JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 166.1.131.105

166.1.131.105 was found in our database!

This IP was reported 31 times. Confidence of Abuse is 22%: ?

22%

ISP	Ace Data Centers, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS35830
Domain Name	acedatacenter.com
Country	🇸🇪 Sweden
City	Marsta, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 166.1.131.105

Whois 166.1.131.105

IP Abuse Reports for 166.1.131.105:

This IP address has been reported a total of 31 times from 12 distinct sources. 166.1.131.105 was first reported on April 14th 2024, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 tilellit.pro	2026-06-27 05:51:35 (1 day ago)	Fail2Ban banned 166.1.131.105 for security violations in jail wp-armour. Log: 2026/06/27 05:51:34 [e ... show more Fail2Ban banned 166.1.131.105 for security violations in jail wp-armour. Log: 2026/06/27 05:51:34 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 166.1.131.105 \| Target: wplogin" , client: 166.1.131.105, server: [REDACTED], request: "POST /wp-login.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED], referrer: "https://comerciogallego.es/wp-login.php" ... show less	Web Spam
🇺🇸 TPI-Abuse	2026-06-24 21:44:20 (4 days ago)	(mod_security) mod_security (id:225170) triggered by 166.1.131.105 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 166.1.131.105 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 17:44:13.782305 2026] [security2:error] [pid 29513:tid 29513] [client 166.1.131.105:53023] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|synergystudios.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "synergystudios.org"] [uri "/wp-json/wp/v2/users"] [unique_id "ajxPrczDzr_eOhMZfo0_pQAAABw"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-05-07 08:57:11 (1 month ago)	WordPress wp-login.php Brute Force Attack	Brute-Force Web App Attack
🇬🇧 noise.agency	2026-05-04 01:36:01 (1 month ago)	(wordpress) Failed wordpress login from 166.1.131.105 (US/United States/-)	Brute-Force
🇺🇸 TPI-Abuse	2026-03-29 18:25:41 (2 months ago)	(mod_security) mod_security (id:225170) triggered by 166.1.131.105 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 166.1.131.105 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 29 14:25:36.830987 2026] [security2:error] [pid 5251:tid 5251] [client 166.1.131.105:50957] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|biff0.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "biff0.com"] [uri "/wp-json/wp/v2/users"] [unique_id "acluoGW9z7YY5CcHDqQphQAAAAg"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 2k11.co.za	2026-03-28 12:33:38 (3 months ago)	166.1.131.105 - - [28/Mar/2026:08:33:26 -0400] "POST /xmlrpc.php HTTP/2.0" 200 135 "-" "Apache-HttpC ... show more 166.1.131.105 - - [28/Mar/2026:08:33:26 -0400] "POST /xmlrpc.php HTTP/2.0" 200 135 "-" "Apache-HttpClient/4.5.13 (Java/11.0.30)" 166.1.131.105 - - [28/Mar/2026:08:33:28 -0400] "POST /xmlrpc.php HTTP/2.0" 200 207 "-" "Apache-HttpClient/4.5.13 (Java/11.0.30)" 166.1.131.105 - - [28/Mar/2026:08:33:37 -0400] "POST /xmlrpc.php HTTP/2.0" 200 135 "-" "Apache-HttpClient/4.5.13 (Java/11.0.30)" ... show less	Brute-Force
🇭🇺 bcsaba	2025-06-18 03:50:52 (1 year ago)	Joomla spam 166.1.131.105 - - [18/Jun/2025:05:50:44 +0200] "GET /index.php?option=com_easyblog&view= ... show more Joomla spam 166.1.131.105 - - [18/Jun/2025:05:50:44 +0200] "GET /index.php?option=com_easyblog&view=dashboard&layout=write HTTP/1.1" 404 789 "https://REDACTED" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 OPR/89.0.4447.51" show less	Web App Attack
🇦🇺 MAGIC	2025-06-08 00:02:31 (1 year ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇨🇿 lp	2025-05-30 22:50:14 (1 year ago)	Unauthorized VPN login attempts: 2 attempts were recorded from 166.1.131.105 2025-05-31T00:04:13+02: ... show more Unauthorized VPN login attempts: 2 attempts were recorded from 166.1.131.105 2025-05-31T00:04:13+02:00 vpn Access-Reject 'eleonore' station: 166.1.131.105 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>' 2025-05-31T00:17:15+02:00 vpn Access-Reject 'despisable' station: 166.1.131.105 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>' show less	Brute-Force Web App Attack
🇸🇪 OnTheEdge	2025-05-27 06:25:29 (1 year ago)	Password spraying. Multiple unauthorized login attempts	Hacking Web App Attack
🇨🇿 lp	2025-05-24 03:21:10 (1 year ago)	Unauthorized VPN login attempts: 1 attempts were recorded from 166.1.131.105 2025-05-24T04:12:05+02: ... show more Unauthorized VPN login attempts: 1 attempts were recorded from 166.1.131.105 2025-05-24T04:12:05+02:00 vpn Access-Reject 'supermysteries' station: 166.1.131.105 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>' show less	Brute-Force Web App Attack
🇨🇿 lp	2025-05-21 06:21:34 (1 year ago)	Unauthorized VPN login attempts: 1 attempts were recorded from 166.1.131.105 2025-05-21T07:36:19+02: ... show more Unauthorized VPN login attempts: 1 attempts were recorded from 166.1.131.105 2025-05-21T07:36:19+02:00 vpn Access-Reject 'dolly' station: 166.1.131.105 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>' show less	Brute-Force Web App Attack
🇵🇱 sefinek.net	2025-05-19 12:00:29 (1 year ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: /genshin-stella-mod UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Port Scan
🇨🇿 lp	2025-05-13 04:50:09 (1 year ago)	Unauthorized VPN login attempts: 1 attempts were recorded from 166.1.131.105 2025-05-13T06:28:59+02: ... show more Unauthorized VPN login attempts: 1 attempts were recorded from 166.1.131.105 2025-05-13T06:28:59+02:00 vpn Access-Reject 'accessory' station: 166.1.131.105 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>' show less	Brute-Force Web App Attack
🇨🇿 lp	2025-05-12 04:50:20 (1 year ago)	Unauthorized VPN login attempts: 2 attempts were recorded from 166.1.131.105 2025-05-12T06:42:02+02: ... show more Unauthorized VPN login attempts: 2 attempts were recorded from 166.1.131.105 2025-05-12T06:42:02+02:00 vpn Access-Reject 'cortez' station: 166.1.131.105 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>' 2025-05-12T06:44:53+02:00 vpn Access-Reject 'prince' station: 166.1.131.105 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>' show less	Brute-Force Web App Attack

Showing 1 to 15 of 31 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 47.77.182.54

🇺🇸 44.229.240.79

🇺🇸 205.210.31.73

🇯🇵 203.25.124.135

🇻🇳 113.171.82.158

🇺🇸 104.29.157.92

🇺🇸 85.208.96.193

🇺🇸 45.79.92.218

🇨🇳 14.103.64.177

🇰🇷 222.239.251.12

🇯🇵 203.25.124.125

🇳🇱 195.178.110.30

🇳🇱 192.178.118.157

🇳🇱 192.42.116.16

🇺🇸 174.101.71.150

🇧🇷 143.0.191.57

🇬🇧 86.3.165.15

🇨🇳 58.212.237.13

🇳🇱 45.148.10.141

🇺🇸 44.199.2.52