JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.167.242.117

104.167.242.117 was found in our database!

This IP was reported 278 times. Confidence of Abuse is 51%: ?

51%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	MysticDev LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS26286
Domain Name	mysticdev.io
Country	🇺🇸 United States of America
City	Spring, Texas

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.167.242.117

Whois 104.167.242.117

IP Abuse Reports for 104.167.242.117:

This IP address has been reported a total of 278 times from 102 distinct sources. 104.167.242.117 was first reported on January 30th 2024, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 ger-stg-sifi1	2026-06-03 18:49:48 (1 day ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇺🇸 TPI-Abuse	2026-06-01 17:31:05 (3 days ago)	(mod_security) mod_security (id:225170) triggered by 104.167.242.117 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 104.167.242.117 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 13:30:57.734667 2026] [security2:error] [pid 27455:tid 27455] [client 104.167.242.117:43354] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|rentkase.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "rentkase.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ah3B0RWbYsQSGI-YTmyUQgAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-29 22:22:42 (6 days ago)	(mod_security) mod_security (id:240335) triggered by 104.167.242.117 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 104.167.242.117 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 18:22:37.057151 2026] [security2:error] [pid 18461:tid 18461] [client 104.167.242.117:33380] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 104.167.242.117 (+1 hits since last alert)\|majesticsolutions.co\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "majesticsolutions.co"] [uri "/xmlrpc.php"] [unique_id "ahoRrUnq7Pi4KiH-UUS9hAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2026-05-27 11:15:25 (1 week ago)	Plesk panel login attempt with forbidden username (root/admin), blocked by Fail2Ban in custom-plesk- ... show more Plesk panel login attempt with forbidden username (root/admin), blocked by Fail2Ban in custom-plesk-login jail show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 06:47:12 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 104.167.242.117 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 104.167.242.117 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 02:47:09.632628 2026] [security2:error] [pid 8780:tid 8780] [client 104.167.242.117:57116] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|limeroc.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "limeroc.com"] [uri "/dump.sql"] [unique_id "ahaTbWcqHiqjccv3krLEaAAAAAw"], referer: limeroc.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 01:02:07 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 104.167.242.117 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 104.167.242.117 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 21:02:03.040895 2026] [security2:error] [pid 30131:tid 30131] [client 104.167.242.117:37682] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ostborg.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ostborg.com"] [uri "/dump.sql"] [unique_id "ahZCi1ESg-X-UStaXDJBQgAAAAA"], referer: ostborg.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-26 22:20:08 (1 week ago)	Web App Attack, Hacking	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 20:06:24 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 104.167.242.117 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 104.167.242.117 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 16:06:18.276249 2026] [security2:error] [pid 4671:tid 4671] [client 104.167.242.117:56106] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.davidleecrites.com.whatifandwhynot.xyz"] [uri "/.git/config"] [unique_id "ahX9Oq5bUFRrHiO2dMdYaQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 MAGIC	2026-05-19 01:32:25 (2 weeks ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇧🇷 ICS Labs	2026-05-12 13:36:04 (3 weeks ago)	ICS Labs identified 104.167.242.117 as a malicious indicator from threat intelligence.	Hacking
Anonymous	2026-05-11 06:28:09 (3 weeks ago)	104.167.242.117 - - [11/May/2026:06:28:08 +0000] "GET /bothole/stinkwell.php?mode=login&redirect=pos ... show more 104.167.242.117 - - [11/May/2026:06:28:08 +0000] "GET /bothole/stinkwell.php?mode=login&redirect=posting.php%3Ff=82&mode=post%27%29%20AND%204708%3DCAST%28%28CHR%28113%29%7C%7CCHR%28113%29%7C%7CCHR%28107%29%7C%7CCHR%28122%29%7C%7CCHR%28113%29%29%7C%7C%28SELECT%20%28CASE%20WHEN%20%284708%3D4708%29%20THEN%201%20ELSE%200%20END%29%29%3A%3Atext%7C%7C%28CHR%28113%29%7C%7CCHR%2898%29%7C%7CCHR%28118%29%7C%7CCHR%28122%29%7C%7CCHR%28113%29%29%20AS%20NUMERIC%29%20AND%20%28%27SVJU%27%3D%27SVJU HTTP/1.1" 307 6725 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Safari/605.1.15" ... show less	SQL Injection
Anonymous	2026-05-05 23:00:14 (4 weeks ago)	2026-05-05 17:00:06,058 fail2ban.actions [3625835]: NOTICE [tor] Ban 104.167.242.117 2026-05 ... show more 2026-05-05 17:00:06,058 fail2ban.actions [3625835]: NOTICE [tor] Ban 104.167.242.117 2026-05-05 19:00:55,334 fail2ban.actions [3625835]: NOTICE [tor] Ban 104.167.242.117 2026-05-05 22:00:01,686 fail2ban.actions [3625835]: NOTICE [tor] Ban 104.167.242.117 2026-05-06 00:00:06,231 fail2ban.actions [3625835]: NOTICE [tor] Ban 104.167.242.117 2026-05-06 02:00:13,966 fail2ban.actions [3625835]: NOTICE [tor] Ban 104.167.242.117 show less	Brute-Force
🇩🇪 FeG Deutschland	2026-05-03 22:22:04 (1 month ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇩🇪 MusicLibrary	2026-04-29 11:47:13 (1 month ago)	Attempted access to non existent wordpress urls	Bad Web Bot
Anonymous	2026-04-27 03:28:11 (1 month ago)	DDOS attack	DDoS Attack

Showing 1 to 15 of 278 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 35.203.210.191

🇰🇷 222.98.122.37

🇦🇷 201.177.67.217

🇸🇬 172.217.44.210

🇮🇶 169.224.104.109

🇧🇩 151.158.30.154

🇨🇳 118.122.196.230

🇲🇾 186.244.227.138

🇮🇳 151.185.42.72

🇳🇱 45.148.10.147

🇲🇾 161.142.143.30

🇺🇸 66.132.172.232

🇪🇸 34.175.118.185

🇬🇧 188.240.59.56

🇳🇱 185.224.128.16

🇰🇷 182.31.23.11

🇺🇸 158.94.187.148

🇺🇬 196.0.124.2

🇺🇸 162.216.149.15

🇹🇼 152.32.232.185