JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.94.35.38

185.94.35.38 was found in our database!

This IP was reported 23 times. Confidence of Abuse is 11%: ?

11%

ISP	Fast Servers (Pty) Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS59651
Domain Name	traffictransitsolution.us
Country	🇫🇮 Finland
City	Vantaa, Uusimaa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.94.35.38

Whois 185.94.35.38

IP Abuse Reports for 185.94.35.38:

This IP address has been reported a total of 23 times from 10 distinct sources. 185.94.35.38 was first reported on September 5th 2023, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-05-18 00:10:19 (2 weeks ago)	(mod_security) mod_security (id:210350) triggered by 185.94.35.38 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210350) triggered by 185.94.35.38 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 17 20:10:15.788999 2026] [security2:error] [pid 31796:tid 31796] [client 185.94.35.38:64373] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|advantageinvestigation.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "advantageinvestigation.com"] [uri "/"] [unique_id "agpY57RRl-OCciOCQ9XL0gAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-16 22:26:27 (2 weeks ago)	(mod_security) mod_security (id:210730) triggered by 185.94.35.38 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 185.94.35.38 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 16 18:26:21.031534 2026] [security2:error] [pid 15379:tid 15379] [client 185.94.35.38:26999] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|vitalitywebb.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "vitalitywebb.com"] [uri "/backstore/Barcalounger/Images/Berkeley 4059/Thumbs.db"] [unique_id "agjvDagQSU4fvUutEAlFdQAAABQ"], referer: https://vitalitywebb.com/backstore/Barcalounger/Images/Berkeley%204059/ show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-05-16 20:06:17 (2 weeks ago)	Restricted File Access Attempt. Matched phrase ".htaccess" at REQUEST_FILENAME. (930130-196)	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-03-15 04:12:27 (2 months ago)	(mod_security) mod_security (id:210350) triggered by 185.94.35.38 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210350) triggered by 185.94.35.38 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 15 00:12:20.476929 2026] [security2:error] [pid 3676253:tid 3676253] [client 185.94.35.38:18799] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|tipdavid.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "tipdavid.com"] [uri "/"] [unique_id "abYxpDjcQ85IxWzzIy2fTwAAAA8"], referer: https://www.google.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-28 00:47:54 (3 months ago)	(mod_security) mod_security (id:210350) triggered by 185.94.35.38 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210350) triggered by 185.94.35.38 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 27 19:47:51.471284 2026] [security2:error] [pid 26617:tid 26617] [client 185.94.35.38:19989] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|photonmatrix.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "photonmatrix.com"] [uri "/"] [unique_id "aaI7N7t7dobLX4W8WmkzNQAAAAA"], referer: https://www.facebook.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 01:12:49 (3 months ago)	(mod_security) mod_security (id:210350) triggered by 185.94.35.38 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210350) triggered by 185.94.35.38 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 17 20:12:43.694583 2026] [security2:error] [pid 146210:tid 146224] [client 185.94.35.38:30653] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|fastestcopyright.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "fastestcopyright.com"] [uri "/"] [unique_id "aZUSCyTnLl13hteBk12MPwAAAMw"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 backslash	2025-11-21 20:10:05 (6 months ago)	block ruleset CC531825F9395F9A07FB06C1247C46770A2690F8	Bad Web Bot
🇮🇳 wizard1411	2025-05-31 07:09:31 (1 year ago)	DDoS and brute force activity detected	Brute-Force SSH
🇮🇳 wizard1411	2025-05-31 07:09:31 (1 year ago)	DDoS and brute force activity detected	Brute-Force SSH
🇮🇳 wizard1411	2025-05-31 07:09:31 (1 year ago)	DDoS and brute force activity detected	Brute-Force SSH
🇮🇳 wizard1411	2025-05-31 07:09:31 (1 year ago)	DDoS and brute force activity detected	Brute-Force SSH
Anonymous	2025-01-27 14:15:00 (1 year ago)	Used in a distributed login attack	Brute-Force
🇨🇦 wil.com	2024-09-23 12:46:09 (1 year ago)	GlobalProtect login attempts with user smcgee.	VPN IP Brute-Force
Anonymous	2024-08-13 13:58:19 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2024-08-10 06:04:38 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH

Showing 1 to 15 of 23 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 216.226.76.10

🇯🇵 180.51.40.47

🇨🇦 85.217.149.40

🇫🇷 85.217.140.39

🇺🇸 50.87.144.79

🇨🇴 45.179.200.156

🇳🇱 45.148.10.34

🇳🇱 34.6.128.242

🇷🇴 2.57.122.177

🇭🇰 199.45.154.184

🇧🇪 198.235.24.207

🇧🇷 186.207.60.199

🇲🇰 185.193.240.246

🇬🇧 172.71.26.38

🇺🇸 143.42.173.60

🇺🇸 104.23.251.88

🇹🇭 102.129.138.199

🇺🇸 54.86.44.65

🇸🇬 47.84.180.235

🇧🇪 34.79.3.251