JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.139.214.166

185.139.214.166 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 61%: ?

61%

ISP	ALEXHOST SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200019
Hostname(s)	goga5
Domain Name	alexhost.com
Country	🇺🇸 United States of America
City	Las Vegas, Nevada

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.139.214.166

Whois 185.139.214.166

IP Abuse Reports for 185.139.214.166:

This IP address has been reported a total of 19 times from 11 distinct sources. 185.139.214.166 was first reported on June 22nd 2026, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-23 17:59:56 (2 hours ago)	(mod_security) mod_security (id:210730) triggered by 185.139.214.166 (goga5): 1 in the last 300 secs ... show more (mod_security) mod_security (id:210730) triggered by 185.139.214.166 (goga5): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 13:59:51.525052 2026] [security2:error] [pid 32538:tid 32538] [client 185.139.214.166:58860] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|tsiwny.org\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "tsiwny.org"] [uri "/wp-content/debug.log"] [unique_id "ajrJlx29fzuakmcV4B28zAAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-23 17:57:54 (2 hours ago)	[Drupal AbuseIPDB module] Request path is blacklisted. /wp-content/debug.log	Web App Attack
Anonymous	2026-06-23 15:44:16 (4 hours ago)	[23/Jun/2026:18:44:13 +0300] 178222945343.107208 185.139.214.166 55782 148.251.76.218 443 [23/Jun/20 ... show more [23/Jun/2026:18:44:13 +0300] 178222945343.107208 185.139.214.166 55782 148.251.76.218 443 [23/Jun/2026:18:44:15 +0300] 178222945544.327741 185.139.214.166 55794 148.251.76.218 443 show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 13:21:31 (7 hours ago)	(mod_security) mod_security (id:210730) triggered by 185.139.214.166 (goga5): 1 in the last 300 secs ... show more (mod_security) mod_security (id:210730) triggered by 185.139.214.166 (goga5): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 09:21:26.911445 2026] [security2:error] [pid 21424:tid 21424] [client 185.139.214.166:50920] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|tijuana-bibles.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "tijuana-bibles.com"] [uri "/wp-content/debug.log"] [unique_id "ajqIVg312FrgeLnYzahgXQAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 12:10:06 (8 hours ago)	(mod_security) mod_security (id:210730) triggered by 185.139.214.166 (goga5): 1 in the last 300 secs ... show more (mod_security) mod_security (id:210730) triggered by 185.139.214.166 (goga5): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 08:09:58.253607 2026] [security2:error] [pid 14973:tid 14973] [client 185.139.214.166:45856] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|thevenicecafe.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "thevenicecafe.com"] [uri "/wp-content/debug.log"] [unique_id "ajp3ltqFZ5YI6fJM5P3upAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Matthew Ping	2026-06-23 11:45:01 (8 hours ago)	ModSecurity rule 949110 triggered on wp3. Web application attack blocked by CSF/LFD.	Web App Attack Hacking
Anonymous	2026-06-23 10:00:04 (10 hours ago)	[Drupal AbuseIPDB module] Request path is blacklisted. /wp-content/debug.log	Web App Attack
🇧🇪 Ivo Vynckier	2026-06-23 09:50:00 (10 hours ago)	185.139.214.166 - - [22/Jun/2026:21:57:13 +0200] "GET /backup.sql HTTP/1.1" 404 2322 "-" "Mozilla/5. ... show more 185.139.214.166 - - [22/Jun/2026:21:57:13 +0200] "GET /backup.sql HTTP/1.1" 404 2322 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" 185.139.214.166 - - [22/Jun/2026:21:57:14 +0200] "GET /dump.sql HTTP/1.1" 404 2322 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" 185.139.214.166 - - [22/Jun/2026:21:57:15 +0200] "GET /db.sql HTTP/1.1" 404 2322 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 08:25:49 (12 hours ago)	(mod_security) mod_security (id:210730) triggered by 185.139.214.166 (goga5): 1 in the last 300 secs ... show more (mod_security) mod_security (id:210730) triggered by 185.139.214.166 (goga5): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 04:25:44.893765 2026] [security2:error] [pid 7351:tid 7351] [client 185.139.214.166:54482] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|thecrossing1.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "thecrossing1.com"] [uri "/wp-content/debug.log"] [unique_id "ajpDCNuuqKL5a6OYjJXK4wAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 kosada.com	2026-06-23 07:55:05 (12 hours ago)	Web vulnerability probing: /database.sql	Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 07:37:26 (12 hours ago)	(mod_security) mod_security (id:210730) triggered by 185.139.214.166 (goga5): 1 in the last 300 secs ... show more (mod_security) mod_security (id:210730) triggered by 185.139.214.166 (goga5): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 03:37:22.054761 2026] [security2:error] [pid 5086:tid 5086] [client 185.139.214.166:44376] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|thebeeplace.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "thebeeplace.com"] [uri "/wp-content/debug.log"] [unique_id "ajo3svL-449oPAKTvw29TAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 03:22:43 (17 hours ago)	(mod_security) mod_security (id:210730) triggered by 185.139.214.166 (goga5): 1 in the last 300 secs ... show more (mod_security) mod_security (id:210730) triggered by 185.139.214.166 (goga5): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 23:22:37.322751 2026] [security2:error] [pid 27504:tid 27504] [client 185.139.214.166:41242] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|swurgentvet.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "swurgentvet.com"] [uri "/wp-content/debug.log"] [unique_id "ajn7_XGMkuf-jL_IK8FPnwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Matthew Ping	2026-06-23 00:30:01 (19 hours ago)	ModSecurity rule 949110 triggered on dedicated4785. Web application attack blocked by CSF/LFD.	Web App Attack Hacking
🇺🇸 mnsf	2026-06-23 00:18:22 (20 hours ago)	Abuse Detected (5)	Brute-Force Web App Attack
🇺🇸 Lee Daniel	2026-06-22 22:50:52 (21 hours ago)	185.139.214.166 - - [22/Jun/2026:18:50:51 -0400] "GET /backup.sql HTTP/1.1" 403 6273 "-" "Mozilla/5. ... show more 185.139.214.166 - - [22/Jun/2026:18:50:51 -0400] "GET /backup.sql HTTP/1.1" 403 6273 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" ... show less	DDoS Attack Web Spam Email Spam Port Scan Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇬 102.91.72.35

🇳🇱 91.92.40.238

🇳🇱 89.21.67.169

🇺🇸 57.151.105.154

🇺🇸 43.135.134.180

🇺🇸 23.239.11.64

🇧🇷 20.226.81.252

🇳🇱 5.255.104.130

🇧🇪 198.235.24.206

🇺🇸 172.253.0.29

🇺🇸 147.185.132.252

🇨🇦 85.217.149.12

🇺🇿 84.54.70.101

🇨🇳 61.240.17.66

🇷🇺 46.39.254.221

🇺🇸 23.234.104.44

🇰🇷 221.156.126.1

🇹🇼 218.32.102.30

🇺🇸 161.35.129.204

🇺🇸 147.185.132.112