JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.220.113.97

185.220.113.97 was found in our database!

This IP was reported 15 times. Confidence of Abuse is 31%: ?

31%

ISP	Zana Company for Internet Service Provider LTD. End User # 2
Usage Type	Fixed Line ISP
ASN	AS205371
Domain Name	zanagroup.net
Country	🇮🇶 Iraq
City	Sulaymaniyah, Sulaymaniyah

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.220.113.97

Whois 185.220.113.97

IP Abuse Reports for 185.220.113.97:

This IP address has been reported a total of 15 times from 14 distinct sources. 185.220.113.97 was first reported on July 27th 2025, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Inamin	2026-06-15 04:39:12 (2 days ago)	185.220.113.97 - - [15/Jun/2026:10:57:59 +0800] "GET /index.php?from=20260507100728&fromFormatted=20 ... show more 185.220.113.97 - - [15/Jun/2026:10:57:59 +0800] "GET /index.php?from=20260507100728&fromFormatted=2026%E5%B9%B45%E6%9C%887%E6%97%A5+%28%E5%9B%9B%29+18%3A07&hidemyself=1&target=%E5%B0%8F%E5%8E%9F%E9%9E%A0%E8%8E%89%2F%E3%82%8F%E3%81%82%E3%80%81%E3%81%8A%E3%81%84%E3%81%97%E3%81%9D%E3%81%86%EF%BD%9E%EF%BC%81%EF%BC%81&title=%E7%89%B9%E6%AE%8A%3A%E5%B7%B2%E9%80%A3%E7%B5%90%E7%9A%84%E6%9C%80%E8%BF%91%E8%AE%8A%E6%9B%B4 HTTP/2.0" 504 569 "-" "Mozilla/5.0 (compatible; MSIE 5.0; Windows NT 10.0; Trident/3.0)" 185.220.113.97 - - [15/Jun/2026:12:39:11 +0800] "GET /index.php?returnto=%E7%89%B9%E6%AE%8A%3A%E5%B7%B2%E9%80%A3%E7%B5%90%E7%9A%84%E6%9C%80%E8%BF%91%E8%AE%8A%E6%9B%B4&returntoquery=hideminor%3D1%26target%3DKiRa-KiRa_Sensation%2521&title=%E7%89%B9%E6%AE%8A%3A%E5%BB%BA%E7%AB%8B%E5%B8%B3%E8%99%9F HTTP/2.0" 502 559 "-" "Mozilla/5.0 (compatible; MSIE 6.0; Windows NT 10.0; Trident/4.0)" ... show less	Brute-Force
🇨🇦 polycoda	2026-06-14 12:36:13 (3 days ago)	🥶 Part of massive botnet scraping campaign that nearly turned into a DDoS on 2025-11-27	DDoS Attack
🇦🇺 prologic	2026-06-13 21:16:19 (3 days ago)	Distributed application-layer DoS against git.mills.io (self-hosted Gitea). High-volume automated re ... show more Distributed application-layer DoS against git.mills.io (self-hosted Gitea). High-volume automated requests to expensive Git repository endpoints (commit/diff/blame/archive views), ~1 request per IP, spoofed browser UA, rejected with HTTP 429. Residential-proxy botnet campaign, 2026-06-13/14 UTC. show less	DDoS Attack Web App Attack
🇮🇩 hermawan	2026-06-05 11:21:04 (1 week ago)	[Fri Jun 05 18:21:00.602896 2026] [security2:error] [pid 971898:tid 140021561521856] [client 185.220 ... show more [Fri Jun 05 18:21:00.602896 2026] [security2:error] [pid 971898:tid 140021561521856] [client 185.220.113.97:56840] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "www.bmkg.go.id" at REQUEST_HEADERS:Referer. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "582"] [id "440068"] [msg "BAD Referer"] [data "Matched Data: www.bmkg.go.id found within REQUEST_HEADERS:Referer: https://www.bmkg.go.id/ request_line = GET /index.php/profil/meteorologi/geofisika/555558585-poster-antisipasi-gempa HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/profil/meteorologi/geofisika/555558585-poster-antisipasi-gempa"] [unique_id "aiKxHGY9hi8Sq08Bzsl3OgABhQg"], referer https://www.bmkg.go.id/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[971918] [qxz42j+L9Gc] [aiKxHGY9hi8Sq08Bzsl3OgABhQg] keep_alive=[1] [2026-06-05 18:21:00.602900] [R:aiKxHGY9hi8Sq08Bzsl3OgABhQg] UA:'Mozilla/5.0 (Linux; Android 8 ... show less	Email Spam Hacking
