JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.154.110.142

185.154.110.142 was found in our database!

This IP was reported 517 times. Confidence of Abuse is 36%: ?

36%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	Internetport Sweden AB
Usage Type	Data Center/Web Hosting/Transit
ASN	AS49770
Domain Name	internetport.se
Country	🇸🇪 Sweden
City	Hudiksvall, Gavleborg

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.154.110.142

Whois 185.154.110.142

IP Abuse Reports for 185.154.110.142:

This IP address has been reported a total of 517 times from 161 distinct sources. 185.154.110.142 was first reported on February 6th 2022, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-02 07:18:29 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 185.154.110.142 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 185.154.110.142 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 03:18:20.937711 2026] [security2:error] [pid 14502:tid 14502] [client 185.154.110.142:32778] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 185.154.110.142 (+1 hits since last alert)\|lspfest.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lspfest.com"] [uri "/xmlrpc.php"] [unique_id "ah6DvHmn1UhAfQ3REdYkYAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 09:16:10 (4 days ago)	(mod_security) mod_security (id:210730) triggered by 185.154.110.142 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 185.154.110.142 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 05:16:04.238397 2026] [security2:error] [pid 14013:tid 14013] [client 185.154.110.142:40562] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|volkerjahn.estate\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "volkerjahn.estate"] [uri "/dump.sql"] [unique_id "ahv8VJe-ARzCOhxHhFUrtQAAAAI"], referer: volkerjahn.estate/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-30 19:40:50 (5 days ago)	(mod_security) mod_security (id:210730) triggered by 185.154.110.142 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 185.154.110.142 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 30 15:40:41.054871 2026] [security2:error] [pid 20834:tid 20834] [client 185.154.110.142:38740] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|cielocr.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cielocr.com"] [uri "/dump.sql"] [unique_id "ahs9Of7PypWCYT78Fh53ugAAAAA"], referer: cielocr.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 oncord	2026-05-27 14:56:21 (1 week ago)	Form spam	Web Spam
🇦🇺 oncord	2026-05-24 14:43:17 (1 week ago)	Form spam	Web Spam
🇺🇸 TPI-Abuse	2026-05-24 04:30:33 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 185.154.110.142 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 185.154.110.142 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 24 00:30:29.309532 2026] [security2:error] [pid 12554:tid 12554] [client 185.154.110.142:51768] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|notepromd.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "notepromd.com"] [uri "/dump.sql"] [unique_id "ahJ-5Q7xY1RwWmLUigDejgAAAAM"], referer: notepromd.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇧🇷 ICS Labs	2026-05-21 15:07:19 (2 weeks ago)	ICS Labs identified 185.154.110.142 as a malicious indicator from threat intelligence.	DDoS Attack Hacking Exploited Host
🇩🇪 big-cloud.nl	2026-05-18 09:34:47 (2 weeks ago)	Try to access /xmlrpc.php	Web App Attack
🇧🇪 cmbplf	2026-05-16 06:02:21 (2 weeks ago)	827 limiting connections by zone (14m59s)	DDoS Attack
🇦🇺 oncord	2026-05-15 04:55:08 (3 weeks ago)	Form spam	Web Spam
Anonymous	2026-05-06 04:01:12 (4 weeks ago)	2026-05-05 19:00:15,583 fail2ban.actions [3625835]: NOTICE [tor] Ban 185.154.110.142 2026-05 ... show more 2026-05-05 19:00:15,583 fail2ban.actions [3625835]: NOTICE [tor] Ban 185.154.110.142 2026-05-05 22:00:13,553 fail2ban.actions [3625835]: NOTICE [tor] Ban 185.154.110.142 2026-05-06 01:00:13,092 fail2ban.actions [3625835]: NOTICE [tor] Ban 185.154.110.142 2026-05-06 04:00:21,424 fail2ban.actions [3625835]: NOTICE [tor] Ban 185.154.110.142 2026-05-06 07:01:11,148 fail2ban.actions [3625835]: NOTICE [tor] Ban 185.154.110.142 show less	Brute-Force
🇺🇸 TPI-Abuse	2026-04-27 16:41:55 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 185.154.110.142 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.154.110.142 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 27 12:41:50.202560 2026] [security2:error] [pid 26271:tid 26271] [client 185.154.110.142:57288] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.vsecuritysolutions.com"] [uri "/.env.production"] [unique_id "ae-Rzt3ROmEW9rLb6LK9xgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-04-24 21:01:19 (1 month ago)	2026-04-24 12:00:14,826 fail2ban.actions [7718]: NOTICE [tor] Ban 185.154.110.142 2026-04-24 ... show more 2026-04-24 12:00:14,826 fail2ban.actions [7718]: NOTICE [tor] Ban 185.154.110.142 2026-04-24 15:00:12,872 fail2ban.actions [7718]: NOTICE [tor] Ban 185.154.110.142 2026-04-24 18:00:13,746 fail2ban.actions [7718]: NOTICE [tor] Ban 185.154.110.142 2026-04-24 21:00:23,753 fail2ban.actions [7718]: NOTICE [tor] Ban 185.154.110.142 2026-04-25 00:01:15,238 fail2ban.actions [7718]: NOTICE [tor] Ban 185.154.110.142 show less	Brute-Force
Anonymous	2026-04-10 11:01:43 (1 month ago)	This IP was involved in an brute force and password spray attack on 2026/04/10 05:59:22	Port Scan Brute-Force Exploited Host Web App Attack
🇩🇪 LRob.fr	2026-04-08 03:45:10 (1 month ago)	Plesk panel login attempt with forbidden username (root/admin), blocked by Fail2Ban in custom-plesk- ... show more Plesk panel login attempt with forbidden username (root/admin), blocked by Fail2Ban in custom-plesk-login jail show less	Brute-Force Web App Attack

Showing 1 to 15 of 517 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇪🇨 186.47.137.19

🇨🇭 104.244.78.233

🇨🇳 60.191.221.172

🇳🇱 45.156.87.245

🇺🇸 23.95.117.249

🇺🇸 2600:3c03::2000:9fff:fe37:dfdf

🇺🇸 2600:3c02::2000:4fff:fe75:6c27

🇧🇷 187.108.1.142

🇧🇴 181.115.237.19

🇺🇸 152.53.210.165

🇺🇸 147.90.235.16

🇧🇷 143.202.191.193

🇨🇳 115.191.10.40

🇨🇭 107.189.31.52

🇧🇩 103.183.62.3

🇺🇸 66.132.186.247

🇺🇸 65.49.1.111

🇵🇰 39.34.147.176

🇨🇳 222.247.32.186

🇩🇪 213.209.159.56