JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.228.3.1

185.228.3.1 was found in our database!

This IP was reported 111 times. Confidence of Abuse is 11%: ?

11%

ISP	Gerardo Cubillo Torralba Empresa Constructora S.L
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	cubilloconstrucciones.com
Country	🇵🇹 Portugal
City	Lisbon, Lisbon

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.228.3.1

Whois 185.228.3.1

IP Abuse Reports for 185.228.3.1:

This IP address has been reported a total of 111 times from 42 distinct sources. 185.228.3.1 was first reported on May 17th 2024, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇪 BlockIT	2026-05-07 08:03:00 (1 month ago)		Brute-Force
🇱🇻 garmtech.com	2026-04-22 19:50:05 (1 month ago)	IM360 WAF: Laravel .env file access	Web App Attack
🇨🇭 backslash	2026-04-19 22:12:00 (1 month ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
Anonymous	2026-04-17 12:48:28 (2 months ago)	(ftpd) Failed FTP login from 185.228.3.1 (PT/Portugal/Lisbon/Lisbon/-/[redacted])	FTP Brute-Force Brute-Force
🇺🇸 TPI-Abuse	2026-03-28 21:25:20 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 185.228.3.1 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 185.228.3.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 28 17:25:05.866434 2026] [security2:error] [pid 11058:tid 11058] [client 185.228.3.1:35687] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "swhowell.com"] [uri "/bak/sftp-config.json"] [unique_id "achHMUnCW68Mqt6nxsY_XQAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 octageeks.com	2026-03-27 04:12:08 (2 months ago)	Wordpress malicious attack:[octawpauthor]	Web App Attack
🇺🇸 TPI-Abuse	2026-03-25 16:09:00 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 185.228.3.1 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 185.228.3.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 25 12:08:55.164520 2026] [security2:error] [pid 19208:tid 19218] [client 185.228.3.1:37945] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|dpscsde.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "dpscsde.com"] [uri "/old/www.sql"] [unique_id "acQIl9UtJg7wzsZc6fcWKgAAAIY"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 SCHAPPY	2026-03-25 07:11:10 (2 months ago)	Brute-force attack to identify web exploits	Brute-Force Web App Attack
🇧🇪 cmbplf	2026-03-24 04:12:39 (2 months ago)	182 requests with url.path */wp-includes/wlwmanifest.xml	Brute-Force Bad Web Bot
🇯🇵 Valhalla	2026-03-22 22:27:12 (2 months ago)	/backup/wallet.dat	Hacking Web App Attack
🇫🇷 ELYAZ	2026-03-21 10:01:05 (2 months ago)	(wordpress) Failed wordpress login from 185.228.3.1 (PT/Portugal/-): (CF_ENABLE)	Brute-Force
🇺🇸 TPI-Abuse	2026-03-18 14:57:37 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 185.228.3.1 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 185.228.3.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 18 10:57:29.461356 2026] [security2:error] [pid 8092:tid 8092] [client 185.228.3.1:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kryptonome.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kryptonome.com"] [uri "/back/www.sql"] [unique_id "abq9Wd76b8-73VEi-YXbIgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-14 00:53:13 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 185.228.3.1 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 185.228.3.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 13 20:53:07.061209 2026] [security2:error] [pid 9275:tid 9275] [client 185.228.3.1:50383] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "casinoaffiliateprogramsonline.com"] [uri "/sftp-config.json"] [unique_id "abSxc-nUdUqetoRkh-_QlgAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Penny Packer	2026-03-13 01:57:00 (3 months ago)	Fail2Ban apache-tripwires	Web App Attack
🇬🇧 pinguin	2026-03-08 17:45:36 (3 months ago)	Triggered Cloudflare WAF (firewallManaged) from PT. Action taken: LOG Protocol: HTTP/1.1 (HEAD metho ... show more Triggered Cloudflare WAF (firewallManaged) from PT. Action taken: LOG Protocol: HTTP/1.1 (HEAD method) Endpoint: /dump.sql UA: Empty string This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot

Showing 1 to 15 of 111 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇪 198.235.24.248

🇺🇸 172.236.111.197

🇨🇳 222.186.68.153

🇨🇭 179.43.146.227

🇰🇷 175.198.62.180

🇨🇳 150.255.24.137

🇮🇩 114.10.47.235

🇰🇷 112.162.111.205

🇳🇱 45.148.10.51

🇮🇪 3.254.57.152

🇨🇳 222.188.185.65

🇩🇪 213.209.159.56

🇩🇪 213.209.159.11

🇧🇷 205.210.31.231

🇺🇸 198.89.96.148

🇳🇱 176.65.148.244

🇺🇸 143.42.1.52

🇺🇸 76.185.202.94

🇺🇸 23.137.105.190

🇨🇳 116.135.67.93