JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.94.34.81

185.94.34.81 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 14%: ?

14%

ISP	Fast Servers (Pty) Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS59651
Domain Name	traffictransitsolution.us
Country	🇷🇺 Russian Federation
City	Slantsy, Leningradskaya Oblast'

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.94.34.81

Whois 185.94.34.81

IP Abuse Reports for 185.94.34.81:

This IP address has been reported a total of 19 times from 12 distinct sources. 185.94.34.81 was first reported on December 13th 2023, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇮 JimArchon72	2026-05-31 20:10:01 (3 weeks ago)	2026/05/31 20:08:42 "GET /wp-login.php?action=register HTTP/1.1"	Web App Attack
🇺🇸 TPI-Abuse	2026-05-22 11:42:59 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 185.94.34.81 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 185.94.34.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 22 07:42:56.658363 2026] [security2:error] [pid 26009:tid 26009] [client 185.94.34.81:51535] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "weddingmusicguitar.com"] [uri "/wp-config.php~"] [unique_id "ahBBQKFLo6sHrAU4HF0R1QAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-20 21:23:50 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 185.94.34.81 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 185.94.34.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 20 17:23:44.552582 2026] [security2:error] [pid 20095:tid 20095] [client 185.94.34.81:52283] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.txt" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.bosdkbook.joepeters.org"] [uri "/wp-config.txt"] [unique_id "ag4mYAoybc1Uhd3r97FxZAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-20 16:13:51 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 185.94.34.81 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 185.94.34.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 20 12:13:48.270804 2026] [security2:error] [pid 22686:tid 22686] [client 185.94.34.81:50915] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "stantontownship.org"] [uri "/wp-config.php~"] [unique_id "ag3dvH1p48NJgulK5RP0LwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 4server	2026-04-30 20:10:28 (1 month ago)	[ThuApr3022:10:24.1012382026][security2:error][pid4107206:tid4107988][client185.94.34.81:0]ModSecuri ... show more [ThuApr3022:10:24.1012382026][security2:error][pid4107206:tid4107988][client185.94.34.81:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Matchof\"rx\(\^/components/com_clm/clm/\)\"against\"REQUEST_URI\"required.[file\"/etc/apache2/conf.d/modsec_rules/50_asl_rootkits.conf\"][line\"197\"][id\"390904\"][rev\"15\"][msg\"Atomicorp.comWAFRules:PossibleShellCommandAttempt\"][data\"echo\"][severity\"CRITICAL\"][hostname\"mondo-it.ch\"][uri\"/wp-includes/theme.php\"][unique_id\"afO3MJbaoKfgp5qd3XlN2gAAAFU\"] show less	Hacking Web App Attack
🇺🇸 Matthew Ping	2026-04-17 11:45:02 (2 months ago)	ModSecurity rule 949110 triggered on dedicated. Web application attack blocked by CSF/LFD.	Web App Attack Hacking
🇨🇭 backslash	2025-06-19 21:25:05 (1 year ago)	block ruleset CC531825F9395F9A07FB06C1247C46770A2690F8	Bad Web Bot
🇮🇹 www.tana.it	2025-03-29 15:25:40 (1 year ago)	PHP scan	Web App Attack
🇺🇸 jkhorvath.com	2025-03-12 14:33:03 (1 year ago)	Request for URL /ACMS	Phishing Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2024-12-01 07:45:52 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 185.94.34.81 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 185.94.34.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 01 02:45:45.357998 2024] [security2:error] [pid 3684299:tid 3684299] [client 185.94.34.81:57853] [client 185.94.34.81] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|vitalitywebb.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "vitalitywebb.com"] [uri "/backstore/Barcalounger/Images/Clive/Thumbs.db"] [unique_id "Z0wUKVa4BpI0LSkg5kvjjgAAABA"], referer: https://vitalitywebb.com/backstore/Barcalounger/Images/Clive/ show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 on-com	2024-09-22 14:23:32 (1 year ago)	URL scan	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2024-08-27 09:44:56 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 185.94.34.81 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 185.94.34.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 27 05:44:49.277439 2024] [security2:error] [pid 2704168:tid 2704168] [client 185.94.34.81:64233] [client 185.94.34.81] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.accordionstars.com\|F\|2"] [data ".accordionfactory.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.accordionstars.com"] [uri "/www.accordionfactory.com"] [unique_id "Zs2gEdQy-MoaiEj-TBcmEQAAAA4"], referer: http://www.accordionstars.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-05-24 04:16:22 (2 years ago)	(mod_security) mod_security (id:210730) triggered by 185.94.34.81 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 185.94.34.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 24 00:16:15.668817 2024] [security2:error] [pid 8362] [client 185.94.34.81:32267] [client 185.94.34.81] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|vitalitywebb.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "vitalitywebb.com"] [uri "/backstore/Barcalounger/Images/Danbury II/Stetson Bordeaux/Thumbs.db"] [unique_id "ZlAUjxQHqmTzl7Zx80pejQAAAAo"], referer: https://vitalitywebb.com/backstore/Barcalounger/Images/Danbury%20II/Stetson%20Bordeaux/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 backslash	2024-05-19 06:30:47 (2 years ago)	honeypot detection	Bad Web Bot
🇬🇧 essinghigh	2024-05-01 05:56:41 (2 years ago)	1714543001 # Service_probe # SIGNATURE_SEND # source_ip:185.94.34.81 # dst_port:5607 ...	Port Scan

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 194.195.208.25

🇧🇩 103.132.179.129

🇺🇸 2a04:c603:409:93:9999::136

🇬🇧 165.232.38.41

🇮🇱 109.226.27.227

🇺🇸 104.21.82.73

🇧🇩 103.127.1.136

🇳🇱 45.148.10.141

🇮🇩 43.129.33.244

🇧🇪 35.195.147.118

🇸🇦 2001:16a2:2b6:bb00:6987:1fa8:3a33:a246

🇧🇷 200.248.202.115

🇳🇱 195.178.110.30

🇸🇬 194.5.82.63

🇳🇱 176.65.139.254

🇨🇳 117.184.44.55

🇷🇺 104.28.198.243

🇸🇪 83.191.181.23

🇧🇾 81.30.98.142

🇱🇻 81.30.98.62