JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.228.3.74

185.228.3.74 was found in our database!

This IP was reported 107 times. Confidence of Abuse is 32%: ?

32%

ISP	Gerardo Cubillo Torralba Empresa Constructora S.L
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	cubilloconstrucciones.com
Country	🇵🇹 Portugal
City	Lisbon, Lisbon

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.228.3.74

Whois 185.228.3.74

IP Abuse Reports for 185.228.3.74:

This IP address has been reported a total of 107 times from 45 distinct sources. 185.228.3.74 was first reported on May 20th 2024, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 cybsecaoccol	2026-06-16 01:10:02 (1 hour ago)	Brute Force SASL Attack	Hacking Brute-Force Web App Attack
🇺🇸 threatintelligence_bvc	2026-06-16 00:14:40 (2 hours ago)		Brute-Force
🇺🇸 integrantservices.com	2026-06-10 14:48:10 (5 days ago)	(wordpress) Failed wordpress login from 185.228.3.74 (PT/Portugal/-)	Brute-Force
🇫🇮 oh.mg	2026-06-03 19:26:16 (1 week ago)	[Wed Jun 03 21:26:13.785239 2026] [security2:error] [pid 1007335:tid 1007363] [client 185.228.3.74:5 ... show more [Wed Jun 03 21:26:13.785239 2026] [security2:error] [pid 1007335:tid 1007363] [client 185.228.3.74:52403] [client 185.228.3.74] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [ver "OWASP_CRS/4.10.0-dev"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "95.216.72.247"] [uri "/sftp-config.json"] [unique_id "aiB_1W7N8ltttLzQuO1bbwAAAZY"] [Wed Jun 03 21:26:15.722067 2026] [security2:error] [pid 1007335:tid 1007364] [client 185.228.3.74:52403] [client 185.228.3.74] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [ver "OWASP_CRS/4.10.0-dev" ... show less	Web App Attack Bad Web Bot
🇮🇹 abuseiphack	2026-06-03 01:48:22 (1 week ago)	Automatic report for brute force attack	Web App Attack
🇪🇸 QuiqueB	2026-04-07 12:00:00 (2 months ago)	Failed password for a lot of valid users Microsoft, Entra ID logs, Advance BEC	Brute-Force Bad Web Bot Exploited Host
🇳🇿 Antinson	2026-03-27 18:05:55 (2 months ago)	Scraping with a high error ratio and request rate	Bad Web Bot
🇩🇪 MusicLibrary	2026-03-27 17:17:45 (2 months ago)	Probing for non-existent scripts or executables	Bad Web Bot Web App Attack
Anonymous	2026-03-27 02:16:06 (2 months ago)	(wp-php-upload-includes) Block attempt to access .php in uploads wordpress uploads or well-known 185 ... show more (wp-php-upload-includes) Block attempt to access .php in uploads wordpress uploads or well-known 185.228.3.74 (PT/Portugal/-) show less	Brute-Force
🇺🇸 octageeks.com	2026-03-24 04:07:52 (2 months ago)	Wordpress malicious attack:[octausername]	Web App Attack
🇺🇸 Sylvyon	2026-03-23 12:54:17 (2 months ago)	Triggered Cloudflare WAF (firewallCustom) from PT. Action: BLOCK \| Protocol: HTTP/2 (GET) \| Endpoint ... show more Triggered Cloudflare WAF (firewallCustom) from PT. Action: BLOCK \| Protocol: HTTP/2 (GET) \| Endpoint: / \| UA: Empty string • Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-03-18 22:21:57 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 185.228.3.74 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 185.228.3.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 18 18:21:53.698387 2026] [security2:error] [pid 26934:tid 26934] [client 185.228.3.74:37153] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|bitcointoolfair.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bitcointoolfair.com"] [uri "/back/backup.sql"] [unique_id "abslgS3DoHw5RIk7txdzrgAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 cmbplf	2026-03-14 23:38:42 (3 months ago)	1.776 requests with url.path */xmlrpc.php	Brute-Force Bad Web Bot
🇬🇧 pinguin	2026-03-08 23:16:45 (3 months ago)	Triggered Cloudflare WAF (firewallManaged) from PT. Action taken: LOG Protocol: HTTP/2 (HEAD method) ... show more Triggered Cloudflare WAF (firewallManaged) from PT. Action taken: LOG Protocol: HTTP/2 (HEAD method) Endpoint: /backup/backup.sql.zip UA: Empty string This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇦 URAN Publishing Service	2026-03-03 07:22:00 (3 months ago)	185.228.3.74 - - [03/Mar/2026:09:21:59 +0200] "GET /wp-includes/PHPMailer/wp-conflg.php HTTP/1.1" 40 ... show more 185.228.3.74 - - [03/Mar/2026:09:21:59 +0200] "GET /wp-includes/PHPMailer/wp-conflg.php HTTP/1.1" 404 276 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36 OPR/70.0.3728.95" 185.228.3.74 - - [03/Mar/2026:09:21:59 +0200] "GET /wp-includes/PHPMailer/admin.php HTTP/1.1" 404 276 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3" ... show less	Web App Attack

Showing 1 to 15 of 107 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2607:f8b0:400c:c38::123

🇰🇷 222.108.100.117

🇺🇸 162.216.149.52

🇦🇪 132.243.121.237

🇯🇵 104.234.140.136

🇯🇵 104.234.140.118

🇲🇾 49.124.147.109

🇧🇪 198.235.24.150

🇧🇷 187.21.12.222

🇦🇷 179.40.112.10

🇺🇸 107.150.105.153

🇯🇵 104.234.140.139

🇯🇵 104.234.140.131

🇯🇵 104.234.140.119

🇳🇱 91.92.40.12

🇵🇱 87.251.64.144

🇳🇱 45.148.10.151

🇧🇷 205.210.31.170

🇮🇳 136.232.11.10

🇯🇵 104.234.140.142