JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 192.121.44.27

192.121.44.27 was found in our database!

This IP was reported 132 times. Confidence of Abuse is 89%: ?

89%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	Playstar, Sweden
Usage Type	Data Center/Web Hosting/Transit
ASN	AS199950
Hostname(s)	tor-relay02.playstar.se
Domain Name	playstar.se
Country	🇸🇪 Sweden
City	Stockholm, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 192.121.44.27

Whois 192.121.44.27

IP Abuse Reports for 192.121.44.27:

This IP address has been reported a total of 132 times from 61 distinct sources. 192.121.44.27 was first reported on June 28th 2024, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇷 ICS Labs	2026-06-05 19:45:47 (1 day ago)	ICS Labs identified 192.121.44.27 as a malicious indicator from threat intelligence.	DDoS Attack Hacking Brute-Force Exploited Host
🇳🇱 BIV	2026-06-05 18:25:46 (1 day ago)	Honeypot multi-source hit. Sources: tpot:Fatt,tpot:P0f,tpot:Suricata. Ports: 443. Automated tiered ( ... show more Honeypot multi-source hit. Sources: tpot:Fatt,tpot:P0f,tpot:Suricata. Ports: 443. Automated tiered (T-Pot+DShield). show less	Port Scan Hacking Bad Web Bot
🇺🇸 mnsf	2026-06-05 00:05:22 (2 days ago)	Abuse Detected (1)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 16:51:03 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 192.121.44.27 (tor-relay02.playstar.se): 1 in t ... show more (mod_security) mod_security (id:210492) triggered by 192.121.44.27 (tor-relay02.playstar.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 12:50:58.639019 2026] [security2:error] [pid 32112:tid 32133] [client 192.121.44.27:45602] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.isa-logistics.com"] [uri "/.git/config"] [unique_id "aiGs8jU8mvD9xXYAI7UeqgAAAEw"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ger-stg-sifi1	2026-06-03 07:59:09 (4 days ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇩🇪 ger-stg-sifi1	2026-06-02 03:47:26 (5 days ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇺🇸 TPI-Abuse	2026-06-01 20:09:48 (5 days ago)	(mod_security) mod_security (id:225170) triggered by 192.121.44.27 (tor-relay02.playstar.se): 1 in t ... show more (mod_security) mod_security (id:225170) triggered by 192.121.44.27 (tor-relay02.playstar.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 16:09:43.694008 2026] [security2:error] [pid 24361:tid 24361] [client 192.121.44.27:46614] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|ritterlien.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ritterlien.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ah3nBzxE6tnWcw-suyMqAgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-30 03:31:58 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 192.121.44.27 (tor-relay02.playstar.se): 1 in t ... show more (mod_security) mod_security (id:240335) triggered by 192.121.44.27 (tor-relay02.playstar.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 23:31:49.281711 2026] [security2:error] [pid 13766:tid 13831] [client 192.121.44.27:58226] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 192.121.44.27 (+1 hits since last alert)\|seriousgames-system.info\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "seriousgames-system.info"] [uri "/xmlrpc.php"] [unique_id "ahpaJfTy7GgMMBaFfoXKowAAAIM"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 4server	2026-05-29 21:13:42 (1 week ago)	[FriMay2923:13:38.4808262026][security2:error][pid2772092:tid2772226][client192.121.44.27:0]ModSecur ... show more [FriMay2923:13:38.4808262026][security2:error][pid2772092:tid2772226][client192.121.44.27:0]ModSecurity:Accessdeniedwithcode403$phase1$.Patternmatch\"$\?i$$\?:/\(\?:\^\\|/$\\\\\\\\.$env\\|git\\|svn\\|hg\\|DS_Store$\\|/$\?:wp-config\\|\\\\\\\\.htaccess\\|\\\\\\\\.htpasswd$\\|\\\\\\\\.$\?:sql\\|bak\\|old\\|log$\$\)\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"156\"][id\"960720\"][msg\"Forbiddenfileaccessattempt\"][severity\"CRITICAL\"][hostname\"bianchitecno.ch\"][uri\"/dump.sql\"][unique_id\"ahoBgplMRslno4-il1WxfwAAAQw\"]\,referer:bianchitecno.ch/dump.sql show less	Port Scan Brute-Force Web App Attack
🇫🇮 YF	2026-05-29 01:02:19 (1 week ago)	WordPress directory enumeration	Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 18:49:48 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 192.121.44.27 (tor-relay02.playstar.se): 1 in t ... show more (mod_security) mod_security (id:210730) triggered by 192.121.44.27 (tor-relay02.playstar.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 14:49:42.106733 2026] [security2:error] [pid 32723:tid 32723] [client 192.121.44.27:36320] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|edgecombe.net\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "edgecombe.net"] [uri "/dump.sql"] [unique_id "ahiORs0TnQxlOSDdfC9XhAAAAAo"], referer: edgecombe.net/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-28 13:52:17 (1 week ago)	Attac	Brute-Force
🇺🇸 TPI-Abuse	2026-05-27 21:03:29 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 192.121.44.27 (tor-relay02.playstar.se): 1 in t ... show more (mod_security) mod_security (id:210730) triggered by 192.121.44.27 (tor-relay02.playstar.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 17:03:21.825793 2026] [security2:error] [pid 23135:tid 23135] [client 192.121.44.27:39064] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|orentika.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "orentika.com"] [uri "/dump.sql"] [unique_id "ahdcGYJFVUTBrcruAOZI8AAAAAQ"], referer: orentika.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 10:11:26 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 192.121.44.27 (tor-relay02.playstar.se): 1 in t ... show more (mod_security) mod_security (id:210730) triggered by 192.121.44.27 (tor-relay02.playstar.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 06:11:20.139192 2026] [security2:error] [pid 14201:tid 14201] [client 192.121.44.27:34040] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|greathomesrealty.net\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "greathomesrealty.net"] [uri "/dump.sql"] [unique_id "ahbDSEPI7vn3e5s3Uk45DAAAAAQ"], referer: greathomesrealty.net/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 22:38:01 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 192.121.44.27 (tor-relay02.playstar.se): 1 in t ... show more (mod_security) mod_security (id:210730) triggered by 192.121.44.27 (tor-relay02.playstar.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 18:37:54.386664 2026] [security2:error] [pid 31596:tid 31596] [client 192.121.44.27:33194] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|cleanbuildingservices.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cleanbuildingservices.com"] [uri "/dump.sql"] [unique_id "ahYgwgAx0r11y4S74zBHNAAAAAU"], referer: cleanbuildingservices.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 132 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 213.177.179.159

🇮🇳 203.145.143.163

🇻🇳 171.244.201.80

🇮🇳 143.110.186.36

🇳🇱 89.190.156.4

🇺🇸 79.127.132.191

🇺🇸 74.48.84.136

🇩🇪 4.182.219.135

🇫🇷 2a02:4780:27:2222:0:2886:a7c7:1

🇰🇷 221.167.202.166

🇨🇳 218.78.132.164

🇲🇽 186.96.145.241

🇱🇾 102.203.197.6

🇮🇷 94.101.184.145

🇰🇷 43.133.69.37

🇺🇦 37.221.129.198

🇺🇸 13.220.227.97

🇷🇺 217.197.248.40

🇧🇷 189.20.181.138

🇺🇸 174.129.102.148