JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.141.213.61

185.141.213.61 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 85%: ?

85%

ISP	Asiatech Data Transmission company
Usage Type	Fixed Line ISP
ASN	AS43754
Domain Name	asiatech.ir
Country	🇮🇷 Iran (Islamic Republic of)
City	Tehran, Tehran

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.141.213.61

Whois 185.141.213.61

IP Abuse Reports for 185.141.213.61:

This IP address has been reported a total of 19 times from 17 distinct sources. 185.141.213.61 was first reported on June 8th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇿 Countryman	2026-06-09 10:18:32 (1 week ago)	repeated unauthorized connection attempts, host sweep, port scan	Port Scan
🇫🇷 Selckie	2026-06-09 09:38:38 (1 week ago)	fail2ban: NGINX unusual impact	Web App Attack
🇹🇭 Sawasdee	2026-06-09 07:18:05 (1 week ago)	Unwanted checking 80 or 443 port ...	Bad Web Bot
🇩🇪 evilrave	2026-06-09 06:48:01 (1 week ago)	185.141.213.61 - - [09/Jun/2026:06:48:01 +0000] "GET /.git/config HTTP/1.1" 444 0 Host="[REDACTED_IP ... show more 185.141.213.61 - - [09/Jun/2026:06:48:01 +0000] "GET /.git/config HTTP/1.1" 444 0 Host="[REDACTED_IP]" SNI="-" ... show less	Bad Web Bot
🇺🇸 MPL	2026-06-09 05:47:30 (1 week ago)	tcp port scan (13 or more attempts)	Port Scan
🇩🇪 Roper123	2026-06-09 05:43:22 (1 week ago)	Web exploits	Web App Attack
🇵🇱 Wepted	2026-06-09 05:31:57 (1 week ago)	Port scan detected by honeypot	Port Scan Hacking
🇩🇪 mediacenter	2026-06-09 04:52:27 (1 week ago)	Port scans.	Port Scan
Anonymous	2026-06-09 03:30:05 (1 week ago)	2026-06-09T03:30:05.147750+00:00 caddy caddy[63377]: {"level":"info","ts":1780975805.1474917,"logger ... show more 2026-06-09T03:30:05.147750+00:00 caddy caddy[63377]: {"level":"info","ts":1780975805.1474917,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"185.141.213.61","remote_port":"38098","client_ip":"185.141.213.61","proto":"HTTP/1.1","method":"GET","host":"142.132.232.19","uri":"/.git/HEAD","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"],"Connection":["close"],"Accept-Encoding":["gzip"]}},"bytes_read":0,"user_id":"","duration":0.000077681,"size":0,"status":308,"resp_headers":{"Connection":["close"],"Location":["https://142.132.232.19/.git/HEAD"],"Content-Type":[],"Server":["Caddy"]}} ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-09 02:39:44 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 185.141.213.61 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 185.141.213.61 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 22:39:36.951243 2026] [security2:error] [pid 28142:tid 28142] [client 185.141.213.61:43498] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.248"] [uri "/.git/config"] [unique_id "aid86LHWdPQuYOlNawklZQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 RAP	2026-06-09 01:50:05 (1 week ago)	2026-06-09 01:50:05 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇺🇸 itsnixk	2026-06-09 01:14:20 (1 week ago)	(mod_security) mod_security (id:920350) triggered by 185.141.213.61 (IR/Iran/-): 1 in the last 3600 ... show more (mod_security) mod_security (id:920350) triggered by 185.141.213.61 (IR/Iran/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Mon Jun 08 21:14:15.373958 2026] [security2:error] [pid 74318:tid 74415] [client 185.141.213.61:41848] ModSecurity: Access denied with code 406 (phase 1). Pattern match "(?:^([\\\\d.]+\|\\\\[[\\\\da-f:]+\\\\]\|[\\\\da-f:]+)(:[\\\\d]+)?$)" at REQUEST_HEADERS:Host. [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "773"] [id "920350"] [msg "Host header is a numeric IP address"] [redacted] [severity "WARNING"] [ver "OWASP_CRS/4.26.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [redacted] [uri "/wp-config.php"] [unique_id "aido58F7HPO0F5Fd-XKACgAAAA4"] show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-08 19:51:13 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 185.141.213.61 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 185.141.213.61 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 15:51:09.003498 2026] [security2:error] [pid 5262:tid 5262] [client 185.141.213.61:49292] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.101"] [uri "/.git/config"] [unique_id "aicdLUF9PCE-iwzpx3o2NgAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 DrLex0	2026-06-08 19:49:58 (1 week ago)	Probing for various exploits 185.141.213.61 80 - [08/Jun/2026:19:48:46 +0000] "GET /.aws/credential ... show more Probing for various exploits 185.141.213.61 80 - [08/Jun/2026:19:48:46 +0000] "GET /.aws/credentials HTTP/1.1" 404 2402 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.1.15" 185.141.213.61 80 - [08/Jun/2026:19:48:55 +0000] "GET /config/database.yml HTTP/1.1" 404 2402 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" 185.141.213.61 443 - [08/Jun/2026:19:49:08 +0000] "GET /server-status HTTP/1.1" 403 4751 "-" "Mozilla/5.0 (Linux; Android 14; Pixel 8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Mobile Safari/537.36" 185.141.213.61 80 - [08/Jun/2026:19:49:20 +0000] "GET /config.php HTTP/1.1" 404 2402 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0" 185.141.213.61 443 - [08/Jun/2026:19:49:58 +0000] "GET /.htpasswd HTTP/1.1" 503 4157 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14.4; rv:125.0) Gecko/20100101 Firefox/125.0" show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 keep_out	2026-06-08 19:35:34 (1 week ago)	89-nginx-404 ...	Bad Web Bot Web App Attack

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇺 213.180.203.138

🇬🇧 193.104.58.21

🇷🇴 193.46.255.86

🇧🇷 164.163.105.145

🇻🇳 163.227.160.75

🇺🇸 136.117.188.177

🇯🇵 43.165.170.119

🇧🇪 198.235.24.152

🇧🇷 187.45.95.66

🇺🇸 162.243.0.195

🇨🇳 120.228.11.73

🇺🇸 103.234.62.70

🇮🇩 103.153.190.105

🇺🇸 52.160.224.116

🇧🇪 35.205.205.249

🇨🇳 222.214.141.12

🇮🇳 182.78.240.94

🇨🇳 111.23.146.60

🇭🇰 101.36.119.146

🇸🇬 34.158.63.207