JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.166.189.194

104.166.189.194 was found in our database!

This IP was reported 27 times. Confidence of Abuse is 17%: ?

17%

ISP	Zenlayer Inc
Usage Type	Data Center/Web Hosting/Transit
ASN	AS21859
Domain Name	zenlayer.com
Country	🇳🇱 Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.166.189.194

Whois 104.166.189.194

IP Abuse Reports for 104.166.189.194:

This IP address has been reported a total of 27 times from 19 distinct sources. 104.166.189.194 was first reported on February 17th 2025, and the most recent report was 14 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-22 16:54:41 (14 hours ago)	(mod_security) mod_security (id:225170) triggered by 104.166.189.194 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 104.166.189.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 12:54:36.833537 2026] [security2:error] [pid 11864:tid 11864] [client 104.166.189.194:56308] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|huboon.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "huboon.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajlozL8wjMdObt0FJDPu3QAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 VHosting	2026-06-22 07:00:05 (1 day ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇮🇹 VHosting	2026-05-02 04:15:08 (1 month ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇫🇮 Shaik Sai Meera	2026-04-08 07:40:13 (2 months ago)	IM360 WAF: Hidden file access	Brute-Force
🇮🇹 VHosting	2026-03-07 12:25:05 (3 months ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇩🇪 stinpriza	2026-02-11 14:57:03 (4 months ago)	Web App Attack	Web App Attack
🇺🇸 TPI-Abuse	2026-01-20 11:50:07 (5 months ago)	(mod_security) mod_security (id:240335) triggered by 104.166.189.194 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 104.166.189.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 20 06:49:59.541470 2026] [security2:error] [pid 6048:tid 6054] [client 104.166.189.194:59952] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 104.166.189.194 (+1 hits since last alert)\|realauthentic.coffee\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "realauthentic.coffee"] [uri "/xmlrpc.php"] [unique_id "aW9r57DJ90p_og0nM8hWBgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 VHosting	2025-12-02 23:10:03 (6 months ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
Anonymous	2025-08-27 05:27:34 (9 months ago)	(smtpauth) Failed SMTP AUTH login from 104.166.189.194 (NL/The Netherlands/North Holland/Amsterdam/- ... show more (smtpauth) Failed SMTP AUTH login from 104.166.189.194 (NL/The Netherlands/North Holland/Amsterdam/-/[redacted]) show less	Brute-Force
Anonymous	2025-08-27 04:30:23 (9 months ago)	Failed login attempt detected by Fail2Ban in plesk-postfix jail	Brute-Force
🇨🇿 lp	2025-08-27 03:23:06 (9 months ago)	Email account brute force: 2 attempts were recorded from 104.166.189.194 2025-08-27T04:49:03+02:00 w ... show more Email account brute force: 2 attempts were recorded from 104.166.189.194 2025-08-27T04:49:03+02:00 warning: unknown[104.166.189.194]: SASL PLAIN authentication failed: authentication failure, [email protected] 2025-08-27T04:49:03+02:00 warning: unknown[104.166.189.194]: SASL LOGIN authentication failed: authentication failure, [email protected] show less	Brute-Force
Anonymous	2025-08-27 03:08:59 (9 months ago)	(smtpauth) Failed SMTP AUTH login from 104.166.189.194 (NL/The Netherlands/North Holland/Amsterdam/- ... show more (smtpauth) Failed SMTP AUTH login from 104.166.189.194 (NL/The Netherlands/North Holland/Amsterdam/-/-) show less	Brute-Force
🇨🇿 lp	2025-08-26 18:21:51 (9 months ago)	Email account brute force: 4 attempts were recorded from 104.166.189.194 2025-08-26T18:35:10+02:00 w ... show more Email account brute force: 4 attempts were recorded from 104.166.189.194 2025-08-26T18:35:10+02:00 warning: unknown[104.166.189.194]: SASL PLAIN authentication failed: authentication failure, [email protected] 2025-08-26T18:35:10+02:00 warning: unknown[104.166.189.194]: SASL LOGIN authentication failed: authentication failure, [email protected] 2025-08-26T19:26:41+02:00 warning: unknown[104.166.189.194]: SASL PLAIN authentication failed: authentication failure, [email protected] 2025-08-26T19:26:41+02:00 warning: unknown[104.166.189.194]: SASL LOGIN authentication failed: authentication failure, [email protected] show less	Brute-Force
Anonymous	2025-08-26 17:38:44 (9 months ago)	Ports: 25,2525,110,143,993,995; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2025-08-26 17:01:51 (9 months ago)	Aug 27 01:01:41 mail postfix/submission/smtpd[10719]: warning: unknown[104.166.189.194]: SASL PLAIN ... show more Aug 27 01:01:41 mail postfix/submission/smtpd[10719]: warning: unknown[104.166.189.194]: SASL PLAIN authentication failed: Aug 27 01:01:47 mail postfix/submission/smtpd[10719]: warning: unknown[104.166.189.194]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Aug 27 01:01:48 mail postfix/submission/smtpd[10719]: lost connection after AUTH from unknown[104.166.189.194] show less	Email Spam Hacking Spoofing Brute-Force

Showing 1 to 15 of 27 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 195.184.76.114

🇺🇸 141.11.88.8

🇮🇳 139.59.36.109

🇺🇸 74.87.117.149

🇬🇧 57.129.139.60

🇫🇷 51.75.23.120

🇨🇦 16.54.232.10

🇺🇸 104.23.243.148

🇫🇷 62.84.189.117

🇩🇪 57.129.69.65

🇬🇧 54.37.19.39

🇫🇮 31.56.204.231

🇸🇬 172.253.236.221

🇵🇱 145.239.83.37

🇩🇪 128.1.120.68

🇫🇷 91.196.152.91

🇫🇷 85.217.140.7

🇺🇸 71.6.199.23

🇮🇳 59.92.91.226

🇸🇬 47.84.115.165