JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 194.195.91.3

194.195.91.3 was found in our database!

This IP was reported 103 times. Confidence of Abuse is 53%: ?

53%

ISP	TerraTransit AG
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	terratransit.de
Country	🇸🇪 Sweden
City	Stockholm, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 194.195.91.3

Whois 194.195.91.3

IP Abuse Reports for 194.195.91.3:

This IP address has been reported a total of 103 times from 50 distinct sources. 194.195.91.3 was first reported on December 11th 2021, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-27 07:56:14 (2 hours ago)	(mod_security) mod_security (id:210492) triggered by 194.195.91.3 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 194.195.91.3 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 03:55:38.762107 2026] [security2:error] [pid 4334:tid 4334] [client 194.195.91.3:60753] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.iwsa.info"] [uri "/.git/config"] [unique_id "aj-B-vuXaMd5041wTREGjQAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Mykola Spesivtsev	2026-06-27 04:14:44 (5 hours ago)	HTTP Tarpit detected bot activity:TargetPort:80, Path:/debug.php, Method:GET, UA:Mozilla/5.0 (Window ... show more HTTP Tarpit detected bot activity:TargetPort:80, Path:/debug.php, Method:GET, UA:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/124.0.0.0 Safari/537.36 show less	Port Scan Web App Attack Bad Web Bot
🇩🇪 Mykola Spesivtsev	2026-06-27 03:12:19 (6 hours ago)	HTTP Tarpit detected bot activity:TargetPort:80, Path:/.git/COMMIT_EDITMSG, Method:GET, UA:Mozilla/5 ... show more HTTP Tarpit detected bot activity:TargetPort:80, Path:/.git/COMMIT_EDITMSG, Method:GET, UA:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 Chrome/124.0.0.0 Safari/537.36 show less	Port Scan Web App Attack Bad Web Bot
🇩🇪 Mykola Spesivtsev	2026-06-27 02:55:01 (7 hours ago)	HTTP Tarpit detected bot activity:TargetPort:80, Path:/package.json, Method:GET, UA:Mozilla/5.0 (Mac ... show more HTTP Tarpit detected bot activity:TargetPort:80, Path:/package.json, Method:GET, UA:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 Version/17.4 Safari/605.1.15 show less	Port Scan Web App Attack Bad Web Bot
🇺🇸 mccsoft.io	2026-06-27 00:10:49 (10 hours ago)	Web application attack / vulnerability scanning. Source sent 1 HTTP request(s) (1 distinct paths) to ... show more Web application attack / vulnerability scanning. Source sent 1 HTTP request(s) (1 distinct paths) to our public nginx web server on TCP 80/443, probing blocked/sensitive paths; all returned HTTP 444 (connection closed by security rule, jail nginx-444). Sample requests: GET /composer.json. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/124.0.0.0 Safari/537.3. Observed 2026-06-27 00:07:11 UTC. TCP handshake completed (requests fully received). Categories: Web App Attack / Bad Web Bot. show less	Bad Web Bot Web App Attack
🇩🇪 kkwemi	2026-06-26 20:34:26 (13 hours ago)	Blocked by block-exploit-paths on /.env.local	Bad Web Bot
Anonymous	2026-06-26 18:58:55 (15 hours ago)	fail2ban_an apache-modsecurity [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [uri "/src/co ... show more fail2ban_an apache-modsecurity [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [uri "/src/config.ini"] show less	Bad Web Bot Web App Attack
Anonymous	2026-06-26 18:38:19 (15 hours ago)	194.195.91.3 - - [26/Jun/2026:18:38:19 +0000] "GET /.htaccess HTTP/1.1" 403 3855 "-" "Mozilla/5.0 (W ... show more 194.195.91.3 - - [26/Jun/2026:18:38:19 +0000] "GET /.htaccess HTTP/1.1" 403 3855 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/123.0.0.0 Safari/537.36" ... show less	Brute-Force Web App Attack
Anonymous	2026-06-26 17:58:59 (16 hours ago)	194.195.91.3 - - [26/Jun/2026:19:58:58 +0200] "GET /.env.backup HTTP/1.1" 403 2368 "-" "Mozilla/5.0 ... show more 194.195.91.3 - - [26/Jun/2026:19:58:58 +0200] "GET /.env.backup HTTP/1.1" 403 2368 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 Version/17.3 Safari/605.1.15" ... show less	Brute-Force Web App Attack
Anonymous	2026-06-18 12:01:30 (1 week ago)	(PERMBLOCK) 194.195.91.3 (SE/Sweden/-) has had more than 4 temp blocks	Hacking
Anonymous	2026-06-18 09:55:13 (1 week ago)	(wordpress) Failed wordpress login from 194.195.91.3 (SE/Sweden/-)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-18 07:11:54 (1 week ago)	(mod_security) mod_security (id:225170) triggered by 194.195.91.3 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 194.195.91.3 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 03:11:49.101269 2026] [security2:error] [pid 15091:tid 15091] [client 194.195.91.3:20441] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|rblep.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "rblep.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ajOaNUXIie4RjrWfqlnlwwAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇦 URAN Publishing Service	2026-05-20 21:48:40 (1 month ago)	194.195.91.3 - - [21/May/2026:00:48:39 +0300] "GET /wp-content/plugins/seoplugins/db.php?u HTTP/1.1" ... show more 194.195.91.3 - - [21/May/2026:00:48:39 +0300] "GET /wp-content/plugins/seoplugins/db.php?u HTTP/1.1" 404 709 "-" "Go-http-client/1.1" ... show less	Web App Attack
🇮🇩 Burayot	2026-05-20 17:35:25 (1 month ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 194.195.91.3 (SE/Sweden/-): 2 in th ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 194.195.91.3 (SE/Sweden/-): 2 in the last 3600 secs show less	Web App Attack
🇺🇦 URAN Publishing Service	2026-05-20 16:50:13 (1 month ago)	194.195.91.3 - - [20/May/2026:19:50:12 +0300] "GET /wp-admin/dropdown.php HTTP/1.1" 404 711 "-" "Go- ... show more 194.195.91.3 - - [20/May/2026:19:50:12 +0300] "GET /wp-admin/dropdown.php HTTP/1.1" 404 711 "-" "Go-http-client/1.1" ... show less	Web App Attack

Showing 1 to 15 of 103 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇻🇳 27.79.40.230

🇪🇸 217.154.106.153

🇹🇼 211.21.155.132

🇩🇪 193.124.20.253

🇭🇺 134.255.95.34

🇨🇳 114.98.230.202

🇷🇴 80.94.92.109

🇱🇹 77.90.185.249

🇺🇸 69.49.246.176

🇺🇸 54.81.135.102

🇬🇧 45.82.76.125

🇧🇷 20.197.235.22

🇳🇱 185.93.89.154

🇪🇸 130.195.250.68

🇨🇳 118.31.76.150

🇨🇳 117.34.85.168

🇻🇳 103.153.254.96

🇧🇬 79.124.62.230

🇺🇸 66.132.172.231

🇳🇱 45.148.10.147