🇩🇪 SMARTNET	2026-05-27 06:03:53 (3 weeks ago)	Aisuru(Mirai variant) DDoS \| Incident ID: 05d1ccb8-9fe2-4914-b2a4-f363f4cb0b0e	DDoS Attack
🇨🇭 ALPHANET	2026-05-10 00:00:48 (1 month ago)	Botnet or web spider not respecting robots.txt	DDoS Attack Exploited Host
🇸🇬 mypatricks	2026-03-27 12:40:28 (2 months ago)	185.220.113.97 \| Port: 9265 \| DNS: 185.220.113.97 2026-03-27T20:40:27+08:00 Asia/Baghdad \| Fake HTTP ... show more 185.220.113.97 \| Port: 9265 \| DNS: 185.220.113.97 2026-03-27T20:40:27+08:00 Asia/Baghdad \| Fake HTTP Protocol detected! \| UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 HTTP/1.1 443 GET \| URL: /cupcakes-my-baby/?b2f0ed807ebe8d54d0fb60b6b4251c0f=1733257708&a55bfa508b90fc6f804c03ef7=enabled \| Ref: - \| Country: IQ/Iraq/+03:00 IP City: Jamjamāl Windows 9e2e76afe9c2f762-ISU/ISU 1 hits/0 secs Robots 3 show less	Brute-Force Web App Attack Blog Spam Web Spam Exploited Host
🇨🇭 backslash	2026-03-22 11:27:03 (2 months ago)	block ruleset Badbot using very old user-agents 5CF3CDB778C7D82564405B86B9242E612F378C68	Bad Web Bot
🇺🇸 kosada.com	2026-03-14 22:27:39 (3 months ago)	Web bot: DDoS	DDoS Attack Bad Web Bot
🇺🇸 gui-ying233	2026-03-14 00:07:49 (3 months ago)	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Sa ... show more Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 show less	Bad Web Bot
🇺🇸 matt	2026-03-02 20:51:23 (3 months ago)	DDOS attack with query parameters attempting to overload WordPress site.	DDoS Attack
🇮🇹 VHosting	2026-03-01 13:12:56 (3 months ago)	Detected mail brute force attack from 4 different servers	Brute-Force
Anonymous	2026-02-09 23:41:43 (4 months ago)	Distributed web crawl botnet attack (like Mellowtel), likely illicit scraping of AI training data to ... show more Distributed web crawl botnet attack (like Mellowtel), likely illicit scraping of AI training data to bypass firewall/robots.txt restrictions in printer-friendly.asp show less	Bad Web Bot Exploited Host
🇨🇭 backslash	2026-01-29 16:05:18 (4 months ago)	block ruleset 6B63410D189E6343B910F7440B8499558BEC52EB	Bad Web Bot
🇪🇸 Global Cyber Police	2025-07-27 14:38:17 (10 months ago)	Malicious bot activity detected: Hitting honeypot page (200 OK with 258/259 bytes sent).	Port Scan Brute-Force Web App Attack

Showing 1 to 15 of 15 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇭🇰 199.45.155.80

🇺🇸 108.62.60.116

🇺🇸 47.77.219.202

🇸🇬 43.156.212.6

🇺🇸 3.131.220.121

🇺🇿 195.158.14.232

🇨🇳 182.242.168.150

🇨🇳 115.55.198.234

🇫🇷 91.196.152.220

🇫🇷 91.196.152.187

🇨🇳 43.248.108.42

🇨🇳 218.68.218.10

🇬🇧 217.146.80.117

🇨🇳 175.30.48.128

🇨🇳 125.88.205.65

🇨🇳 112.94.252.198

🇺🇸 91.230.168.245

🇫🇷 85.217.140.47

🇺🇸 84.32.138.153

🇸🇬 62.146.237.248