JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 112.94.11.245

112.94.11.245 was found in our database!

This IP was reported 153 times. Confidence of Abuse is 95%: ?

95%

ISP	United-Communications-Network-Technology-Co-Ltd, GuangZhou
Usage Type	Fixed Line ISP
ASN	AS17622
Domain Name	chinaunicom.cn
Country	🇨🇳 China
City	Guangzhou, Guangdong

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 112.94.11.245

Whois 112.94.11.245

IP Abuse Reports for 112.94.11.245:

This IP address has been reported a total of 153 times from 91 distinct sources. 112.94.11.245 was first reported on December 20th 2025, and the most recent report was 18 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇭🇺 bcsaba	2026-06-14 22:34:24 (18 hours ago)	Probing for .env file: 112.94.11.245 - - [15/Jun/2026:00:34:22 +0200] "GET /.env HTTP/1.1" 400 632 " ... show more Probing for .env file: 112.94.11.245 - - [15/Jun/2026:00:34:22 +0200] "GET /.env HTTP/1.1" 400 632 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0" show less	Web App Attack
🇧🇪 voormedia	2026-06-14 18:02:36 (23 hours ago)	Accessed trap at '/.env'	Web App Attack
🇧🇷 Halux	2026-06-14 01:39:54 (1 day ago)	112.94.11.245 Probing protected path or service	Web App Attack
🇩🇪 big-cloud.nl	2026-06-13 23:26:14 (1 day ago)	Try to access /.env	Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 19:40:18 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 112.94.11.245 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 112.94.11.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 15:40:11.077095 2026] [security2:error] [pid 12156:tid 12156] [client 112.94.11.245:58484] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.holtzheimer.net"] [uri "/.env"] [unique_id "ai2yG8qO0NDarywng4EmpwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 paulshipley.com.au	2026-06-13 17:34:27 (1 day ago)	[Sun Jun 14 03:34:26.911546 2026] [security2:error] [pid 806652] [client 112.94.11.245:48852] [clien ... show more [Sun Jun 14 03:34:26.911546 2026] [security2:error] [pid 806652] [client 112.94.11.245:48852] [client 112.94.11.245] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "winesbydesign.com.au"] [uri "/.env"] [unique_id "ai2UokHHcClZeB9ocwED9AAAAA8"], referer: https://www.winesbydesign.com.au/.env ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 16:21:25 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 112.94.11.245 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 112.94.11.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 12:21:20.466072 2026] [security2:error] [pid 6315:tid 6315] [client 112.94.11.245:39928] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "notimallinckrodt.com.ar"] [uri "/.env"] [unique_id "ai2DgBqpURQ9tpMvqMgSsAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 voormedia	2026-06-13 10:45:20 (2 days ago)	Accessed trap at '/.env'	Web App Attack
🇬🇧 openstrike.co.uk	2026-06-13 05:14:29 (2 days ago)	3 attacks on env grabbing URLs: GET /.env HTTP/1.1	Hacking
🇺🇸 TPI-Abuse	2026-06-13 01:06:27 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 112.94.11.245 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 112.94.11.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 21:06:23.537595 2026] [security2:error] [pid 12795:tid 12795] [client 112.94.11.245:57702] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "xygil.tracybur.net"] [uri "/.env"] [unique_id "aiytDx7aujKbZK9v7vJzmQAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 conrad10781	2026-06-13 00:39:45 (2 days ago)	nginx-dot-env	Web App Attack
🇺🇸 almazick	2026-06-13 00:35:55 (2 days ago)	Fail2Ban jail window on srv1.windowrepair.us banned 112.94.11.245 after 1 attempts	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 23:45:45 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 112.94.11.245 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 112.94.11.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 19:45:41.979296 2026] [security2:error] [pid 29809:tid 29809] [client 112.94.11.245:40448] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.rdu.us"] [uri "/.env"] [unique_id "aiyaJTDEmTHmRDYxsOML5QAAADA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 23:13:21 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 112.94.11.245 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 112.94.11.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 19:13:16.676716 2026] [security2:error] [pid 13779:tid 13787] [client 112.94.11.245:51372] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.doorways.dk"] [uri "/.env"] [unique_id "aiySjPH4erGtdvIuhVFO9AAAAUQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-12 23:05:05 (2 days ago)	Blocked: Reason='Suspicious traffic score=60 (review-based detection)'; Requests=8	Hacking

Showing 1 to 15 of 153 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 218.207.25.249

🇺🇸 192.119.99.178

🇷🇺 185.94.111.1

🇺🇸 170.9.16.186

🇨🇳 163.179.39.100

🇧🇷 138.117.146.212

🇺🇸 65.49.1.167

🇳🇱 45.156.87.34

🇺🇸 152.32.207.179

🇯🇵 140.83.33.115

🇮🇹 93.92.76.163

🇳🇱 45.148.10.141

🇭🇰 43.134.196.236

🇦🇺 34.151.73.168

🇺🇸 34.106.19.187

🇸🇬 34.21.198.156

🇺🇸 216.250.250.167

🇺🇸 216.25.89.149

🇯🇴 212.35.69.83

🇹🇭 202.29.220.126