JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 167.253.16.139

167.253.16.139 was found in our database!

This IP was reported 3 times. Confidence of Abuse is 1%: ?

ISP	VPNVault LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS26548
Hostname(s)	167-253-16-139.cloudairone.com
Domain Name	vpnvau.lt
Country	🇺🇸 United States of America
City	Seattle, Washington

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 167.253.16.139

Whois 167.253.16.139

IP Abuse Reports for 167.253.16.139:

This IP address has been reported a total of 3 times from 2 distinct sources. 167.253.16.139 was first reported on October 15th 2025, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 sshtmp	2026-05-20 15:59:49 (2 weeks ago)	[AbuseIPDB auto-report] Attack: WordPress XML-RPC brute-force Hits: 1 \| First: 2026-05-20T17:59:49+0 ... show more [AbuseIPDB auto-report] Attack: WordPress XML-RPC brute-force Hits: 1 \| First: 2026-05-20T17:59:49+02:00 \| Last: 2026-05-20T17:59:49+02:00 Samples: POST /xmlrpc.php [200] show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-10-20 07:52:09 (7 months ago)	(mod_security) mod_security (id:210350) triggered by 167.253.16.139 (167-253-16-139.cloudairone.com) ... show more (mod_security) mod_security (id:210350) triggered by 167.253.16.139 (167-253-16-139.cloudairone.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 20 03:52:04.722928 2025] [security2:error] [pid 17736:tid 17736] [client 167.253.16.139:18745] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|mmipro.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "mmipro.com"] [uri "/"] [unique_id "aPXqJF4gB01ulH7k7hlBbgAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-15 10:58:32 (7 months ago)	(mod_security) mod_security (id:210350) triggered by 167.253.16.139 (167-253-16-139.cloudairone.com) ... show more (mod_security) mod_security (id:210350) triggered by 167.253.16.139 (167-253-16-139.cloudairone.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 15 06:58:24.200174 2025] [security2:error] [pid 2629:tid 2629] [client 167.253.16.139:17163] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|stormwlf.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "stormwlf.com"] [uri "/"] [unique_id "aO9-UKDAC2Y-o5Rta2RFmAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 3 of 3 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 195.230.103.243

🇺🇸 162.251.120.43

🇺🇸 162.216.149.49

🇺🇸 107.167.34.125

🇰🇷 106.251.244.178

🇰🇪 105.27.148.94

🇧🇾 86.57.173.115

🇨🇳 61.136.246.87

🇨🇳 39.175.51.58

🇳🇱 185.213.175.224

🇭🇰 8.217.193.233

🇧🇷 201.76.120.30

🇳🇱 195.178.110.30

🇬🇧 193.176.29.11

🇩🇪 167.94.146.56

🇮🇳 125.23.204.74

🇸🇬 114.119.136.254

🇷🇺 91.219.196.17

🇳🇱 45.156.87.216

🇨🇳 14.103.45.20