JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.253.27.67

103.253.27.67 was found in our database!

This IP was reported 109 times. Confidence of Abuse is 62%: ?

62%

ISP	AXGN
Usage Type	Data Center/Web Hosting/Transit
ASN	AS133210
Hostname(s)	reflexive.thetacut.com
Domain Name	axgn.com.sg
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.253.27.67

Whois 103.253.27.67

IP Abuse Reports for 103.253.27.67:

This IP address has been reported a total of 109 times from 45 distinct sources. 103.253.27.67 was first reported on March 23rd 2026, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇩 Burayot	2026-05-26 16:20:38 (1 month ago)	LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 103.253.27.67 (SG/Singapore/reflexiv ... show more LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 103.253.27.67 (SG/Singapore/reflexive.thetacut.com): 2 in the last 3600 secs show less	Web App Attack
🇮🇩 soc-yk	2026-05-26 09:46:10 (1 month ago)	Type: suspicious_network_activity Threat: normal_public_web_client Risk: 100 Events: 1128 Evidence: ... show more Type: suspicious_network_activity Threat: normal_public_web_client Risk: 100 Events: 1128 Evidence: - Persistent suspicious network activity detected - Repeated hostile operational behavior observed - Multi-event operational persistence identified - Threat escalation behavior observed show less	Port Scan Hacking
🇮🇩 soc-yk	2026-05-26 07:22:11 (1 month ago)	Type: web_scanning Threat: public_web_exploitation_scanner Risk: 100 Events: 987 Evidence: - Automa ... show more Type: web_scanning Threat: public_web_exploitation_scanner Risk: 100 Events: 987 Evidence: - Automated hostile web probing detected - Repeated web scanning activity observed - Multi-event operational persistence identified show less	Web App Attack
🇺🇸 mawan	2026-05-25 21:01:24 (1 month ago)	Suspected of having performed illicit activity on LAX server.	Web App Attack
🇦🇺 clapper	2026-05-25 10:48:16 (1 month ago)	(mod_security) mod_security (id:949110) triggered by 103.253.27.67 (SG/Singapore/reflexive.thetacut. ... show more (mod_security) mod_security (id:949110) triggered by 103.253.27.67 (SG/Singapore/reflexive.thetacut.com): 3 in the last 3600 secs; ID: LUC show less	Brute-Force Bad Web Bot
🇮🇩 itsocindo	2026-05-25 07:15:13 (1 month ago)	Type: web_scanning Threat: public_web_exploitation_scanner Risk: 100 Events: 423 Evidence: - Automa ... show more Type: web_scanning Threat: public_web_exploitation_scanner Risk: 100 Events: 423 Evidence: - Automated hostile web probing detected - Repeated web scanning activity observed - Multi-event operational persistence identified - Threat escalation behavior observed show less	Web App Attack
🇩🇪 LRob.fr	2026-05-25 03:00:06 (1 month ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-25 01:25:29 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 103.253.27.67 (reflexive.thetacut.com): 1 in th ... show more (mod_security) mod_security (id:210492) triggered by 103.253.27.67 (reflexive.thetacut.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 24 21:25:23.870805 2026] [security2:error] [pid 7938:tid 7938] [client 103.253.27.67:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.hondabvi.com"] [uri "/sftp-config.json"] [unique_id "ahOlA9OLEiFb8M_Bd-iebAAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 big-cloud.nl	2026-05-24 23:37:47 (1 month ago)	Try to access /.vscode/sftp.json	Web App Attack
🇬🇧 consul.to	2026-05-24 21:36:56 (1 month ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 TPI-Abuse	2026-05-24 21:20:07 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 103.253.27.67 (reflexive.thetacut.com): 1 in th ... show more (mod_security) mod_security (id:210492) triggered by 103.253.27.67 (reflexive.thetacut.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 24 17:20:01.834156 2026] [security2:error] [pid 10044:tid 10044] [client 103.253.27.67:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.nextmoon.com"] [uri "/sftp-config.json"] [unique_id "ahNrgQdZnGXPKgyCHRN5MgAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-24 15:55:19 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 103.253.27.67 (reflexive.thetacut.com): 1 in th ... show more (mod_security) mod_security (id:210492) triggered by 103.253.27.67 (reflexive.thetacut.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 24 11:55:16.071657 2026] [security2:error] [pid 21031:tid 21031] [client 103.253.27.67:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "eddysgroup.com"] [uri "/sftp-config.json"] [unique_id "ahMfZF5yN-0BMheG5oQuiAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 lindi	2026-05-24 14:45:44 (1 month ago)	Probing for resource vulnerabilities ...	Web Spam Brute-Force Bad Web Bot Exploited Host Web App Attack
🇳🇱 Savvii	2026-05-24 11:14:33 (1 month ago)	15 attempts against mh-mag-login-ban on sun	Web App Attack
🇺🇸 mnsf	2026-05-24 09:05:10 (1 month ago)	Too many Status 40X (16)	Brute-Force Web App Attack

Showing 1 to 15 of 109 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 66.132.195.74

🇺🇸 20.64.106.18

🇺🇸 2604:a940:300:5b6:0:28::

🇹🇭 223.204.88.211

🇺🇸 216.244.66.246

🇭🇰 199.45.155.64

🇧🇪 198.235.24.197

🇳🇱 176.65.149.220

🇺🇸 172.190.51.254

🇺🇸 162.216.150.192

🇺🇸 162.216.149.92

🇺🇸 147.185.132.16

🇩🇪 144.76.22.234

🇺🇸 104.152.52.223

🇺🇸 104.152.52.218

🇺🇸 104.152.52.212

🇺🇸 104.152.52.205

🇺🇸 104.152.52.202

🇧🇩 103.183.62.2

🇬🇧 35.203.210.210