JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.167.25.2

104.167.25.2 was found in our database!

This IP was reported 40 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.167.25.2

Whois 104.167.25.2

IP Abuse Reports for 104.167.25.2:

This IP address has been reported a total of 40 times from 19 distinct sources. 104.167.25.2 was first reported on November 7th 2024, and the most recent report was 2 months ago.

Old Reports: The most recent abuse report for this IP address is from 2 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇱🇻 garmtech.com	2026-03-29 14:27:00 (2 months ago)	IM360 WAF: WordPress plugin/theme auto install block	Web App Attack
🇦🇺 RedBear IT	2026-03-26 10:00:37 (2 months ago)	"DDoS against public endpoint"	DDoS Attack
🇱🇻 garmtech.com	2026-03-23 20:16:31 (2 months ago)	IM360 WAF: WordPress plugin/theme auto install block	Web App Attack
🇺🇸 mnsf	2026-02-16 02:05:33 (3 months ago)	Too many Status 40X (11) Scanning/Probing (11)	Brute-Force Web App Attack
Anonymous	2026-02-15 12:44:02 (3 months ago)	Bot / scanning and/or hacking attempts: GET /.git/config HTTP/1.1, GET /site/.git/config HTTP/1.1, G ... show more Bot / scanning and/or hacking attempts: GET /.git/config HTTP/1.1, GET /site/.git/config HTTP/1.1, GET /new/.git/config HTTP/1.1, GET /test/.git/config HTTP/1.1, GET /app/.env HTTP/1.1, GET /wp/.git/config HTTP/1.1, GET /dev/.git/config HTTP/1.1, GET /backup/.git/config HTTP/1.1, GET /admin/.git/config HTTP/1.1, GET /v2/.git/config HTTP/1.1, GET /config/.env HTTP/1.1, GET /.env.staging HTTP/1.1, GET /app/.git/config HTTP/1.1, GET /api/.git/config HTTP/1.1, GET /.aws/credentials HTTP/1.1 show less	Hacking Web App Attack
🇺🇸 myagent.site	2026-02-15 03:43:55 (3 months ago)	Blocking for trying to access an exploit file: /dev/.git/config	Hacking
🇮🇩 Burayot	2026-02-15 02:46:36 (3 months ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 104.167.25.2 (US/United States/-): ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 104.167.25.2 (US/United States/-): 1 in the last 3600 secs show less	Web App Attack
🇺🇸 mnsf	2026-02-15 01:05:33 (3 months ago)	Scanning/Probing (24)	Brute-Force Web App Attack
🇫🇷 dynamix	2026-02-14 21:47:15 (3 months ago)	Multiple WAF Violations	Web App Attack
Anonymous	2025-12-13 01:43:39 (5 months ago)	botnet	DDoS Attack
🇺🇸 TPI-Abuse	2025-11-25 03:16:34 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.2 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:16:30.942083 2025] [security2:error] [pid 5561:tid 5561] [client 104.167.25.2:50979] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "deluxeexpress.com"] [uri "/.git/HEAD"] [unique_id "aSUfjlR4TE_YO011D4zR4QAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 01:21:23 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.2 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 20:21:19.605412 2025] [security2:error] [pid 5553:tid 5553] [client 104.167.25.2:46797] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "colorwize.com"] [uri "/.svn/wc.db"] [unique_id "aSUEj0Y_0wq4upRYQJNKngAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 05:55:55 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.2 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 00:55:50.703631 2025] [security2:error] [pid 5771:tid 5771] [client 104.167.25.2:51755] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "albertarmenlive.com"] [uri "/.svn/wc.db"] [unique_id "aSPzZoW4CIdrs8_EgX2UaQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 05:27:29 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.2 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 00:27:24.966164 2025] [security2:error] [pid 5103:tid 5147] [client 104.167.25.2:42165] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.schoprint.com"] [uri "/.svn/wc.db"] [unique_id "aSPsvFz8f4PiRLoPAIGt_wAAAMo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 04:05:11 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.2 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:05:02.393960 2025] [security2:error] [pid 18325:tid 18340] [client 104.167.25.2:54077] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.nationsrecovery.com"] [uri "/.git/HEAD"] [unique_id "aSPZbribCkDUtlE56PAYAgAAAE0"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 40 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 1.169.232.37

🇺🇸 2a09:bac5:a53c:32d::51:48

🇸🇬 2400:8901::2000:66ff:feaa:634d

🇨🇳 220.201.129.214

🇰🇷 203.252.10.3

🇺🇸 173.239.240.205

🇺🇸 138.113.23.170

🇨🇳 101.126.67.70

🇸🇬 45.78.206.111

🇩🇪 43.165.3.187

🇷🇴 2.57.122.238

🇺🇦 185.237.106.205

🇳🇱 176.65.139.151

🇺🇸 162.240.228.207

🇭🇰 103.210.21.242

🇧🇬 78.128.113.46

🇧🇷 187.35.30.194

🇫🇷 178.238.230.150

🇩🇪 167.94.146.69

🇧🇩 103.220.207.236