JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.168.25.122

104.168.25.122 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 0%: ?

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	104-168-25-122-host.colocrossing.com
Domain Name	hostpapa.com
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.168.25.122

Whois 104.168.25.122

IP Abuse Reports for 104.168.25.122:

This IP address has been reported a total of 12 times from 5 distinct sources. 104.168.25.122 was first reported on October 30th 2023, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-01-27 03:22:32 (4 months ago)	(mod_security) mod_security (id:211190) triggered by 104.168.25.122 (104-168-25-122-host.colocrossin ... show more (mod_security) mod_security (id:211190) triggered by 104.168.25.122 (104-168-25-122-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 26 22:22:27.701117 2026] [security2:error] [pid 10498:tid 10503] [client 104.168.25.122:52469] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|kettlehill.kettlehill.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?c=../../../../../../../../etc/passwd%00"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.kettlehill.com"] [uri "/"] [unique_id "aXgvc1kXYyevyBl6yOv1mgAAAII"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-13 11:36:53 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 104.168.25.122 (104-168-25-122-host.colocrossin ... show more (mod_security) mod_security (id:210730) triggered by 104.168.25.122 (104-168-25-122-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 06:36:49.997064 2025] [security2:error] [pid 30750:tid 30750] [client 104.168.25.122:54177] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.nbcnewsradio.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.nbcnewsradio.com"] [uri "/roundcube/logs/errors.log"] [unique_id "aRXC0fN3DmXezZZplQehHAAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-26 23:08:25 (10 months ago)	(mod_security) mod_security (id:221260) triggered by 104.168.25.122 (104-168-25-122-host.colocrossin ... show more (mod_security) mod_security (id:221260) triggered by 104.168.25.122 (104-168-25-122-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 19:07:59.706816 2025] [security2:error] [pid 19347:tid 19363] [client 104.168.25.122:38081] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|autoconfig.kettlehill.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autoconfig.kettlehill.net"] [uri "/cgi-bin/status"] [unique_id "aIVfz7-V5dLnzWTrDIon_AAAAQ4"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-29 17:26:00 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 104.168.25.122 (104-168-25-122-host.colocrossin ... show more (mod_security) mod_security (id:210730) triggered by 104.168.25.122 (104-168-25-122-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 13:25:53.166785 2025] [security2:error] [pid 3069606:tid 3069606] [client 104.168.25.122:37031] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.farmers123.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.farmers123.com"] [uri "/index.php.bak"] [unique_id "aDiYobkggeW5fcSRv375mQAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-04-27 15:28:49 (1 year ago)	Malicious activity detected	Hacking Web App Attack
🇦🇺 oncord	2024-03-03 21:26:58 (2 years ago)	Form spam	Web Spam
🇺🇸 TPI-Abuse	2024-01-26 00:15:21 (2 years ago)	(mod_security) mod_security (id:210492) triggered by 104.168.25.122 (104-168-25-122-host.colocrossin ... show more (mod_security) mod_security (id:210492) triggered by 104.168.25.122 (104-168-25-122-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 25 19:15:15.246184 2024] [security2:error] [pid 11420] [client 104.168.25.122:47821] [client 104.168.25.122] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.stdavids-media.com"] [uri "/wp-config.php.txt"] [unique_id "ZbL5k1IGh8Kh9ddtGo0ETAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2023-11-28 23:29:11 (2 years ago)	(mod_security) mod_security (id:210730) triggered by 104.168.25.122 (104-168-25-122-host.colocrossin ... show more (mod_security) mod_security (id:210730) triggered by 104.168.25.122 (104-168-25-122-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 28 18:27:44.792191 2023] [security2:error] [pid 30467:tid 47740318930688] [client 104.168.25.122:55289] [client 104.168.25.122] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.kettlehill.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.com"] [uri "/wp-content/debug.log"] [unique_id "ZWZ3cPVI3Pm3osSV9ORbyQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2023-11-26 18:10:10 (2 years ago)	\| Common web attack.	Hacking SQL Injection Web App Attack
🇺🇸 ChamberofCommerce.com	2023-11-06 03:37:06 (2 years ago)	Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested ... show more Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested Before Block:226 show less	Bad Web Bot
🇺🇸 ChamberofCommerce.com	2023-11-02 02:11:55 (2 years ago)	Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested ... show more Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested Before Block:226 show less	Bad Web Bot
🇺🇸 ChamberofCommerce.com	2023-10-30 22:06:40 (2 years ago)	Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested ... show more Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested Before Block:226 show less	Bad Web Bot

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇵🇪 161.132.107.18

🇰🇷 222.102.21.104

🇺🇸 152.32.150.7

🇷🇸 109.245.130.35

🇵🇱 95.214.53.157

🇷🇴 94.156.152.234

🇭🇰 154.222.30.208

🇨🇦 137.184.165.138

🇺🇸 130.131.161.148

🇺🇸 109.105.210.84

🇳🇱 107.189.24.45

🇮🇳 64.227.160.35

🇫🇷 2a0d:3341:b4ab:3710:cc80:1785:5b8d:c18a

🇨🇳 223.109.252.231

🇨🇳 182.151.22.173

🇺🇸 162.216.150.111

🇱🇹 77.90.185.67

🇺🇸 52.146.21.82

🇺🇸 35.202.9.133

🇨🇦 20.104.203.253