JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.167.25.22

104.167.25.22 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.167.25.22

Whois 104.167.25.22

IP Abuse Reports for 104.167.25.22:

This IP address has been reported a total of 21 times from 11 distinct sources. 104.167.25.22 was first reported on June 19th 2024, and the most recent report was 6 months ago.

Old Reports: The most recent abuse report for this IP address is from 6 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2025-12-02 22:18:08 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 17:18:02.386927 2025] [security2:error] [pid 7627:tid 7627] [client 104.167.25.22:20319] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "misscrankypants.com"] [uri "/.svn/wc.db"] [unique_id "aS9lmg31UvDM0F1tyk7BegAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 15:42:20 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 10:42:12.325408 2025] [security2:error] [pid 3087:tid 3099] [client 104.167.25.22:17359] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "galenaproperties.com"] [uri "/.env"] [unique_id "aS8I1OAxZZVeKeP-_NjpbQAAAIo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 07:45:36 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 02:45:29.338557 2025] [security2:error] [pid 13546:tid 13546] [client 104.167.25.22:45871] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "denvercitymotorparts.com"] [uri "/.git/HEAD"] [unique_id "aS6ZGQVfQug_LGKzhEuUegAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 05:15:30 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 00:15:26.201354 2025] [security2:error] [pid 32131:tid 32131] [client 104.167.25.22:44271] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "davehalverson.com"] [uri "/.svn/wc.db"] [unique_id "aS517ghjkC8Uh86eoA5z0wAAAB8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 04:17:29 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 23:17:25.434379 2025] [security2:error] [pid 25911:tid 25911] [client 104.167.25.22:44557] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "calvaryadminservices.com"] [uri "/.env"] [unique_id "aS5oVT2OnPcgSFdFqbwHVQAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 2000cn.com.au	2025-12-02 00:58:42 (6 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 09:48:38 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:48:29.958428 2025] [security2:error] [pid 30208:tid 30264] [client 104.167.25.22:29981] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.ahrgroup.com"] [uri "/.git/HEAD"] [unique_id "aSQp7eGeg246dVFfHKuIAQAAAQc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 07:19:44 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 02:19:35.928718 2025] [security2:error] [pid 25718:tid 25718] [client 104.167.25.22:37279] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.baird.net"] [uri "/.git/HEAD"] [unique_id "aSQHB5RA4lKmKKV1fXp_zwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 04:34:42 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:34:32.074428 2025] [security2:error] [pid 13561:tid 13561] [client 104.167.25.22:59479] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.tcomputerguy.com"] [uri "/.git/HEAD"] [unique_id "aSPgWJ7p5pyjlfj3VPZ_qAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-10-28 22:28:13 (7 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
🇧🇪 voormedia	2025-10-28 20:12:03 (7 months ago)	Accessed trap at '/wp-login.php'	Web App Attack
🇨🇦 wil.com	2025-10-14 09:28:46 (7 months ago)	GlobalProtect login attempts with user rsmallcombe.	VPN IP Brute-Force
🇺🇸 TPI-Abuse	2025-10-10 18:14:01 (8 months ago)	(mod_security) mod_security (id:225170) triggered by 104.167.25.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 104.167.25.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 10 14:13:55.490262 2025] [security2:error] [pid 29111:tid 29111] [client 104.167.25.22:51747] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|affordablehomegoods.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "affordablehomegoods.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aOlM43xfwO7jHuWp8sgtRAAAAA4"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-10 13:01:32 (8 months ago)	(mod_security) mod_security (id:225170) triggered by 104.167.25.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 104.167.25.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 10 09:01:27.965197 2025] [security2:error] [pid 3881:tid 3881] [client 104.167.25.22:60449] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|no504.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "no504.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aOkDp_XvmXXS2FfF2TKN7wAAABU"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-09-28 11:20:08 (8 months ago)	Attempted brute force login to web vpn 1 time(s); last attempt for 2025.09.28 is noted in report tim ... show more Attempted brute force login to web vpn 1 time(s); last attempt for 2025.09.28 is noted in report timestamp show less	Hacking Brute-Force

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇼 94.187.171.125

🇳🇵 27.34.110.234

🇻🇳 14.224.227.189

🇵🇰 223.123.125.178

🇳🇱 204.217.209.21

🇲🇽 187.191.48.4

🇭🇰 154.221.17.137

🇺🇸 152.32.149.35

🇫🇷 146.70.40.70

🇨🇳 118.239.2.183

🇯🇵 118.194.229.94

🇳🇬 102.88.137.213

🇦🇺 34.151.99.9

🇩🇪 2a01:4f8:c014:43a7::1

🇦🇺 2401:c080:1800:4b75:5400:4ff:fea5:4f10

🇳🇱 185.242.226.103

🇺🇸 172.217.107.28

🇫🇮 147.185.133.107

🇨🇳 106.75.144.37

🇫🇷 85.217.140.53