JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.94.35.48

185.94.35.48 was found in our database!

This IP was reported 33 times. Confidence of Abuse is 26%: ?

26%

ISP	Fast Servers (Pty) Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS59651
Domain Name	traffictransitsolution.us
Country	🇫🇮 Finland
City	Vantaa, Uusimaa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.94.35.48

Whois 185.94.35.48

IP Abuse Reports for 185.94.35.48:

This IP address has been reported a total of 33 times from 17 distinct sources. 185.94.35.48 was first reported on April 11th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇮 JimArchon72	2026-05-25 17:45:01 (1 week ago)	2026/05/25 17:43:16 "GET /wp-login.php?action=register HTTP/1.1"	Web App Attack
🇺🇸 TPI-Abuse	2026-05-22 14:58:54 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 185.94.35.48 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 185.94.35.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 22 10:58:48.462601 2026] [security2:error] [pid 24052:tid 24052] [client 185.94.35.48:48589] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kobraagencies.com"] [uri "/.wp-config.php.swp"] [unique_id "ahBvKA8BvVbJ0Ab1Z_UnLQAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-22 11:57:01 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 185.94.35.48 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 185.94.35.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 22 07:56:55.920169 2026] [security2:error] [pid 6300:tid 6300] [client 185.94.35.48:59425] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dorismitchell.com.billymitchell.com"] [uri "/wp-config.php.bak"] [unique_id "ahBEh5C3v43x2QlM-yFHKQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-20 18:33:09 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 185.94.35.48 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 185.94.35.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 20 14:33:04.953570 2026] [security2:error] [pid 6797:tid 6797] [client 185.94.35.48:49945] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mavikalem.org"] [uri "/wp-config.php.dist"] [unique_id "ag3-YPJRoMn0W2OrTDPKiQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-20 16:40:04 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 185.94.35.48 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 185.94.35.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 20 12:39:54.133383 2026] [security2:error] [pid 13985:tid 13994] [client 185.94.35.48:55755] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.willmanlawfirm.com"] [uri "/wp-config.php.old"] [unique_id "ag3j2jHcs3iy05nsBHsnxQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-20 16:14:55 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 185.94.35.48 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 185.94.35.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 20 12:14:49.975860 2026] [security2:error] [pid 5215:tid 5229] [client 185.94.35.48:30487] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cynosurelandscapers.com"] [uri "/.wp-config.php.swp"] [unique_id "ag3d-ZFCf_iRIFpi0OSaoQAAAMk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-20 12:57:32 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 185.94.35.48 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 185.94.35.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 20 08:57:24.080900 2026] [security2:error] [pid 2688:tid 2688] [client 185.94.35.48:60761] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.bak" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "brianwhitty.com"] [uri "/wp-config.bak"] [unique_id "ag2vtNRpDkjPq_m72Lk9SwAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 nyt	2026-05-20 04:13:10 (2 weeks ago)	WP Config Probe	Web App Attack
🇱🇻 garmtech.com	2026-05-12 12:57:02 (3 weeks ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 15-57.185.94.35.48.web-spammer ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 15-57.185.94.35.48.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack
🇱🇻 garmtech.com	2026-05-11 13:19:49 (3 weeks ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 16-19.185.94.35.48.web-spammer ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 16-19.185.94.35.48.web-spammers.v2.rbl.imunify.com. succeeded. show less	Web App Attack
🇱🇻 garmtech.com	2026-05-06 10:17:52 (4 weeks ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 13-17.185.94.35.48.web-spammer ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 13-17.185.94.35.48.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack
🇲🇾 Rizzy	2026-04-16 00:26:34 (1 month ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇩🇪 HandyTreff.de	2026-01-19 18:17:47 (4 months ago)	Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -54.548 (Bad < -10 / Very Bad < -20 ... show more Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -54.548 (Bad < -10 / Very Bad < -20 / Extreme < -35) \| UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.3 show less	Bad Web Bot Web App Attack
🇬🇧 Bytemark	2026-01-12 08:31:30 (4 months ago)	185.94.35.48 - - [12/Jan/2026:08:31:29 +0000] "GET /wp-login.php HTTP/1.1" 403 177 "https://www.goog ... show more 185.94.35.48 - - [12/Jan/2026:08:31:29 +0000] "GET /wp-login.php HTTP/1.1" 403 177 "https://www.google.com" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" 185.94.35.48 - - [12/Jan/2026:08:31:29 +0000] "GET /wp-login.php HTTP/1.1" 403 177 "https://www.google.com" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" 185.94.35.48 - - [12/Jan/2026:08:31:29 +0000] "GET /wp-login.php HTTP/1.1" 403 177 "https://www.google.com" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" show less	Brute-Force Web App Attack
🇪🇸 el-brujo	2026-01-11 13:34:30 (4 months ago)	[Sun Jan 11 14:34:29.975905 2026] [proxy_fcgi:error] [pid 4030376:tid 4031050] [remote 185.94.35.48: ... show more [Sun Jan 11 14:34:29.975905 2026] [proxy_fcgi:error] [pid 4030376:tid 4031050] [remote 185.94.35.48:0] AH01071: Got error 'Primary script unknown\n', referer: https://www.google.com [Sun Jan 11 14:34:30.415897 2026] [proxy_fcgi:error] [pid 4030376:tid 4030756] [remote 185.94.35.48:0] AH01071: Got error 'Primary script unknown\n', referer: https://www.google.com ... show less	Hacking Web App Attack

Showing 1 to 15 of 33 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇽 186.96.145.241

🇻🇪 201.221.115.185

🇳🇱 192.142.24.156

🇸🇦 188.53.6.246

🇩🇰 157.97.120.7

🇰🇷 106.243.155.71

🇺🇸 96.78.175.41

🇨🇦 85.217.149.41

🇩🇰 85.203.47.248

🇩🇰 85.203.47.210

🇩🇰 85.203.47.20

🇷🇴 80.94.92.167

🇦🇪 46.245.238.18

🇨🇱 34.176.13.83

🇺🇸 20.65.195.20

🇮🇪 18.203.231.24

🇺🇸 2607:f8b0:4023:100f::122

🇧🇷 205.210.31.224

🇬🇧 198.244.242.146

🇬🇧 195.206.182.210