scan* detected from 80.255.13.7 (DE/Germany/backup1.upjersnet.de). 11 hits in the last 41 seco ... show more*Port Scan* detected from 80.255.13.7 (DE/Germany/backup1.upjersnet.de). 11 hits in the last 41 seconds show less	Port Scan Brute-Force
TPI-Abuse	2024-07-30 23:55:13 (10 months ago)	(mod_security) mod_security (id:210730) triggered by 80.255.13.7 (backup1.upjersnet.de): 1 in the la ... show more(mod_security) mod_security (id:210730) triggered by 80.255.13.7 (backup1.upjersnet.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 30 19:55:07.619348 2024] [security2:error] [pid 1530724:tid 1530742] [client 80.255.13.7:6352] [client 80.255.13.7] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||switchbl8.nl|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "switchbl8.nl"] [uri "/switchbl8.sql"] [unique_id "Zql9W3w79NqnbvfbutxqFgAAARA"] show less	Brute-Force Bad Web Bot Web App Attack
10dencehispahard SL	2024-02-29 07:02:25 (1 year ago)	Unauthorized login attempts [ accesslogs]	Brute-Force
TPI-Abuse	2024-02-29 06:31:33 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 80.255.13.7 (backup1.upjersnet.de): 1 in the la ... show more(mod_security) mod_security (id:210730) triggered by 80.255.13.7 (backup1.upjersnet.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 29 01:31:28.681647 2024] [security2:error] [pid 23884:tid 47387078919936] [client 80.255.13.7:10360] [client 80.255.13.7] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||neotienda.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "neotienda.com"] [uri "/mysql.sql"] [unique_id "ZeAkwHJufT-WUquMEZ4ESgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
www.unitiz.com	2024-02-29 06:23:39 (1 year ago)	Probing non-existent URLs	Bad Web Bot Web App Attack
Ba-Yu	2024-02-29 06:11:43 (1 year ago)	General hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack
Might Man	2023-12-06 12:25:06 (1 year ago)	h	Hacking Exploited Host Web App Attack
CrystalMaker	2023-12-05 20:03:16 (1 year ago)	Wordpress attack - GET //wp-includes/wlwmanifest.xml; GET //blog/wp-includes/wlwmanifest.xml; GET // ... show moreWordpress attack - GET //wp-includes/wlwmanifest.xml; GET //blog/wp-includes/wlwmanifest.xml; GET //web/wp-includes/wlwmanifest.xml; GET //wordpress/wp-includes/wlwmanifest.xml; GET //website/wp-includes/wlwmanifest.xml; GET //wp/wp-includes/wlwmanifest.xml; GET //news/wp-includes/wlwmanifest.xml; GET //2018/wp-includes/wlwmanifest.xml; GET //2019/wp-includes/wlwmanifest.xml; GET //shop/wp-includes/wlwmanifest.xml; GET //wp1/wp-includes/wlwmanifest.xml; GET //test/wp-includes/wlwmanifest.xml; GET //media/wp-includes/wlwmanifest.xml; GET //wp2/wp-includes/wlwmanifest.xml; GET //site/wp-includes/wlwmanifest.xml; GET //cms/wp-includes/wlwmanifest.xml; GET //sito/wp-includes/wlwmanifest.xml show less	Web App Attack

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