JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.132.53.150

185.132.53.150 was found in our database!

This IP was reported 210 times. Confidence of Abuse is 94%: ?

94%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	Julian Achter
Usage Type	Data Center/Web Hosting/Transit
ASN	AS211507
Hostname(s)	tor-01.sy.st
Domain Name	aluy.net
Country	🇳🇱 Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.132.53.150

Whois 185.132.53.150

IP Abuse Reports for 185.132.53.150:

This IP address has been reported a total of 210 times from 106 distinct sources. 185.132.53.150 was first reported on September 24th 2025, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 FeG Deutschland	2026-06-23 13:16:23 (4 hours ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 127	Exploited Host Web App Attack
🇩🇪 4server	2026-06-22 09:04:30 (1 day ago)	[MonJun2211:04:27.5435862026][security2:error][pid1827422:tid1827452][client185.132.53.150:0]ModSecu ... show more [MonJun2211:04:27.5435862026][security2:error][pid1827422:tid1827452][client185.132.53.150:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"mgevents.ch\"][uri\"/xmlrpc.php\"][unique_id\"ajj6m-ZgXy0B4MlcW3g1ZAAAABM\"]\,referer:https://mgevents.ch/xmlrpc.php show less	Port Scan Brute-Force Web App Attack
🇮🇩 securejdprop	2026-06-22 04:43:35 (1 day ago)	This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET DROP Spamhaus D ... show more This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET DROP Spamhaus DROP Listed Traffic Inbound group 38). Ip 185.132.53.150 performed 'crowdsecurity/suricata-major-severity' (1 events over 0s) at 2026-06-22 04:43:34.360361721 +0000 UTC show less	Hacking Web App Attack
🇩🇪 LRob.fr	2026-06-18 23:15:04 (4 days ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇩🇪 4server	2026-06-18 13:28:24 (5 days ago)	[ThuJun1815:28:18.1963412026][security2:error][pid893877:tid893892][client185.132.53.150:0]ModSecuri ... show more [ThuJun1815:28:18.1963412026][security2:error][pid893877:tid893892][client185.132.53.150:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"acquaallaspina.ch\"][uri\"/.DS_Store\"][unique_id\"ajPycvpxdeY2x9dyg1EAEgAAAMw\"] show less	Port Scan Brute-Force Web App Attack
🇩🇪 LRob.fr	2026-06-17 23:00:07 (5 days ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇧🇷 SOC PR	2026-06-17 09:54:48 (6 days ago)	IPS: PHPUnit Command Injection (CVE-2017-9841).	Web App Attack
🇩🇪 LRob.fr	2026-06-15 19:00:18 (1 week ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇮🇪 RoboSOC	2026-06-15 11:10:08 (1 week ago)	ThinkPHP Remote Code Execution Vulnerability , PTR: tor-01.sy.st.	Web App Attack
🇩🇪 ger-stg-sifi1	2026-06-14 14:55:10 (1 week ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇩🇪 4server	2026-06-10 15:53:48 (1 week ago)	[WedJun1017:53:46.5093562026][security2:error][pid589285:tid589305][client185.132.53.150:0]ModSecuri ... show more [WedJun1017:53:46.5093562026][security2:error][pid589285:tid589305][client185.132.53.150:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"studio-portale.ch\"][uri\"/xmlrpc.php\"][unique_id\"aimIiu_RlbbiRN6HP3KuVAAAAAg\"] show less	Port Scan Brute-Force Web App Attack
Anonymous	2026-06-09 16:30:34 (2 weeks ago)	Failed login attempt detected by Fail2Ban in plesk-postfix jail	Brute-Force
🇺🇸 xmission.com	2026-06-09 12:19:55 (2 weeks ago)	185.132.53.150 - - [09/Jun/2026:06:19:55 -0600] "GET /xmlrpc.php HTTP/1.1" 302 138 "-" "Mozilla/5.0 ... show more 185.132.53.150 - - [09/Jun/2026:06:19:55 -0600] "GET /xmlrpc.php HTTP/1.1" 302 138 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" ... show less	Web App Attack
🇫🇮 nNordic	2026-06-09 09:12:18 (2 weeks ago)	Connection attempt blocked by IDS/IPS from 185.132.53.150/32	Hacking
🇺🇸 cwytech	2026-06-09 06:00:34 (2 weeks ago)	Fleet-wide ban from the Ghostfleet 👻. Triggered by scenario: cwy/web-asn-lockdown-high.	Bad Web Bot Web App Attack

Showing 1 to 15 of 210 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 141.11.88.101

🇧🇬 193.24.211.107

🇺🇸 185.170.167.18

🇳🇱 176.65.148.2

🇺🇸 172.210.68.2

🇦🇺 170.64.134.120

🇬🇧 159.148.158.168

🇸🇬 152.32.218.149

🇨🇳 115.190.154.102

🇮🇪 80.233.36.155

🇺🇸 45.156.129.141

🇨🇦 16.52.171.239

🇮🇳 13.201.80.225

🇳🇱 2001:67c:e60:c0c:192:42:116:60

🇨🇳 218.92.236.102

🇮🇩 202.152.201.166

🇧🇷 191.58.248.53

🇩🇪 167.94.146.57

🇭🇰 165.154.43.179

🇦🇷 152.168.253.145