JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 193.189.100.204

193.189.100.204 was found in our database!

This IP was reported 2,415 times. Confidence of Abuse is 100%: ?

100%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	KeFF Networks Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS41281
Hostname(s)	tor-exit-11
Domain Name	keff.org
Country	🇸🇪 Sweden
City	Stockholm, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 193.189.100.204

Whois 193.189.100.204

IP Abuse Reports for 193.189.100.204:

This IP address has been reported a total of 2,415 times from 418 distinct sources. 193.189.100.204 was first reported on May 6th 2021, and the most recent report was 3 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 SpaceHost-Server	2026-06-17 22:28:31 (3 hours ago)		Brute-Force Web App Attack
🇩🇪 LRob.fr	2026-06-16 20:30:05 (1 day ago)	Repeated attacks detected by Fail2Ban in recidive jail	Hacking
🇮🇪 RoboSOC	2026-06-16 08:34:37 (1 day ago)	ThinkPHP Remote Code Execution Vulnerability , PTR: tor-exit-11.	Web App Attack
🇩🇪 LRob.fr	2026-06-16 01:30:11 (2 days ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇩🇪 4server	2026-06-15 14:16:00 (2 days ago)	[MonJun1516:15:55.0637862026][security2:error][pid72768:tid72888][client193.189.100.204:0]ModSecurit ... show more [MonJun1516:15:55.0637862026][security2:error][pid72768:tid72888][client193.189.100.204:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"serversvizzera.ch\"][uri\"/\"][unique_id\"ajAJG6fwTEtp9SNMy9ky7AAAAJI\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 nyt	2026-06-14 20:36:24 (3 days ago)	Brute-Force, Web App Attack, suspicious: XMLRPC Attack	Brute-Force Web App Attack
🇪🇸 masterguru	2026-06-14 09:13:37 (3 days ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (5000900-122)	Web App Attack
🇺🇸 nyt	2026-06-13 11:23:11 (4 days ago)	Brute-Force, Web App Attack, suspicious: XMLRPC Attack	Brute-Force Web App Attack
🇫🇷 MatStef132	2026-06-12 22:48:30 (5 days ago)	MatShield L7: blocked on mathost.eu (suspicious behaviour)	DDoS Attack
🇳🇱 Site.eu	2026-06-12 17:14:07 (5 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇩🇪 4server	2026-06-12 14:03:08 (5 days ago)	[FriJun1216:03:03.8126322026][security2:error][pid3814064:tid3814143][client193.189.100.204:0]ModSec ... show more [FriJun1216:03:03.8126322026][security2:error][pid3814064:tid3814143][client193.189.100.204:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"vg13.ch\"][uri\"/xmlrpc.php\"][unique_id\"aiwRlx8QwSJ16xFISonF-AAAAI0\"] show less	Port Scan Brute-Force Web App Attack
🇸🇰 KSBA	2026-06-12 05:41:48 (5 days ago)	Automatic report from KSBA firewall log.	Port Scan Hacking Brute-Force
Anonymous	2026-06-12 05:21:00 (5 days ago)	malicious link spam from 193.189.100.204 Thu, 11 Jun 2026 21:41:25 -0700 (PDT) Payment No. 616509 ... show more malicious link spam from 193.189.100.204 Thu, 11 Jun 2026 21:41:25 -0700 (PDT) Payment No. 616509 GET ACCESS > graph.org/The-Best-AI-Sex-Girlfriend-05-11? show less	Fraud Orders Email Spam Spoofing Exploited Host Phishing
🇨🇦 KIsmay	2026-06-11 14:00:33 (6 days ago)	Jun 11 07:00:04 ismay WPAudit[1392647]: 193.189.100.204 christinesutherland.com "Mozilla/5.0 (X11; L ... show more Jun 11 07:00:04 ismay WPAudit[1392647]: 193.189.100.204 christinesutherland.com "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" wyatt:@123123@ FAIL Jun 11 07:00:14 ismay WPAudit[1392647]: 193.189.100.204 christinesutherland.com "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" wyatt:Nea@123 FAIL Jun 11 07:00:20 ismay WPAudit[1392671]: 193.189.100.204 christinesutherland.com "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" wyatt:aWP73.ajwNsUArH FAIL Jun 11 07:00:27 ismay WPAudit[1392671]: 193.189.100.204 christinesutherland.com "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" wyatt:asdfghnbvcxzQWEsadg@ FAIL Jun 11 07:00:32 ismay WPAudit[1392671]: 193.189.100.204 christinesutherland.com "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0 ... show less	Brute-Force Web App Attack
🇩🇪 big-cloud.nl	2026-06-11 13:53:37 (6 days ago)	Try to access /xmlrpc.php	Web App Attack

Showing 1 to 15 of 2415 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2a09:bac5:6d77:e3c::16b:135

🇹🇼 198.235.24.127

🇮🇶 185.166.25.150

🇧🇷 177.55.72.72

🇺🇸 152.32.150.29

🇨🇭 138.199.6.196

🇮🇳 128.185.212.178

🇨🇳 121.229.107.184

🇺🇸 65.49.1.66

🇳🇱 46.151.178.13

🇳🇱 45.156.87.254

🇵🇪 38.250.131.59

🇷🇺 5.104.46.214

🇵🇱 194.180.48.33

🇵🇾 181.123.62.210

🇹🇭 165.154.119.158

🇱🇾 165.16.98.67

🇺🇸 135.233.97.43

🇨🇳 101.126.81.213

🇺🇦 5.104.59.94