JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.167.25.159

104.167.25.159 was found in our database!

This IP was reported 57 times. Confidence of Abuse is 1%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.167.25.159

Whois 104.167.25.159

IP Abuse Reports for 104.167.25.159:

This IP address has been reported a total of 57 times from 23 distinct sources. 104.167.25.159 was first reported on October 21st 2024, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 librebit	2026-05-17 03:57:40 (3 weeks ago)	Brute force	Brute-Force
🇬🇧 relianoid.com	2026-03-25 09:59:06 (2 months ago)	POST Abuse detected by Relianoid OSS Load Balancer - relianoid.com	Web Spam
🇦🇺 MAGIC	2026-03-17 03:12:19 (2 months ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇦🇺 oncord	2026-03-11 02:45:59 (2 months ago)	Form spam	Web Spam
Anonymous	2026-03-11 01:42:59 (2 months ago)	Forum/form spam	Web Spam
Anonymous	2026-01-29 19:39:01 (4 months ago)	Forum/form spam	Web Spam
Anonymous	2025-12-30 20:32:48 (5 months ago)	"GET /.svn/wc.db HTTP/1.1"	Hacking Web App Attack
🇩🇪 NxtGenIT	2025-12-30 12:43:53 (5 months ago)	Tanner Honeypot hit, Event Type: , HTTP Method: GET, User Agent: , URI: /.env	SSH
🇩🇪 iNetWorker	2025-12-30 11:45:46 (5 months ago)	trolling for resource vulnerabilities	Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 08:03:45 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 03:03:37.699782 2025] [security2:error] [pid 12424:tid 12424] [client 104.167.25.159:48133] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "texaspropertyinspection.com"] [uri "/.svn/wc.db"] [unique_id "aVI12aMFlH0DNlH-T3N_AgAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 04:19:17 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 23:19:12.185731 2025] [security2:error] [pid 12281:tid 12281] [client 104.167.25.159:29283] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "veracurnow.com"] [uri "/.git/HEAD"] [unique_id "aVIBQExcoNZxfGa7DqqhegAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 03:34:10 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 22:34:04.173339 2025] [security2:error] [pid 21506:tid 21506] [client 104.167.25.159:21405] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "voterfraud2016.com"] [uri "/.git/HEAD"] [unique_id "aVH2rPq9NFDDWEIQVWXmAQAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 MAGIC	2025-12-19 00:04:48 (5 months ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇺🇸 TPI-Abuse	2025-12-09 06:24:17 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 09 01:24:12.252148 2025] [security2:error] [pid 29467:tid 29467] [client 104.167.25.159:46863] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "regansgreenhouse.com"] [uri "/.svn/wc.db"] [unique_id "aTfAjIGxXbkmQ1BfbQORrAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-07 23:52:05 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 18:51:59.381750 2025] [security2:error] [pid 29448:tid 29448] [client 104.167.25.159:44199] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kentsavagelaw.com"] [uri "/.git/HEAD"] [unique_id "aTYTH2yQJRshMga6F3MIpQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 57 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 192.169.201.223

🇮🇩 139.255.254.163

🇮🇳 117.247.23.131

🇺🇸 69.12.64.44

🇳🇱 52.233.193.61

🇰🇷 220.95.208.142

🇳🇱 193.176.31.214

🇬🇪 185.228.135.197

🇵🇱 138.124.242.51

🇮🇳 103.77.153.177

🇳🇱 93.123.109.127

🇦🇲 91.205.197.36

🇱🇹 81.30.98.62

🇨🇳 39.153.159.7

🇫🇮 35.228.43.115

🇷🇴 2.57.121.112

🇮🇩 2a02:4780:6:2086:0:317e:f624:1

🇺🇸 209.85.222.175

🇹🇭 125.27.11.90

🇻🇳 113.163.86.252