JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.209.199.120

185.209.199.120 was found in our database!

This IP was reported 38 times. Confidence of Abuse is 43%: ?

43%

ISP	31173 Services AB infrastructure in Gothenburg, SE.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS39351
Domain Name	31173.se
Country	🇸🇪 Sweden
City	Gothenburg, Vastra Gotaland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.209.199.120

Whois 185.209.199.120

IP Abuse Reports for 185.209.199.120:

This IP address has been reported a total of 38 times from 26 distinct sources. 185.209.199.120 was first reported on July 8th 2024, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇳 pengpeng	2026-06-22 01:03:54 (5 days ago)	monitor: on VM-0-7-ubuntu \| port: 12826 \| ttl: 251 script: github.com/sefinek/UFW-AbuseIPDB-Reporte ... show more monitor: on VM-0-7-ubuntu \| port: 12826 \| ttl: 251 script: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇩🇪 FeG Deutschland	2026-06-12 14:04:13 (2 weeks ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 28	Exploited Host Web App Attack
🇺🇸 aks4226	2026-06-02 12:04:38 (3 weeks ago)	Bot search, attacking common web applications.	Web App Attack
🇨🇱 SinaiCL	2026-05-30 20:27:47 (3 weeks ago)	Automated Nginx block. Attack type: Scan for config files. Total malicious requests: 2 across multip ... show more Automated Nginx block. Attack type: Scan for config files. Total malicious requests: 2 across multiple servers. show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-29 12:14:34 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 185.209.199.120 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.209.199.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 08:14:28.361012 2026] [security2:error] [pid 28158:tid 28166] [client 185.209.199.120:52192] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "faimreps.com"] [uri "/.git/index"] [unique_id "ahmDJJi1qsk7Bia6XoaEKQAAAQY"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 bescared	2026-05-29 12:14:00 (4 weeks ago)	WAF (2) - Malicious activity detected: URL probing.	Bad Web Bot Web App Attack Hacking
🇺🇸 TPI-Abuse	2026-05-29 11:54:47 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 185.209.199.120 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.209.199.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 07:54:41.665467 2026] [security2:error] [pid 5885:tid 5885] [client 185.209.199.120:56234] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "elcalamo.com"] [uri "/.git/index"] [unique_id "ahl-gTh_uq72g1XE4TIm0gAAACQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-29 11:37:51 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 185.209.199.120 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.209.199.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 07:37:46.011406 2026] [security2:error] [pid 6060:tid 6060] [client 185.209.199.120:44310] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "efhgtc.org"] [uri "/.git/index"] [unique_id "ahl6is8hfmw2xNBw_dfWBQAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Ba-Yu	2026-05-29 11:17:33 (4 weeks ago)	General hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-05-29 11:16:52 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 185.209.199.120 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.209.199.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 07:16:46.127000 2026] [security2:error] [pid 3370:tid 3418] [client 185.209.199.120:39466] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "econpage.com"] [uri "/.git/index"] [unique_id "ahl1ngsqKyeA2VNZ5JfDUAAAAE4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-29 10:06:43 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 185.209.199.120 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.209.199.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 06:06:37.941477 2026] [security2:error] [pid 14755:tid 14755] [client 185.209.199.120:54880] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "centuryabsinthe.com"] [uri "/.git/index"] [unique_id "ahllLdFUJJn-SHxaZw2WxQAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 big-cloud.nl	2026-05-29 09:44:21 (4 weeks ago)	Try to access /.git/index	Web App Attack
🇬🇧 Oakley	2026-05-29 09:42:13 (4 weeks ago)	(confirmed_bot_sig) Confirmed bot	Hacking
🇺🇸 TPI-Abuse	2026-05-29 09:37:28 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 185.209.199.120 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.209.199.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 05:37:23.672133 2026] [security2:error] [pid 29195:tid 29195] [client 185.209.199.120:35804] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "catholicshopper.com"] [uri "/.git/index"] [unique_id "ahleU828gmcTepXnqYiXbAAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-29 09:01:55 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 185.209.199.120 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.209.199.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 05:01:50.837323 2026] [security2:error] [pid 17933:tid 17933] [client 185.209.199.120:47526] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "caquintet.com"] [uri "/.git/index"] [unique_id "ahlV_iS27XcEMc51V3bgkQAAABE"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 38 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇱 201.219.234.176

🇮🇹 195.32.116.228

🇺🇸 173.252.82.146

🇺🇸 128.203.200.235

🇭🇰 101.36.111.155

🇳🇱 45.148.10.151

🇨🇳 42.123.123.238

🇺🇸 173.252.82.148

🇧🇬 162.158.210.32

🇨🇳 116.179.32.141

🇺🇸 2607:f8b0:4001:c10::121

🇩🇪 172.217.34.20

🇨🇦 165.22.228.212

🇺🇸 152.232.60.10

🇺🇸 107.172.118.5

🇺🇸 47.41.20.82

🇳🇱 45.148.10.157

🇺🇸 34.138.209.94

🇺🇸 2602:feda:f39f:fb6c:d299:ff01:7999:da2

🇳🇱 195.178.110.30