JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.167.25.249

104.167.25.249 was found in our database!

This IP was reported 43 times. Confidence of Abuse is 38%: ?

38%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.167.25.249

Whois 104.167.25.249

IP Abuse Reports for 104.167.25.249:

This IP address has been reported a total of 43 times from 17 distinct sources. 104.167.25.249 was first reported on November 20th 2024, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 LSPCCU	2026-06-15 07:33:26 (5 days ago)	TSEC Honeypot Network report. Threat score: 85/100. Categories: Hacking, Brute-Force, Web App Attack ... show more TSEC Honeypot Network report. Threat score: 85/100. Categories: Hacking, Brute-Force, Web App Attack, SSH. Honeypot: ssh-telnet, cowrie. Context: 104. show less	Hacking Brute-Force Web App Attack SSH
🇫🇷 pm33	2026-06-15 06:43:23 (5 days ago)	Wordpress login attempts	Brute-Force
🇩🇪 LRob.fr	2026-06-14 19:15:24 (6 days ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇫🇷 ELYAZ	2026-06-01 01:24:33 (2 weeks ago)	(y4) Failed scan -byebye- from 104.167.25.249 (US/United States/-): (CF_ENABLE)	Hacking
🇲🇽 octageeks.com	2026-05-30 04:13:55 (3 weeks ago)	Wordpress malicious attack:[octaflood]	Web App Attack
🇧🇷 Halux	2026-05-21 00:36:46 (1 month ago)	104.167.25.249 Probing protected path or service	Web App Attack
🇺🇸 TPI-Abuse	2026-05-20 23:42:04 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 20 19:41:56.742855 2026] [security2:error] [pid 15462:tid 15462] [client 104.167.25.249:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.cloudex.click"] [uri "/.env"] [unique_id "ag5GxNb1q1I6zVLMaivp6gAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Axel	2026-05-11 21:20:42 (1 month ago)	Blocked by ModSecurity. Rule ID: 210730 Message: COMODO WAF: URL file extension is restricted by pol ... show more Blocked by ModSecurity. Rule ID: 210730 Message: COMODO WAF: URL file extension is restricted by policy\|\|discord-profile.pics\|F\|2 Phase: 2 Severity: CRITICAL URI: /s3cmd.ini Server: UK-01 show less	Web App Attack Hacking SQL Injection
🇬🇧 Oakley	2026-04-21 19:05:45 (1 month ago)	(antiscrape_rule) Web application abuse detected 104.167.25.249 (US/United States/-): 5 in the last ... show more (antiscrape_rule) Web application abuse detected 104.167.25.249 (US/United States/-): 5 in the last 900 secs show less	Hacking
Anonymous	2026-04-13 16:46:13 (2 months ago)	Forum/form spam	Web Spam
Anonymous	2026-02-27 17:13:56 (3 months ago)	Forum/form spam	Web Spam
Anonymous	2026-01-16 00:49:06 (5 months ago)	Forum/form spam	Web Spam
Anonymous	2025-12-09 02:49:22 (6 months ago)	botnet	DDoS Attack
🇺🇸 TPI-Abuse	2025-11-26 21:17:23 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 16:17:18.379925 2025] [security2:error] [pid 21708:tid 21708] [client 104.167.25.249:52929] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.wfowisdom.com"] [uri "/.env"] [unique_id "aSduXlV8VuDFjxfU6vMpxQAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 17:09:00 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.167.25.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.167.25.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 12:08:51.353292 2025] [security2:error] [pid 10523:tid 10523] [client 104.167.25.249:42377] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.lahaciendaolivia.com"] [uri "/.svn/wc.db"] [unique_id "aSc0I3h0sYNAg6hcU2-C3AAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 43 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇱🇰 220.247.245.192

🇳🇱 91.92.40.12

🇩🇪 69.5.169.101

🇺🇸 45.33.14.5

🇪🇬 41.128.181.199

🇺🇸 20.127.202.251

🇩🇪 213.209.159.56

🇺🇸 212.119.40.200

🇹🇼 198.235.24.49

🇺🇸 194.180.237.123

🇨🇳 182.200.51.153

🇯🇴 176.29.79.124

🇺🇸 172.66.44.165

🇸🇪 171.25.158.68

🇧🇷 168.90.65.197

🇺🇸 162.144.12.37

🇻🇳 113.161.32.14

🇺🇸 103.4.251.122

🇷🇺 94.25.40.30

🇺🇸 74.125.42.154