JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.167.25.181

104.167.25.181 was found in our database!

This IP was reported 36 times. Confidence of Abuse is 13%: ?

13%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.167.25.181

Whois 104.167.25.181

IP Abuse Reports for 104.167.25.181:

This IP address has been reported a total of 36 times from 16 distinct sources. 104.167.25.181 was first reported on November 8th 2024, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇮 as211431.net	2026-05-14 03:36:28 (3 weeks ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: /index.php UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36; Manus-User/1.0 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 xmission.com	2026-04-24 04:46:02 (1 month ago)	104.167.25.181 - - [23/Apr/2026:22:46:02 -0600] "GET //xmlrpc.php?rsd HTTP/1.1" 200 780 "-" "Mozilla ... show more 104.167.25.181 - - [23/Apr/2026:22:46:02 -0600] "GET //xmlrpc.php?rsd HTTP/1.1" 200 780 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/537.36" ... show less	Web App Attack
🇬🇧 Oakley	2026-04-21 09:50:04 (1 month ago)	(antiscrape_rule) Web application abuse detected 104.167.25.181 (US/United States/-): 5 in the last ... show more (antiscrape_rule) Web application abuse detected 104.167.25.181 (US/United States/-): 5 in the last 900 secs show less	Hacking
🇦🇺 RedBear IT	2026-03-26 10:00:37 (2 months ago)	"DDoS against public endpoint"	DDoS Attack
🇮🇹 ciccio diddo	2026-01-29 15:40:09 (4 months ago)	CMS/WP Exploit xmlrpc port:Tcp/80,443	Brute-Force Web App Attack
🇨🇭 backslash	2026-01-24 18:00:13 (4 months ago)	block ruleset 3D3AFA921A373ECE19B6BA285C2D722163304638	Bad Web Bot
🇪🇸 10dencehispahard SL	2026-01-20 06:39:28 (4 months ago)	Wordpress probing for vulnerabilities	Hacking Exploited Host
🇱🇻 garmtech.com	2026-01-19 23:16:41 (4 months ago)	IM360 WAF: RBL block risky actions MV:RBL lookup of 01-16.104.167.25.181.risky-actions.v2.rbl.imunif ... show more IM360 WAF: RBL block risky actions MV:RBL lookup of 01-16.104.167.25.181.risky-actions.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack
Anonymous	2025-12-07 07:49:39 (5 months ago)	botnet	DDoS Attack
Anonymous	2025-12-02 01:14:46 (6 months ago)	botnet	DDoS Attack
🇺🇸 TPI-Abuse	2025-11-25 07:01:27 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 02:01:20.990420 2025] [security2:error] [pid 14345:tid 14352] [client 104.167.25.181:37755] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.wicca-love-spells.com"] [uri "/.git/HEAD"] [unique_id "aSVUQArPwA8TE7NlxMsLAQAAAIQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 06:11:41 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 01:11:35.303072 2025] [security2:error] [pid 13908:tid 13908] [client 104.167.25.181:54461] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.taylorcmurphy.the-it-man.com"] [uri "/.env"] [unique_id "aSVIl7JVPKFnCTNOsh1wAgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:41:32 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:40:58.405544 2025] [security2:error] [pid 6429:tid 6429] [client 104.167.25.181:33723] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.rademeyer.com"] [uri "/.svn/wc.db"] [unique_id "aSUzWvzVyOaGbNWpCUHX7QAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:14:24 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:14:19.865801 2025] [security2:error] [pid 16179:tid 16179] [client 104.167.25.181:52863] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.tevalaur.com"] [uri "/.git/HEAD"] [unique_id "aSUtG9DEjq_tNVtL7mcJdgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 03:47:23 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:47:14.627305 2025] [security2:error] [pid 32390:tid 32390] [client 104.167.25.181:44221] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.printedweddingmenus.com"] [uri "/.svn/wc.db"] [unique_id "aSUmwuJRlWlKS3cViATSdAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 36 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.227

🇸🇬 193.37.32.194

🇫🇮 147.185.133.220

🇺🇸 147.185.132.219

🇺🇸 137.184.159.183

🇮🇳 117.245.141.229

🇸🇬 98.159.43.13

🇺🇸 91.230.168.250

🇺🇸 66.132.172.149

🇺🇸 65.49.1.180

🇷🇺 62.183.82.70

🇳🇱 34.178.7.245

🇺🇸 23.234.80.156

🇺🇿 213.230.93.110

🇪🇨 177.234.209.102

🇯🇵 168.138.213.115

🇺🇸 162.216.150.109

🇫🇮 147.185.133.213

🇨🇳 120.195.35.240

🇻🇳 115.75.37.60