JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 93.95.228.125

93.95.228.125 was found in our database!

This IP was reported 1,109 times. Confidence of Abuse is 81%: ?

81%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	VPS1-NET
Usage Type	Data Center/Web Hosting/Transit
ASN	AS44925
Hostname(s)	manor.torexit.syndicateguys.com
Domain Name	1984.is
Country	🇮🇸 Iceland
City	Reykjavik, Capital Region

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 93.95.228.125

Whois 93.95.228.125

IP Abuse Reports for 93.95.228.125:

This IP address has been reported a total of 1,109 times from 395 distinct sources. 93.95.228.125 was first reported on January 24th 2024, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 4server	2026-06-14 16:08:48 (1 day ago)	[SunJun1418:08:45.0735842026][security2:error][pid2397642:tid2397734][client93.95.228.125:0]ModSecur ... show more [SunJun1418:08:45.0735842026][security2:error][pid2397642:tid2397734][client93.95.228.125:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"specialfood.ch\"][uri\"/xmlrpc.php\"][unique_id\"ai7SDd15MTOqNeYm5uzJWAAAAMY\"] show less	Port Scan Brute-Force Web App Attack
🇩🇪 big-cloud.nl	2026-06-14 09:25:50 (1 day ago)	Try to access /xmlrpc.php	Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 12:03:46 (4 days ago)	(mod_security) mod_security (id:225170) triggered by 93.95.228.125 (manor.torexit.syndicateguys.com) ... show more (mod_security) mod_security (id:225170) triggered by 93.95.228.125 (manor.torexit.syndicateguys.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 08:03:38.664357 2026] [security2:error] [pid 19215:tid 19215] [client 93.95.228.125:37338] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|doctoredwinalvarez.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "doctoredwinalvarez.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aiqkGsg0Pl6i14kzHipdhwAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 oncord	2026-06-11 02:19:24 (5 days ago)	Form spam	Web Spam
🇩🇪 big-cloud.nl	2026-06-10 02:15:41 (6 days ago)	Try to access /xmlrpc.php	Web App Attack
Anonymous	2026-06-09 14:35:21 (6 days ago)	This IP was involved in an brute force and password spray attack on 2026/06/09 09:33:30	Port Scan Brute-Force Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 20:46:23 (1 week ago)	(mod_security) mod_security (id:225170) triggered by 93.95.228.125 (manor.torexit.syndicateguys.com) ... show more (mod_security) mod_security (id:225170) triggered by 93.95.228.125 (manor.torexit.syndicateguys.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 16:46:18.463463 2026] [security2:error] [pid 6067:tid 6067] [client 93.95.228.125:44038] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|boaredraven.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "boaredraven.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aicqGm4CUOCxJXk3g1gHVwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇴 sh97	2026-06-07 09:34:50 (1 week ago)	185: SSH Brute Force from 93.95.228.125 at 2026-06-07 14:56:09 IST	Brute-Force SSH
🇧🇷 ICS Labs	2026-06-05 19:46:42 (1 week ago)	ICS Labs identified 93.95.228.125 as a malicious indicator from threat intelligence.	DDoS Attack Hacking Brute-Force Exploited Host
Anonymous	2026-06-03 16:48:38 (1 week ago)	2026-06-03T20:18:21.895914+03:30 digitalogic sshd-session[583925]: pam_unix(sshd:auth): authenticati ... show more 2026-06-03T20:18:21.895914+03:30 digitalogic sshd-session[583925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.95.228.125 2026-06-03T20:18:24.267265+03:30 digitalogic sshd-session[583925]: Failed password for invalid user admin from 93.95.228.125 port 35526 ssh2 2026-06-03T20:18:33.357829+03:30 digitalogic sshd-session[583925]: Connection closed by invalid user admin 93.95.228.125 port 35526 [preauth] ... show less	Brute-Force SSH
🇳🇱 BlueWire Hosting	2026-06-01 10:52:41 (2 weeks ago)	Probing websites for vulnerabilities	Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 16:41:31 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 93.95.228.125 (manor.torexit.syndicateguys.com) ... show more (mod_security) mod_security (id:210492) triggered by 93.95.228.125 (manor.torexit.syndicateguys.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 12:41:27.685568 2026] [security2:error] [pid 25406:tid 25406] [client 93.95.228.125:36052] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.deserttrails.net"] [uri "/.git/config"] [unique_id "ahxkt8yq-EtAcC-s6VbQmAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-05-31 09:05:25 (2 weeks ago)	Abuse Detected (1)	Brute-Force Web App Attack
🇺🇸 Mundo Bueno	2026-05-29 01:43:19 (2 weeks ago)	[ISILIA Protection v2.1] Tentative d'accès: /readme.html \| Pays: T1 \| UA: Mozilla/5.0 (X11; Linux x8 ... show more [ISILIA Protection v2.1] Tentative d'accès: /readme.html \| Pays: T1 \| UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.3 show less	Hacking Web App Attack
🇦🇺 oncord	2026-05-28 21:44:20 (2 weeks ago)	Form spam	Web Spam

Showing 1 to 15 of 1109 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.226

🇰🇷 183.103.201.4

🇮🇹 172.253.12.149

🇩🇪 167.94.145.19

🇺🇸 161.35.3.215

🇺🇸 130.131.161.148

🇺🇸 109.105.209.111

🇫🇷 91.231.89.47

🇮🇷 80.191.103.21

🇫🇮 65.109.208.248

🇺🇸 64.23.156.7

🇩🇪 63.177.100.126

🇬🇧 35.203.210.148

🇫🇷 185.194.219.72

🇮🇶 185.166.25.150

🇰🇷 182.31.145.2

🇮🇳 168.144.185.145

🇫🇷 146.59.159.179

🇺🇸 143.42.1.191

🇹🇭 124.122.129.177