JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 171.25.158.113

171.25.158.113 was found in our database!

This IP was reported 59 times. Confidence of Abuse is 56%: ?

56%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	Vaxjo NET C2IP
Usage Type	Data Center/Web Hosting/Transit
ASN	AS35100
Domain Name	connect2ip.se
Country	🇸🇪 Sweden
City	Vaxjo, Kronoberg

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 171.25.158.113

Whois 171.25.158.113

IP Abuse Reports for 171.25.158.113:

This IP address has been reported a total of 59 times from 31 distinct sources. 171.25.158.113 was first reported on January 11th 2026, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 pixelXp	2026-06-03 09:47:06 (2 days ago)	Score:176.00, Reason:10 (Web Spam), Via: www.pixelxp.nl/contact.html, Message: kozzfjdbksnpdsrsumqv	Web Spam
🇧🇪 taivas.nl	2026-06-02 17:02:10 (2 days ago)	Bad_requests	Bad Web Bot
🇺🇸 chronos	2026-06-02 04:05:25 (3 days ago)	[AUTORAVALT][[02/06/2026 - 01:05:25 -03:00 UTC] Attack from [171.25.158.113] Action: BLocKed Bad We ... show more [AUTORAVALT][[02/06/2026 - 01:05:25 -03:00 UTC] Attack from [171.25.158.113] Action: BLocKed Bad Web Bot -> Webpage scraping (email extraction, content, etc.) crawlers that do not respect robots.txt. Excessive requests and user agent spoofing. ] ... show less	Bad Web Bot
🇬🇧 oncord	2026-06-01 08:37:06 (4 days ago)	Form spam	Web Spam
🇺🇸 TPI-Abuse	2026-06-01 08:05:29 (4 days ago)	(mod_security) mod_security (id:210730) triggered by 171.25.158.113 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 171.25.158.113 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 04:05:21.334634 2026] [security2:error] [pid 24311:tid 24323] [client 171.25.158.113:48320] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|flutelesson.nl\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "flutelesson.nl"] [uri "/dump.sql"] [unique_id "ah09QQSkJAWcsWb6MMOU9gAAAMc"], referer: flutelesson.nl/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-05-31 22:05:18 (4 days ago)	Abuse Detected (1)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 06:16:17 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 171.25.158.113 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 171.25.158.113 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 02:16:12.887942 2026] [security2:error] [pid 30009:tid 30009] [client 171.25.158.113:51656] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.z-industrial.com"] [uri "/.git/config"] [unique_id "ahvSLIqD-wf29wNDBoTNmwAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 01:37:01 (5 days ago)	(mod_security) mod_security (id:210730) triggered by 171.25.158.113 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 171.25.158.113 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 30 21:36:56.798436 2026] [security2:error] [pid 6661:tid 6661] [client 171.25.158.113:46630] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kmashburn.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kmashburn.com"] [uri "/dump.sql"] [unique_id "ahuQuJzabbQbG35zRvtGVgAAABU"], referer: kmashburn.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-30 00:50:05 (6 days ago)	(mod_security) mod_security (id:210730) triggered by 171.25.158.113 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 171.25.158.113 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 20:49:55.703644 2026] [security2:error] [pid 12957:tid 12957] [client 171.25.158.113:38892] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|davesievers.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "davesievers.com"] [uri "/dump.sql"] [unique_id "aho0M5-RHOv58DsW3mEG2wAAABM"], referer: davesievers.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-29 07:19:21 (1 week ago)	(mod_security) mod_security (id:210350) triggered by 171.25.158.113 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210350) triggered by 171.25.158.113 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 03:19:16.537902 2026] [security2:error] [pid 19730:tid 19730] [client 171.25.158.113:38476] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|instructionalsimulations.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "instructionalsimulations.com"] [uri "/cpanel/"] [unique_id "ahk99C-QLFw9mba27HbNMgAAAB8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 17:50:29 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 171.25.158.113 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 171.25.158.113 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 13:50:21.212993 2026] [security2:error] [pid 11698:tid 11698] [client 171.25.158.113:46122] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|howietaylor.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "howietaylor.com"] [uri "/dump.sql"] [unique_id "ahcu3ZOmQvpWlPxCpBTxjQAAAC8"], referer: howietaylor.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 04:23:46 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 171.25.158.113 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 171.25.158.113 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 00:23:39.546707 2026] [security2:error] [pid 2848:tid 2848] [client 171.25.158.113:38340] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|memrfixitok.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "memrfixitok.com"] [uri "/dump.sql"] [unique_id "ahZxy_WIXnsvC74Jg_bkCAAAACQ"], referer: memrfixitok.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-23 18:58:40 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 171.25.158.113 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 171.25.158.113 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 23 14:58:32.519881 2026] [security2:error] [pid 24410:tid 24410] [client 171.25.158.113:35040] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|soleillavie.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "soleillavie.com"] [uri "/dump.sql"] [unique_id "ahH42JqODiGmzju8Ur-YIwAAAAk"], referer: soleillavie.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇮🇩 securejdprop	2026-05-22 21:09:16 (1 week ago)	This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET TOR Known Tor E ... show more This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET TOR Known Tor Exit Node Traffic group 18). Ip 171.25.158.113 performed 'crowdsecurity/suricata-major-severity' (1 events over 0s) at 2026-05-22 21:09:15.473883336 +0000 UTC show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-05-16 14:40:06 (2 weeks ago)	(mod_security) mod_security (id:210730) triggered by 171.25.158.113 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 171.25.158.113 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 16 10:40:00.831300 2026] [security2:error] [pid 8313:tid 8313] [client 171.25.158.113:33758] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|printorganic.com\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "printorganic.com"] [uri "/anywheregarden.com"] [unique_id "agiBwD-KhLkz3ArPa6h1ogAAABI"], referer: http://printorganic.com/anywheregarden.com show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 59 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇦🇺 103.208.219.38

🇺🇸 172.210.68.13

🇳🇱 162.159.113.33

🇩🇪 141.11.250.227

🇮🇳 139.59.21.124

🇳🇱 104.23.170.130

🇬🇧 31.14.254.120

🇺🇸 20.64.104.251

🇨🇳 220.161.52.149

🇩🇪 213.209.159.56

🇵🇰 182.190.144.227

🇮🇩 114.10.47.235

🇻🇳 112.78.4.53

🇳🇱 104.23.166.77

🇨🇳 101.126.54.167

🇭🇰 45.142.154.33

🇳🇱 45.94.31.222

🇬🇧 35.203.210.250

🇸🇪 31.208.108.219

🇹🇼 198.235.24.95