JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.167.25.18

104.167.25.18 was found in our database!

This IP was reported 55 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.167.25.18

Whois 104.167.25.18

IP Abuse Reports for 104.167.25.18:

This IP address has been reported a total of 55 times from 25 distinct sources. 104.167.25.18 was first reported on June 27th 2024, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 mnsf	2026-02-15 13:05:22 (4 months ago)	Too many Status 40X (12) Scanning/Probing (12)	Brute-Force Web App Attack
🇬🇧 Swiptly	2026-02-15 05:54:26 (4 months ago)	Bot scanning for environment files .env .env/\* ...	Web App Attack
🇳🇱 debestelapp	2026-02-15 05:05:04 (4 months ago)		Web App Attack
🇳🇱 ParaBug	2026-02-15 02:31:45 (4 months ago)	104.167.25.18 - - [15/Feb/2026:03:31:44 +0100] "GET /config/.env HTTP/1.1" 301 4223 "-" "Mozilla/5.0 ... show more 104.167.25.18 - - [15/Feb/2026:03:31:44 +0100] "GET /config/.env HTTP/1.1" 301 4223 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" ... show less	Phishing Brute-Force Web App Attack
Anonymous	2026-02-15 01:05:02 (4 months ago)	Blocked: Reason='Suspicious traffic score=60 (review-based detection)'; Requests=12	Hacking
🇧🇾 lns.bz	2026-02-14 23:35:51 (4 months ago)	.env scanning [BY]	Web App Attack
🇫🇷 dynamix	2026-02-14 21:24:33 (4 months ago)	Multiple WAF Violations	Web App Attack
Anonymous	2026-01-12 21:12:11 (5 months ago)	wordpress-trap	Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 03:33:10 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.18 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 22:33:04.968384 2025] [security2:error] [pid 19595:tid 19595] [client 104.167.25.18:14993] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "evelia.com"] [uri "/.env"] [unique_id "aVH2cHRhpGJ6xFAJuRqX6QAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-29 12:50:45 (6 months ago)	Attempted brute force login to web vpn 1 time(s); last attempt for 2025.11.29 is noted in report tim ... show more Attempted brute force login to web vpn 1 time(s); last attempt for 2025.11.29 is noted in report timestamp show less	Hacking Brute-Force
🇺🇸 TPI-Abuse	2025-11-28 23:57:43 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.18 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 28 18:57:33.053311 2025] [security2:error] [pid 10548:tid 10548] [client 104.167.25.18:55897] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.txt" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "abilityengraving.com"] [uri "/wp-config.txt"] [unique_id "aSo27aKqIihyYQ48jUecfwAAAAM"], referer: http://abilityengraving.net/wp-config.txt show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-28 19:51:35 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 104.167.25.18 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 104.167.25.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 28 14:51:27.791623 2025] [security2:error] [pid 31282:tid 31282] [client 104.167.25.18:52057] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|aangfl.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "aangfl.com"] [uri "/backup.sql"] [unique_id "aSn9P-N0L5UFsfF76sdoUQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-16 22:13:32 (7 months ago)	Attempted brute force login to web vpn 1 time(s); last attempt for 2025.11.16 is noted in report tim ... show more Attempted brute force login to web vpn 1 time(s); last attempt for 2025.11.16 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-11-14 00:14:24 (7 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
Anonymous	2025-11-11 09:37:24 (7 months ago)	Attempted brute force login to web vpn 2 time(s); last attempt for 2025.11.11 is noted in report tim ... show more Attempted brute force login to web vpn 2 time(s); last attempt for 2025.11.11 is noted in report timestamp show less	Hacking Brute-Force

Showing 1 to 15 of 55 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇦 212.111.193.14

🇮🇶 185.136.148.231

🇳🇱 91.92.40.66

🇹🇷 78.186.147.44

🇰🇪 41.89.227.164

🇺🇸 18.97.19.168

🇰🇷 222.120.63.29

🇱🇰 220.247.224.226

🇮🇪 207.254.29.22

🇦🇷 190.183.30.240

🇻🇪 190.153.118.152

🇨🇱 190.46.69.176

🇸🇦 188.49.29.239

🇨🇴 181.49.8.57

🇺🇦 176.98.71.172

🇮🇩 157.10.160.86

🇺🇸 52.200.54.136

🇦🇹 45.137.172.116

🇺🇸 18.221.179.104

🇨🇦 217.181.81.19