JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 157.22.18.25

157.22.18.25 was found in our database!

This IP was reported 7 times. Confidence of Abuse is 4%: ?

ISP	Global Transit Systems LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS213954
Domain Name	globaltransitsystems.online
Country	🇸🇪 Sweden
City	Marsta, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 157.22.18.25

Whois 157.22.18.25

IP Abuse Reports for 157.22.18.25:

This IP address has been reported a total of 7 times from 4 distinct sources. 157.22.18.25 was first reported on March 7th 2026, and the most recent report was 6 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 masterguru	2026-06-30 15:23:39 (6 hours ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (5000900-122)	Web App Attack
🇺🇸 TPI-Abuse	2026-04-13 02:58:31 (2 months ago)	(mod_security) mod_security (id:225170) triggered by 157.22.18.25 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 157.22.18.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 12 22:58:26.708499 2026] [security2:error] [pid 557515:tid 557515] [client 157.22.18.25:57177] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|jolankagroup.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "jolankagroup.com"] [uri "/wp-json/wp/v2/users"] [unique_id "adxb0qxZXVQe6xDghA6wywAAABE"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-04-12 13:13:02 (2 months ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 157.22.18.25 (FR/France/-): 1 in the last 3600 ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 157.22.18.25 (FR/France/-): 1 in the last 3600 secs (0-196) show less	Hacking
🇦🇺 screwlooseit.com.au	2026-04-09 21:33:06 (2 months ago)	Blocked by CSF 13 firewall - Rule: XMLRPC US/United States/-	Web App Attack
🇺🇸 TPI-Abuse	2026-03-16 10:01:37 (3 months ago)	(mod_security) mod_security (id:225170) triggered by 157.22.18.25 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 157.22.18.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 16 06:01:34.993567 2026] [security2:error] [pid 31812:tid 31812] [client 157.22.18.25:46705] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|seariversummit.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "seariversummit.com"] [uri "/wp-json/wp/v2/users"] [unique_id "abfU_nEorEihSFO4muDBRQAAAAI"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-12 14:17:02 (3 months ago)	(mod_security) mod_security (id:225170) triggered by 157.22.18.25 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 157.22.18.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 12 10:16:57.251769 2026] [security2:error] [pid 25177:tid 25177] [client 157.22.18.25:34101] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|malamutian.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "malamutian.net"] [uri "/wp-json/wp/v2/users"] [unique_id "abLK2QRDeq0-OsrCo_XvFgAAAAI"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇨🇿 huginet	2026-03-07 09:56:22 (3 months ago)	157.22.18.25 - - [07/Mar/2026:10:56:20 +0100] "POST /xmlrpc.php HTTP/1.1" 200 181 "-" "Apache-HttpCl ... show more 157.22.18.25 - - [07/Mar/2026:10:56:20 +0100] "POST /xmlrpc.php HTTP/1.1" 200 181 "-" "Apache-HttpClient/4.5.13 (Java/11.0.30)" 157.22.18.25 - - [07/Mar/2026:10:56:21 +0100] "POST /xmlrpc.php HTTP/1.1" 503 19378 "-" "Apache-HttpClient/4.5.13 (Java/11.0.30)" ... show less	Web Spam Blog Spam Hacking Bad Web Bot Web App Attack

Showing 1 to 7 of 7 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇦 192.99.37.198

🇮🇳 154.221.35.72

🇩🇪 118.193.58.20

🇮🇳 103.176.255.195

🇨🇳 61.170.216.98

🇺🇸 50.16.72.185

🇷🇺 46.161.50.108

🇵🇸 46.43.117.117

🇭🇰 43.154.195.142

🇺🇸 209.197.88.21

🇧🇷 129.121.42.131

🇲🇦 105.158.240.56

🇮🇳 43.241.193.82

🇭🇰 23.91.97.170

🇧🇷 205.210.31.207

🇭🇰 168.76.131.178

🇧🇩 103.124.250.48

🇬🇧 95.131.86.101

🇫🇷 91.231.89.168

🇩🇪 88.99.134.190