JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.167.25.23

104.167.25.23 was found in our database!

This IP was reported 49 times. Confidence of Abuse is 3%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.167.25.23

Whois 104.167.25.23

IP Abuse Reports for 104.167.25.23:

This IP address has been reported a total of 49 times from 18 distinct sources. 104.167.25.23 was first reported on October 7th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇪 cmbplf	2026-05-28 11:28:27 (1 week ago)	2.504 POST requests with url.path */wp-login.php	Brute-Force Bad Web Bot
🇷🇴 INTEQ	2026-02-12 04:37:36 (3 months ago)	Web attack from 104.167.25.23	Web App Attack
🇦🇺 2000cn.com.au	2026-02-11 21:04:52 (3 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Hacking Web App Attack
🇵🇱 ketovoila.pl	2026-02-10 00:51:45 (3 months ago)	ketovoila.pl HONEYPOT traffic: count=1, paths=1; sample_path=ketovoila.pl/.env.production; UA=Mozill ... show more ketovoila.pl HONEYPOT traffic: count=1, paths=1; sample_path=ketovoila.pl/.env.production; UA=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36; window=2026-02-10T00:29:09Z..2026-02-10T00:29:09Z show less	Port Scan Hacking Brute-Force
🇺🇸 TPI-Abuse	2026-01-21 06:24:32 (4 months ago)	(mod_security) mod_security (id:210580) triggered by 104.167.25.23 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210580) triggered by 104.167.25.23 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 21 01:24:20.147695 2026] [security2:error] [pid 27188:tid 27188] [client 104.167.25.23:56611] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/passwd" at ARGS:page_id. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt\|\|www.citizensforsanity.com\|F\|2"] [data "Matched Data: etc/passwd found within ARGS:page_id: ../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.citizensforsanity.com"] [uri "/"] [unique_id "aXBxFLGgOHRnnUxbIWH53gAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-01-17 00:25:42 (4 months ago)	botnet	DDoS Attack
🇳🇱 i-turnradio.nl	2026-01-12 03:31:35 (4 months ago)	2026-01-12 04:31:35 (CET) ~ Blocked by abusescan risk assessment	Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:44 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-12-07 23:29:25 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.23 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.23 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 18:29:17.215873 2025] [security2:error] [pid 21107:tid 21107] [client 104.167.25.23:29315] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "patrickwdavis.com"] [uri "/.git/HEAD"] [unique_id "aTYNzQblEfSsfkxtDJi7pQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-06 16:46:37 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.23 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.23 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 06 11:46:32.535721 2025] [security2:error] [pid 6706:tid 6706] [client 104.167.25.23:37721] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "xirin.net"] [uri "/.svn/wc.db"] [unique_id "aTRd6IC8cON7TGoP_NlbZgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-06 09:59:38 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.23 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.23 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 06 04:59:31.876003 2025] [security2:error] [pid 29408:tid 29416] [client 104.167.25.23:40241] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "luxury.management"] [uri "/.svn/wc.db"] [unique_id "aTP-g4XNAVSfk1vavsRaDQAAAEU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 11:38:44 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.23 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.23 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 06:38:37.048536 2025] [security2:error] [pid 27022:tid 27022] [client 104.167.25.23:10195] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "crochetdoilies.com"] [uri "/.git/HEAD"] [unique_id "aTLEPaIe6bWoUo8e3S5mSAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 07:22:54 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.23 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.23 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 02:22:50.290048 2025] [security2:error] [pid 30347:tid 30347] [client 104.167.25.23:57137] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "seashellinvitations.com"] [uri "/.git/HEAD"] [unique_id "aTKISr3m5Z_6w8tQA3_ReAAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 05:20:58 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.23 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.23 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 00:20:53.024068 2025] [security2:error] [pid 8020:tid 8042] [client 104.167.25.23:59617] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "spiritualchristian.com"] [uri "/.svn/wc.db"] [unique_id "aTJrtZsJP7QP_uYcdsbnlwAAANA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 03:01:53 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.23 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.23 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 04 22:01:46.832253 2025] [security2:error] [pid 30012:tid 30012] [client 104.167.25.23:29955] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "trinitydent.com"] [uri "/.git/HEAD"] [unique_id "aTJLGsFDQMqcYI6kp0AApgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 49 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 216.26.248.20

🇨🇳 118.145.104.105

🇸🇪 90.230.168.26

🇧🇬 79.124.56.246

🇸🇬 47.128.121.79

🇨🇳 14.18.41.55

🇸🇬 8.219.109.151

🇺🇸 2a03:2880:f804:30::

🇩🇪 217.181.90.255

🇺🇸 216.25.89.102

🇩🇪 213.209.159.56

🇪🇹 196.189.245.106

🇬🇧 195.96.139.224

🇨🇳 180.167.128.203

🇸🇬 178.128.215.162

🇸🇬 114.119.151.82

🇺🇸 107.150.98.99

🇩🇪 104.207.56.110

🇨🇳 101.126.66.30

🇨🇦 54.39.136.29