JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 199.180.11.194

199.180.11.194 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 2%: ?

ISP	Skyway Frieght Systems
Usage Type	Data Center/Web Hosting/Transit
ASN	AS394380
Domain Name	skywayinc.com
Country	🇺🇸 United States of America
City	Dallas, Texas

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 199.180.11.194

Whois 199.180.11.194

IP Abuse Reports for 199.180.11.194:

This IP address has been reported a total of 14 times from 5 distinct sources. 199.180.11.194 was first reported on May 26th 2025, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-01 01:44:44 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 199.180.11.194 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 199.180.11.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 21:44:34.213422 2026] [security2:error] [pid 9440:tid 9484] [client 199.180.11.194:44383] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.kettlehill.net"] [uri "/.svn/entries"] [unique_id "ahzkAvmss8jRYtMzlx2ZiAAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 ALPHANET	2026-02-10 11:52:21 (4 months ago)	web exploits	Hacking Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-02-07 17:33:40 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 199.180.11.194 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 199.180.11.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 07 12:33:34.768144 2026] [security2:error] [pid 6120:tid 6120] [client 199.180.11.194:40583] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.nbcnewsradio.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.nbcnewsradio.com"] [uri "/mail.db"] [unique_id "aYd3bjKipPTf-u4RzUS5hQAAACQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 23:41:15 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 199.180.11.194 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 199.180.11.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 18:41:10.225389 2025] [security2:error] [pid 5915:tid 5915] [client 199.180.11.194:50581] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whm.farmers123.com"] [uri "/.env.bak"] [unique_id "aS95Fm4rplwEIW5OibCCXAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-01 06:35:32 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 199.180.11.194 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 199.180.11.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 01:35:29.004041 2025] [security2:error] [pid 31256:tid 31275] [client 199.180.11.194:36187] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.kettlehill.net"] [uri "/.env.prod.local"] [unique_id "aS03MW28JkE_f6YcP8788gAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-28 23:20:42 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 199.180.11.194 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 199.180.11.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 19:20:35.012909 2025] [security2:error] [pid 2815:tid 2815] [client 199.180.11.194:41675] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|nbcnewsradio.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "nbcnewsradio.com"] [uri "/php_errors.log"] [unique_id "aQFPw_-6UEqEpaPd4tRrvQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-01 15:54:40 (8 months ago)	(mod_security) mod_security (id:210492) triggered by 199.180.11.194 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 199.180.11.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 11:54:36.610187 2025] [security2:error] [pid 30110:tid 30153] [client 199.180.11.194:51665] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.kettlehill.net"] [uri "/.env.save"] [unique_id "aN1OvMkWrLLgoGKIU58o3gAAAcg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-22 22:58:55 (9 months ago)	(mod_security) mod_security (id:210492) triggered by 199.180.11.194 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 199.180.11.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 22 18:58:50.848276 2025] [security2:error] [pid 22208:tid 22208] [client 199.180.11.194:43625] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htpasswd" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "deandobkin.com"] [uri "/.htpasswd"] [unique_id "aNHUqgwnQAqZaR-oX1I-eAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-01 06:37:05 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 199.180.11.194 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 199.180.11.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 02:37:01.565298 2025] [security2:error] [pid 3331447:tid 3331468] [client 199.180.11.194:55571] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.kettlehill.net"] [uri "/a.htaccess"] [unique_id "aIxgjVSZjg6lcpTf51ZQ4gAAAZE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-07-24 19:00:22 (10 months ago)	Backdrop CMS module - malicious activity detected	Bad Web Bot Web App Attack
🇩🇪 FeG Deutschland	2025-06-01 22:24:33 (1 year ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 24	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2025-06-01 21:26:12 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 199.180.11.194 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 199.180.11.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 17:26:07.590032 2025] [security2:error] [pid 3294935:tid 3294935] [client 199.180.11.194:48265] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.nbcnewsradio.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.nbcnewsradio.com"] [uri "/db_config.php.bak"] [unique_id "aDzFb2CyGnlqcBMTS5_t4gAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-28 19:45:13 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 199.180.11.194 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 199.180.11.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 28 15:45:09.308377 2025] [security2:error] [pid 1804804:tid 1804804] [client 199.180.11.194:55335] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.farmers123.com\|F\|2"] [data ".old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.farmers123.com"] [uri "/.ssh/known_hosts.old"] [unique_id "aDdnxbvcgLWxHp-Z0sbn1QAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-05-26 16:10:04 (1 year ago)	\| SQL injection attempt.	Hacking SQL Injection Web App Attack

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 203.88.119.100

🇮🇩 202.169.239.10

🇺🇸 162.216.149.243

🇨🇳 116.179.32.106

🇺🇸 107.173.253.112

🇬🇧 82.19.52.237

🇺🇸 65.49.1.18

🇬🇧 35.203.210.252

🇺🇸 18.145.243.227

🇺🇸 13.57.195.17

🇺🇸 3.83.175.125

🇺🇸 2001:470:1:fb5:48fb:948e:99ed:dc04

🇰🇷 218.145.181.48

🇧🇷 201.37.67.157

🇲🇽 187.147.158.128

🇺🇸 184.105.247.214

🇮🇳 182.95.12.178

🇵🇱 151.115.78.227

🇰🇷 111.171.125.94

🇺🇸 107.175.248.187