JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.216.35.196

185.216.35.196 was found in our database!

This IP was reported 64 times. Confidence of Abuse is 22%: ?

22%

ISP	M247 LTD Prague Infrastructure
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	m247.com
Country	🇨🇿 Czechia
City	Prague, Prague

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.216.35.196

Whois 185.216.35.196

IP Abuse Reports for 185.216.35.196:

This IP address has been reported a total of 64 times from 21 distinct sources. 185.216.35.196 was first reported on August 20th 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇳 pengpeng	2026-05-30 01:05:40 (1 week ago)	monitor: on VM-0-7-ubuntu \| port: 28466 \| ttl: 251 script: github.com/sefinek/UFW-AbuseIPDB-Reporte ... show more monitor: on VM-0-7-ubuntu \| port: 28466 \| ttl: 251 script: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇷🇺 Agrohim	2026-05-23 00:17:13 (2 weeks ago)	Gate Inet blocked for categories:	DDoS Attack Ping of Death Port Scan Hacking Brute-Force
🇨🇳 pengpeng	2026-05-21 22:30:55 (2 weeks ago)	monitor: on VM-0-7-ubuntu \| port: 46467 \| ttl: 251 script: github.com/sefinek/UFW-AbuseIPDB-Reporte ... show more monitor: on VM-0-7-ubuntu \| port: 46467 \| ttl: 251 script: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇰🇿 Sipilen	2026-05-08 22:33:18 (1 month ago)	Possible port scan detected in MikroTik firewall logs: connection-state:new proto UDP proto UDP len ... show more Possible port scan detected in MikroTik firewall logs: connection-state:new proto UDP proto UDP len 132. Total attempts in last 15m: 5 show less	Port Scan
🇨🇭 pingusurmars	2026-05-01 10:20:41 (1 month ago)	Blocked by UFW on ampereone [2083/tcp] Source port: 50667 TTL: 246 Packet length: 40 TOS: 0x00 This ... show more Blocked by UFW on ampereone [2083/tcp] Source port: 50667 TTL: 246 Packet length: 40 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
Anonymous	2026-04-25 20:02:30 (1 month ago)	Web attack	Bad Web Bot Web App Attack
Anonymous	2026-04-08 08:00:23 (2 months ago)	suspicious request in access.log	Web App Attack
🇷🇺 Agrohim	2026-04-03 19:55:36 (2 months ago)	Gate Inet blocked for categories:	DDoS Attack Ping of Death Port Scan Hacking Brute-Force
🇩🇪 zupan	2026-04-01 13:43:21 (2 months ago)	Blocked by UFW on vps [44/tcp] \| SPT: 50304 \| TTL: 242 \| LEN: 40 \| TOS: 0x00 • Reported by: github.c ... show more Blocked by UFW on vps [44/tcp] \| SPT: 50304 \| TTL: 242 \| LEN: 40 \| TOS: 0x00 • Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 xmission.com	2026-03-30 01:43:23 (2 months ago)	Blocked by UFW (TCP on 324) Source port: 57112 TTL: 233 Packet length: 40 TOS: 0x08 This report (fo ... show more Blocked by UFW (TCP on 324) Source port: 57112 TTL: 233 Packet length: 40 TOS: 0x08 This report (for 185.216.35.196) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 Starburst SysOp Team	2026-03-24 16:56:46 (2 months ago)	URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .b ... show more URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .backup/ .bak/ .bck/ .bk/ .bkp/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .cnf/ .com/ .compositefont/ .config/ .conf/ .copy/ .crt/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dist/ .dll/ .dos/ .dpkg-dist/ .drv/ .gadget/ .hta/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .inf/ .ini/ .jks/ .jse/ .key/ .licx/ .lnk/ .log/ .mdb/ .msc/ .ocx/ .old/ .pass/ .pdb/ .pfx/ .pif/ .pem/ .pol/ .prf/ .printer/ .pwd/ .rdb/ .rdp/ .reg/ .resources/ .resx/ .sav/ .save/ .scr/ .sct/ .sh/ .shs/ .sql/ .sqlite/ .sqlite3/ .swap/ .swo/ .swp/ .sys/ .temp/ .tfstate/ .tlb/ .tmp/ .vb/ .vbe/ .vbs/ .vbproj/ .vsdisco/ .vxd/ .webinfo/ .ws/ .wsc/ .wsf/ .wsh/ .xsd/ .xsx/" at TX:extension. (920440-stl2-17) show less	Hacking
🇺🇸 TPI-Abuse	2026-03-21 02:59:49 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 185.216.35.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 185.216.35.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 20 22:58:24.474299 2026] [security2:error] [pid 28739:tid 28739] [client 185.216.35.196:34654] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.modmove.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.modmove.com"] [uri "/conf_global.php.bak"] [unique_id "ab4JUDttxhIhg8KkkcjRGwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-21 00:59:57 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 185.216.35.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 185.216.35.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 20 20:59:16.180948 2026] [security2:error] [pid 4178:tid 4178] [client 185.216.35.196:40008] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.disenowebprofesional.com\|F\|2"] [data ".php.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.disenowebprofesional.com"] [uri "/config.php.old"] [unique_id "ab3tZEK2oGPjFi4FDS1PwwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇹 Starburst SysOp Team	2026-03-17 17:41:28 (2 months ago)	Attempt to access a backup or working file. Pattern match "\\\\. (920500-ams6-1)	Hacking
🇳🇱 debestelapp	2026-03-14 17:36:16 (2 months ago)		Web App Attack

Showing 1 to 15 of 64 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 220.132.100.145

🇺🇸 195.184.76.195

🇨🇳 180.153.236.152

🇯🇵 124.18.182.99

🇮🇳 117.198.99.18

🇭🇰 103.103.245.7

🇺🇸 68.233.148.103

🇮🇳 61.12.86.90

🇸🇬 43.163.90.141

🇸🇬 43.156.13.166

🇺🇿 31.40.29.121

🇸🇬 2a09:bac1:6500:8::3c4:24

🇺🇸 162.58.1.83

🇭🇰 154.198.162.75

🇸🇬 152.42.203.248

🇩🇪 141.11.250.239

🇵🇱 134.112.56.47

🇺🇸 103.203.57.21

🇺🇸 91.230.168.151

🇺🇸 66.132.195.29