JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 193.105.134.254

193.105.134.254 was found in our database!

This IP was reported 44 times. Confidence of Abuse is 46%: ?

46%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	w1n ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS42237
Domain Name	w1n.nl
Country	🇸🇪 Sweden
City	Stockholm, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 193.105.134.254

Whois 193.105.134.254

IP Abuse Reports for 193.105.134.254:

This IP address has been reported a total of 44 times from 26 distinct sources. 193.105.134.254 was first reported on January 18th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 gnom4ik	2026-06-19 07:56:07 (1 week ago)	ban-reviewer auto report; ip=193.105.134.254; scenario=http:scan; scenario_context=http:scan,tor-exi ... show more ban-reviewer auto report; ip=193.105.134.254; scenario=http:scan; scenario_context=http:scan,tor-exit-nodes; verdict=valid_ban; confidence=0.92; categories=14,15,18,22; active_decisions=2; lookback_decisions=2; nginx_requests=0; appsec_matches=0; auth_events=0; kernel_events=0; signals=ip_decision_count_high show less	Port Scan Hacking Brute-Force SSH
🇺🇸 mnsf	2026-06-18 01:12:20 (1 week ago)	Abuse Detected (1)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 16:44:17 (1 week ago)	(mod_security) mod_security (id:225170) triggered by 193.105.134.254 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 193.105.134.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 12:44:13.513987 2026] [security2:error] [pid 32469:tid 32469] [client 193.105.134.254:52104] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|lightupaustralia.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "lightupaustralia.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajLO3faHUUDh2I05cOe99AAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 oncord	2026-06-17 15:58:48 (1 week ago)	Form spam	Web Spam
🇷🇴 INTEQ	2026-06-14 21:54:42 (1 week ago)	Web attack from 193.105.134.254	Web App Attack
🇮🇹 LTM	2026-06-09 06:20:01 (2 weeks ago)	WebServer - Attempts to exploit	Hacking Brute-Force Web App Attack
🇦🇺 oncord	2026-06-07 03:09:47 (2 weeks ago)	Form spam	Web Spam
🇺🇸 xmission.com	2026-06-04 16:08:03 (3 weeks ago)	Blocked by UFW (TCP on 36277) Source port: 33772 TTL: 52 Packet length: 60 TOS: 0x00 This report (f ... show more Blocked by UFW (TCP on 36277) Source port: 33772 TTL: 52 Packet length: 60 TOS: 0x00 This report (for 193.105.134.254) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 oncord	2026-06-04 06:56:37 (3 weeks ago)	Form spam	Web Spam
🇺🇸 TPI-Abuse	2026-05-31 11:56:03 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 193.105.134.254 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 193.105.134.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 07:55:56.062469 2026] [security2:error] [pid 11299:tid 11299] [client 193.105.134.254:48006] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|cbrtome.cl\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cbrtome.cl"] [uri "/dump.sql"] [unique_id "ahwhzCkX_WKtFxLzJvfPqAAAAAY"], referer: cbrtome.cl/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 00:59:14 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 193.105.134.254 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 193.105.134.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 30 20:59:08.174849 2026] [security2:error] [pid 1943:tid 1943] [client 193.105.134.254:54288] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|buenasfrecuencias.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "buenasfrecuencias.com"] [uri "/dump.sql"] [unique_id "ahuH3FGq1udW5FERPJxcvQAAAAA"], referer: buenasfrecuencias.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇧🇷 ICS Labs	2026-05-23 14:08:07 (1 month ago)	ICS Labs identified 193.105.134.254 as a malicious indicator from threat intelligence.	DDoS Attack Hacking Exploited Host
🇺🇸 oncord	2026-05-19 06:32:17 (1 month ago)	Form spam	Web Spam
🇦🇺 oncord	2026-05-16 11:52:32 (1 month ago)	Form spam	Web Spam
🇦🇺 oncord	2026-05-11 21:09:31 (1 month ago)	Form spam	Web Spam

Showing 1 to 15 of 44 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 147.185.132.201

🇺🇸 205.210.31.92

🇲🇾 183.171.41.105

🇳🇱 176.65.139.233

🇰🇷 175.207.239.222

🇲🇽 170.239.150.15

🇺🇸 162.216.149.166

🇮🇳 152.32.156.138

🇫🇮 147.185.133.163

🇭🇰 121.202.206.76

🇨🇳 111.57.17.167

🇦🇲 46.130.54.153

🇬🇧 35.203.211.160

🇪🇸 193.46.192.20

🇧🇷 189.15.77.32

🇺🇸 162.216.149.215

🇳🇱 81.19.216.125

🇬🇧 35.203.210.68

🇵🇰 223.123.44.118

🇺🇸 172.66.47.73