JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 167.71.104.94

167.71.104.94 was found in our database!

This IP was reported 36 times. Confidence of Abuse is 26%: ?

26%

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	🇺🇸 United States of America
City	Clifton, New Jersey

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 167.71.104.94

Whois 167.71.104.94

IP Abuse Reports for 167.71.104.94:

This IP address has been reported a total of 36 times from 22 distinct sources. 167.71.104.94 was first reported on February 11th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 masterguru	2026-06-03 03:25:51 (1 week ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 167.71.104.94 (US/United States/-): 1 ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 167.71.104.94 (US/United States/-): 1 in the last 3600 secs (0-195) show less	Hacking
🇺🇸 ersei.net	2026-06-03 02:14:11 (1 week ago)	Brute force multiple 403s	Brute-Force
🇺🇸 xmission.com	2026-06-03 01:08:18 (1 week ago)	Blocked by UFW (TCP on 8080) Source port: 61000 TTL: 241 Packet length: 44 TOS: 0x08 This report (f ... show more Blocked by UFW (TCP on 8080) Source port: 61000 TTL: 241 Packet length: 44 TOS: 0x08 This report (for 167.71.104.94) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Web App Attack
🇺🇸 MPL	2026-06-03 01:05:57 (1 week ago)	tcp/8808	Port Scan
🇧🇪 Ivo Vynckier	2026-02-12 14:02:00 (4 months ago)	167.71.104.94 - - [11/Feb/2026:20:06:05 +0100] "GET /.git/config HTTP/1.1" 403 177 "-" "Mozilla/5.0 ... show more 167.71.104.94 - - [11/Feb/2026:20:06:05 +0100] "GET /.git/config HTTP/1.1" 403 177 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" show less	Web App Attack
🇬🇧 openstrike.co.uk	2026-02-12 06:14:48 (4 months ago)	17 attacks on VC URLs: GET /.git/config HTTP/1.1	Hacking
🇳🇱 jjnxpct	2026-02-12 04:48:46 (4 months ago)	Automated security incident from hosting server. ModSecurity blocked suspicious request targeting UR ... show more Automated security incident from hosting server. ModSecurity blocked suspicious request targeting URI: /.git/config (Rule ID: 930130) - Restricted File Access Attempt [Suspicious: .git/ found within REQUEST_FILENAME: /.git/config] show less	Hacking Web App Attack
🇳🇱 homeshowdomain.nl	2026-02-11 22:59:27 (4 months ago)	Auto-ban: >3000 req/min op 2026-02-11	Hacking Web App Attack SSH
🇫🇷 masterguru	2026-02-11 21:24:13 (4 months ago)	Restricted File Access Attempt. Matched phrase ".git/" at REQUEST_FILENAME. (930130-196)	Hacking Web App Attack
🇧🇪 cmbplf	2026-02-11 18:49:59 (4 months ago)	2.299 requests with url.path */.git/config	Brute-Force Bad Web Bot
🇩🇪 gadix	2026-02-11 18:17:19 (4 months ago)	[11/Feb/2026:16:44:24.553694 +0100] aYyj2IAPsPOKkTNDAdz6hAAAAJY 167.71.104.94 55004 127.0.0.1 7081 [ ... show more [11/Feb/2026:16:44:24.553694 +0100] aYyj2IAPsPOKkTNDAdz6hAAAAJY 167.71.104.94 55004 127.0.0.1 7081 [11/Feb/2026:18:29:26.178907 +0100] aYy8doAPsPOKkTNDAdwCTgAAAJM 167.71.104.94 49270 127.0.0.1 7081 [11/Feb/2026:19:17:19.237600 +0100] aYzHr4APsPOKkTNDAdwEtwAAAIg 167.71.104.94 38536 127.0.0.1 7081 ... show less	Web App Attack
🇬🇧 Swiptly	2026-02-11 17:06:41 (4 months ago)	Bot scanning for environment files .env .env/\* ...	Web App Attack
🇺🇸 TPI-Abuse	2026-02-11 15:52:34 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 167.71.104.94 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 167.71.104.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 11 10:52:28.927072 2026] [security2:error] [pid 20938:tid 20938] [client 167.71.104.94:49380] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "superzilla.com"] [uri "/.git/config"] [unique_id "aYylvGCNV36h-2sxjKne1gAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mawan	2026-02-11 15:06:50 (4 months ago)	Suspected of having performed illicit activity on LAX server.	Web App Attack
🇺🇸 TPI-Abuse	2026-02-11 15:01:13 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 167.71.104.94 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 167.71.104.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 11 10:01:07.076257 2026] [security2:error] [pid 6383:tid 6383] [client 167.71.104.94:54398] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "stoughtonpipeandwelding.net"] [uri "/.git/config"] [unique_id "aYyZs96EP1pJ60uih7OvGQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 36 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇵🇰 203.135.42.52

🇮🇹 188.152.238.126

🇺🇦 176.109.10.49

🇨🇳 119.99.18.8

🇷🇴 93.113.10.194

🇦🇺 92.113.129.11

🇺🇸 20.106.32.128

🇲🇺 197.227.8.186

🇩🇿 197.113.104.70

🇺🇸 146.103.44.63

🇨🇳 117.50.138.166

🇧🇩 103.239.252.132

🇮🇩 103.164.57.37

🇩🇪 69.5.169.32

🇺🇸 52.3.104.214

🇪🇸 213.60.255.181

🇫🇷 185.101.254.117

🇸🇬 172.217.47.21

🇫🇷 149.202.60.80

🇺🇸 147.185.132.218