JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.168.25.80

104.168.25.80 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 0%: ?

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	104-168-25-80-host.colocrossing.com
Domain Name	hostpapa.com
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.168.25.80

Whois 104.168.25.80

IP Abuse Reports for 104.168.25.80:

This IP address has been reported a total of 12 times from 5 distinct sources. 104.168.25.80 was first reported on December 27th 2022, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-01-17 08:39:34 (4 months ago)	(mod_security) mod_security (id:221260) triggered by 104.168.25.80 (104-168-25-80-host.colocrossing. ... show more (mod_security) mod_security (id:221260) triggered by 104.168.25.80 (104-168-25-80-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 03:39:23.152765 2026] [security2:error] [pid 13020:tid 13020] [client 104.168.25.80:53405] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|cpcalendars.nbcnewsradio.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/cgi-bin/test"] [unique_id "aWtKu7WW-KAPforWLR3hZQAAAA8"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 18:51:45 (5 months ago)	(mod_security) mod_security (id:211190) triggered by 104.168.25.80 (104-168-25-80-host.colocrossing. ... show more (mod_security) mod_security (id:211190) triggered by 104.168.25.80 (104-168-25-80-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 13:50:56.735908 2025] [security2:error] [pid 22841:tid 23003] [client 104.168.25.80:56235] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|kettlehill.kettlehill.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /jnoj/web/polygon/problem/viewfile?id=1&name=../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.kettlehill.com"] [uri "/jnoj/web/polygon/problem/viewfile"] [unique_id "aVLNkLvqJPp5jxktaSF6KwAAAMY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-29 10:45:39 (6 months ago)	(mod_security) mod_security (id:210410) triggered by 104.168.25.80 (104-168-25-80-host.colocrossing. ... show more (mod_security) mod_security (id:210410) triggered by 104.168.25.80 (104-168-25-80-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 29 05:45:34.529417 2025] [security2:error] [pid 21061:tid 21201] [client 104.168.25.80:42429] ModSecurity: Access denied with code 403 (phase 2). Found 1 byte(s) in ARGS:file outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "95"] [id "210410"] [rev "4"] [msg "COMODO WAF: Invalid character in request\|\|kettlehill.kettlehill.com\|F\|3"] [data "ARGS:file=;echo CVE-2023-23333\|rev\\x00.zip"] [severity "ERROR"] [tag "CWAF"] [tag "Protocol"] [hostname "kettlehill.kettlehill.com"] [uri "/downloader.php"] [unique_id "aSrOzgxT6PCVCAbKTpL1xAAAARA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-01 15:19:37 (8 months ago)	(mod_security) mod_security (id:210492) triggered by 104.168.25.80 (104-168-25-80-host.colocrossing. ... show more (mod_security) mod_security (id:210492) triggered by 104.168.25.80 (104-168-25-80-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 11:19:34.307254 2025] [security2:error] [pid 31612:tid 31729] [client 104.168.25.80:52825] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.kettlehill.com"] [uri "/a.htaccess"] [unique_id "aN1GhvVYIT9TWn2lWzKBtAAAAQM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-27 01:15:21 (10 months ago)	(mod_security) mod_security (id:211190) triggered by 104.168.25.80 (104-168-25-80-host.colocrossing. ... show more (mod_security) mod_security (id:211190) triggered by 104.168.25.80 (104-168-25-80-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 21:15:17.012886 2025] [security2:error] [pid 653296:tid 653326] [client 104.168.25.80:47105] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|ftp.kettlehill.net\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?action=dzsap_download&link=../../../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.kettlehill.net"] [uri "/"] [unique_id "aIV9pb5epZI5Xx2m9slCTQAAAVI"], referer: http://ftp.kettlehill.net/?action=dzsap_download&link=../../../../../../../../../../../../../etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-29 20:01:18 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 104.168.25.80 (104-168-25-80-host.colocrossing. ... show more (mod_security) mod_security (id:210492) triggered by 104.168.25.80 (104-168-25-80-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 16:01:14.835777 2025] [security2:error] [pid 3377479:tid 3377479] [client 104.168.25.80:56923] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.farmers123.com"] [uri "/wp-config.php"] [unique_id "aDi9Cl4Jb4ooYDkTam21QAAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 ChamberofCommerce.com	2023-11-06 00:47:59 (2 years ago)	Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested ... show more Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested Before Block:226 show less	Bad Web Bot
🇺🇸 ChamberofCommerce.com	2023-11-02 06:41:13 (2 years ago)	Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested ... show more Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested Before Block:226 show less	Bad Web Bot
🇺🇸 ChamberofCommerce.com	2023-10-30 23:11:23 (2 years ago)	Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested ... show more Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested Before Block:226 show less	Bad Web Bot
Anonymous	2023-01-30 16:00:37 (3 years ago)	GET /wp-json	Web App Attack
🇩🇪 Createline	2023-01-30 10:56:35 (3 years ago)	Looking for vulnerable data files, plugins or themes 104.168.25.80 - - [30/Jan/2023:00:21:35 +0100] ... show more Looking for vulnerable data files, plugins or themes 104.168.25.80 - - [30/Jan/2023:00:21:35 +0100] "GET /wp-json/wp/v2/posts HTTP/1.1" 301 249 "****.de/wp-json/wp/v2/posts" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0; MANM)" 223 521 show less	Web App Attack
Anonymous	2022-12-27 06:11:08 (3 years ago)	Trawling for 3rd-party CMS installations	Hacking Brute-Force Web App Attack

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇵🇰 223.123.71.87

🇮🇩 163.7.3.154

🇫🇷 85.69.240.210

🇱🇹 81.30.98.144

🇮🇩 202.72.196.75

🇲🇽 189.203.190.153

🇲🇰 188.44.20.34

🇪🇨 181.39.158.27

🇻🇳 113.160.186.93

🇻🇳 58.186.20.101

🇨🇳 49.72.213.251

🇱🇹 45.227.254.170

🇧🇷 45.205.1.42

🇺🇸 20.38.32.246

🇷🇴 2.57.121.25

🇮🇳 103.182.132.154

🇵🇰 101.53.233.157

🇳🇱 45.148.10.183

🇳🇱 40.113.96.224

🇺🇸 38.46.252.11