JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.112.144.11

185.112.144.11 was found in our database!

This IP was reported 349 times. Confidence of Abuse is 50%: ?

50%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	The 1984 cloud net 1
Usage Type	Data Center/Web Hosting/Transit
ASN	AS44925
Hostname(s)	iceland.exit.maxzrbn.it
Domain Name	1984.is
Country	🇮🇸 Iceland
City	Reykjavik, Capital Region

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.112.144.11

Whois 185.112.144.11

IP Abuse Reports for 185.112.144.11:

This IP address has been reported a total of 349 times from 104 distinct sources. 185.112.144.11 was first reported on February 8th 2022, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇮 as211431.net	2026-06-26 02:18:07 (2 days ago)	Triggered Cloudflare WAF (firewallCustom) from T1. Action taken: MANAGED_CHALLENGE Protocol: HTTP/2 ... show more Triggered Cloudflare WAF (firewallCustom) from T1. Action taken: MANAGED_CHALLENGE Protocol: HTTP/2 (GET method) Endpoint: /index.php UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-25 15:50:51 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 185.112.144.11 (iceland.exit.maxzrbn.it): 1 in ... show more (mod_security) mod_security (id:210492) triggered by 185.112.144.11 (iceland.exit.maxzrbn.it): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 11:50:46.179739 2026] [security2:error] [pid 15823:tid 15823] [client 185.112.144.11:5255] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "websitesforauthors.design"] [uri "/.git/config"] [unique_id "aj1OVjtAgdp4k4fOS4vcZAAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 05:00:16 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 185.112.144.11 (iceland.exit.maxzrbn.it): 1 in ... show more (mod_security) mod_security (id:210492) triggered by 185.112.144.11 (iceland.exit.maxzrbn.it): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 01:00:08.554715 2026] [security2:error] [pid 15920:tid 15920] [client 185.112.144.11:37779] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.tracklocross.com"] [uri "/.git/config"] [unique_id "aiuSWL1PynefeBL-XYKumQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-11 11:50:03 (2 weeks ago)	Web App Attack, Hacking	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 03:48:26 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 185.112.144.11 (iceland.exit.maxzrbn.it): 1 in ... show more (mod_security) mod_security (id:210492) triggered by 185.112.144.11 (iceland.exit.maxzrbn.it): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 23:48:18.463654 2026] [security2:error] [pid 15889:tid 15907] [client 185.112.144.11:45084] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.upperwilds.com"] [uri "/.git/config"] [unique_id "aiowAnsfVI5mqUviveFx6AAAAJA"] show less	Brute-Force Bad Web Bot Web App Attack
🇸🇰 DSSYSTEMS	2026-06-09 13:41:13 (2 weeks ago)	Automatic report from DSS firewall log.	Port Scan Hacking Brute-Force
🇫🇮 nNordic	2026-06-09 10:19:14 (2 weeks ago)	Connection attempt blocked by IDS/IPS from 185.112.144.11/32	Hacking
🇸🇪 NordhTech	2026-06-07 20:45:21 (2 weeks ago)	More than 3 malicious connection attempts, trying port(s) 5222/tcp, then blocked from services ...	Port Scan Hacking
🇳🇱 homeshowdomain.nl	2026-06-05 21:59:06 (3 weeks ago)	Auto-ban: >3000 req/min op 2026-06-05	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-06-01 05:00:08 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 185.112.144.11 (iceland.exit.maxzrbn.it): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 185.112.144.11 (iceland.exit.maxzrbn.it): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 01:00:00.040348 2026] [security2:error] [pid 15154:tid 15154] [client 185.112.144.11:18756] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|lonb.org\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "lonb.org"] [uri "/dump.sql"] [unique_id "ah0R0P5NVE1QrnFQe1PstAAAAAY"], referer: lonb.org/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 taivas.nl	2026-06-01 04:32:23 (3 weeks ago)	Many_bad_calls	Web App Attack
🇧🇪 taivas.nl	2026-05-31 11:02:08 (3 weeks ago)	Bad_requests	Bad Web Bot
🇳🇱 homeshowdomain.nl	2026-05-25 22:02:15 (1 month ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-24. show less	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-05-25 20:55:32 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 185.112.144.11 (iceland.exit.maxzrbn.it): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 185.112.144.11 (iceland.exit.maxzrbn.it): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 16:55:27.428517 2026] [security2:error] [pid 26461:tid 26461] [client 185.112.144.11:14642] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|platformintelligence.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "platformintelligence.com"] [uri "/dump.sql"] [unique_id "ahS3P13LjKzmEDc7L9WpfQAAAA0"], referer: platformintelligence.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 nowyouknow	2026-05-25 01:58:21 (1 month ago)	(From [email protected]) dz1ssm	Phishing Web Spam

Showing 1 to 15 of 349 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇺 176.118.166.183

🇨🇳 103.213.72.102

🇮🇳 103.110.237.58

🇷🇺 84.54.44.204

🇰🇷 20.214.157.235

🇮🇳 20.207.195.253

🇺🇸 20.64.104.78

🇨🇳 14.103.123.206

🇩🇪 8.211.36.238

🇺🇸 162.216.150.79

🇸🇪 130.49.77.77

🇨🇳 113.213.63.70

🇨🇳 112.94.97.83

🇵🇱 109.205.211.153

🇮🇳 103.68.29.85

🇷🇺 93.91.6.75

🇸🇪 82.209.148.60

🇺🇸 73.55.194.114

🇺🇸 50.35.168.148

🇩🇪 47.245.143.56