JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.167.25.143

104.167.25.143 was found in our database!

This IP was reported 57 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.167.25.143

Whois 104.167.25.143

IP Abuse Reports for 104.167.25.143:

This IP address has been reported a total of 57 times from 27 distinct sources. 104.167.25.143 was first reported on August 29th 2024, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-04-18 01:02:38 (1 month ago)	Forum/form spam	Web Spam
Anonymous	2026-03-07 19:13:37 (3 months ago)	Forum/form spam	Web Spam
Anonymous	2026-02-12 05:14:56 (4 months ago)	Forum/form spam	Web Spam
🇪🇸 10dencehispahard SL	2026-01-26 07:20:09 (4 months ago)	Wordpress probing for vulnerabilities	Hacking Exploited Host
🇧🇪 taivas.nl	2026-01-23 23:32:11 (4 months ago)	Wordpress_xmlrpc_attack	Bad Web Bot
🇬🇧 relianoid.com	2026-01-23 00:07:22 (4 months ago)	POST Abuse detected by Relianoid OSS Load Balancer - relianoid.com	Web Spam
🇱🇻 garmtech.com	2026-01-21 07:37:03 (4 months ago)	IM360 WAF: Attempt to upload malware	Hacking
🇫🇷 tilellit.pro	2026-01-20 01:58:59 (4 months ago)	Fail2Ban banned 104.167.25.143 for security violations in jail wp-armour. Log: 2026/01/20 01:58:58 [ ... show more Fail2Ban banned 104.167.25.143 for security violations in jail wp-armour. Log: 2026/01/20 01:58:58 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 104.167.25.143 \| Target: wplogin" , client: 104.167.25.143, server: [REDACTED], request: "POST /wp-login.php HTTP/2.0", upstream: [REDACTED], host: [REDACTED], referrer: "https://comerciogallego.es/wp-login.php" ... show less	Web Spam
🇬🇧 relianoid.com	2026-01-18 02:45:21 (4 months ago)	POST Abuse detected by Relianoid OSS Load Balancer - relianoid.com	Web Spam
🇩🇪 Packets-Decreaser.NET	2025-12-31 00:57:55 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-12-30 21:57:21 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 104.167.25.143 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 104.167.25.143 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 30 16:57:13.032500 2025] [security2:error] [pid 16503:tid 16503] [client 104.167.25.143:33511] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|bsa1688.com\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bsa1688.com"] [uri "/[email protected]"] [unique_id "aVRKubtArUexRo3jBUtUWgAAAA0"], referer: http://bsa1688.com show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 HandyTreff.de	2025-12-29 08:01:41 (5 months ago)	Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -42.262 (Bad < -10 / Very Bad < -20 ... show more Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -42.262 (Bad < -10 / Very Bad < -20 / Extreme < -35) \| UA: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/ show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 06:55:55 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.143 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.143 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 01:55:48.886538 2025] [security2:error] [pid 29806:tid 29806] [client 104.167.25.143:50299] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.sweetbailey.com"] [uri "/.svn/wc.db"] [unique_id "aSakdLT5tTlbxNeeyt76NAAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 03:21:39 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.143 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.143 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 22:21:30.470663 2025] [security2:error] [pid 2301480:tid 2301480] [client 104.167.25.143:37001] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.susansimmons.net"] [uri "/.git/HEAD"] [unique_id "aSZyOpugUpCLkQ1TNf-GVAAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:46:12 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.143 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.143 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:46:07.194925 2025] [security2:error] [pid 20445:tid 20445] [client 104.167.25.143:35917] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.drayvian.com"] [uri "/.env"] [unique_id "aSU0jwlCGgLQfYaR2WUyFgAAABA"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 57 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇭🇰 183.179.243.83

🇺🇸 152.32.150.26

🇺🇸 128.8.124.68

🇧🇷 92.112.200.41

🇺🇸 45.156.129.87

🇺🇸 44.255.97.144

🇸🇬 43.134.27.142

🇺🇸 40.76.116.231

🇧🇷 205.210.31.251

🇩🇪 156.236.31.85

🇺🇸 154.217.253.190

🇺🇸 148.135.70.18

🇨🇦 85.217.149.31

🇷🇺 82.162.56.186

🇿🇦 82.25.245.132

🇳🇱 45.148.10.121

🇸🇬 45.38.111.162

🇺🇸 44.182.16.8

🇨🇳 1.117.83.116

🇺🇸 208.84.100.196