JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 194.99.25.127

194.99.25.127 was found in our database!

This IP was reported 25 times. Confidence of Abuse is 3%: ?

ISP	FINE GROUP SERVERS SOLUTIONS LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS26548
Domain Name	finegroupservers.com
Country	🇺🇸 United States of America
City	Seattle, Washington

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 194.99.25.127

Whois 194.99.25.127

IP Abuse Reports for 194.99.25.127:

This IP address has been reported a total of 25 times from 17 distinct sources. 194.99.25.127 was first reported on April 12th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 Oakley	2026-06-10 18:21:19 (1 week ago)	(confirmed_bot_sig) Confirmed bot	Hacking
🇺🇸 TPI-Abuse	2026-03-15 04:16:41 (3 months ago)	(mod_security) mod_security (id:225170) triggered by 194.99.25.127 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 194.99.25.127 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 15 00:16:33.264492 2026] [security2:error] [pid 29897:tid 29897] [client 194.99.25.127:65327] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|thegamblefamily.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "thegamblefamily.com"] [uri "/wp-json/wp/v2/users"] [unique_id "abYyoRggmo7PZrgihPJnoQAAAAQ"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 relianoid.com	2025-12-30 07:26:42 (5 months ago)	POST Abuse detected by Relianoid OSS Load Balancer - relianoid.com	Web Spam
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:19 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇱🇻 garmtech.com	2025-12-12 07:40:00 (6 months ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 09-39.194.99.25.127.web-spamme ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 09-39.194.99.25.127.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack
🇩🇪 HandyTreff.de	2025-11-05 17:18:11 (7 months ago)	Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -17.89 (Bad < -10 / Very Bad < -20) ... show more Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -17.89 (Bad < -10 / Very Bad < -20) \| UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.4483.1 show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-12 23:42:47 (8 months ago)	(mod_security) mod_security (id:210350) triggered by 194.99.25.127 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 194.99.25.127 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 12 19:42:42.089557 2025] [security2:error] [pid 26369:tid 26369] [client 194.99.25.127:40661] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|integratic.com.co\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "integratic.com.co"] [uri "/admin"] [unique_id "aOw88sSkEOwfST8S4gJRsQAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 wil.com	2025-10-08 15:30:24 (8 months ago)	GlobalProtect login attempts with user eliod.	VPN IP Brute-Force
🇨🇭 backslash	2025-06-19 13:35:06 (1 year ago)	block ruleset CC531825F9395F9A07FB06C1247C46770A2690F8	Bad Web Bot
🇦🇺 MAGIC	2025-06-19 10:06:58 (1 year ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇲🇽 licjperezl	2025-06-05 18:01:31 (1 year ago)	Ataque de diccionario o DDoS en nuestros servicios en linea	Brute-Force
🇩🇪 on-com	2025-05-20 22:55:29 (1 year ago)	URL scan	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-05-06 04:49:32 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 194.99.25.127 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 194.99.25.127 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 06 00:49:21.797953 2025] [security2:error] [pid 586961:tid 586961] [client 194.99.25.127:44709] [client 194.99.25.127] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|vitalitywebb.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "vitalitywebb.com"] [uri "/backstore/Barcalounger/Images/Bermuda/Thumbs.db"] [unique_id "aBmU0TlFddD952dNp8jG9gAAABY"], referer: https://vitalitywebb.com/backstore/Barcalounger/Images/Bermuda/ show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Buster	2025-03-27 12:48:00 (1 year ago)	Continual pointless childish script kiddie attack DDOS attempts on multiple sites from Perm Blocked ... show more Continual pointless childish script kiddie attack DDOS attempts on multiple sites from Perm Blocked ASN and country: show less	DDoS Attack Open Proxy Hacking Web App Attack
🇳🇱 Roderic	2024-12-31 10:35:03 (1 year ago)	(apache-bow-document) Failed apache-bow-scanners trigger with match [redacted] from 194.99.25.127 (U ... show more (apache-bow-document) Failed apache-bow-scanners trigger with match [redacted] from 194.99.25.127 (US/United States/-) show less	Hacking

Showing 1 to 15 of 25 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇵🇰 2404:3100:18fc:adf6:85e1:77f9:2423:741f

🇺🇸 209.50.171.81

🇷🇺 188.120.244.192

🇳🇱 185.213.174.98

🇵🇪 161.132.50.236

🇮🇹 158.173.77.100

🇮🇹 158.173.77.25

🇨🇳 117.50.50.224

🇹🇼 111.70.32.52

🇺🇸 107.150.100.201

🇺🇸 98.192.74.183

🇷🇺 94.137.25.71

🇷🇴 92.118.39.74

🇷🇴 80.94.92.171

🇳🇱 45.128.199.245

🇪🇬 41.37.213.206

🇺🇸 20.118.32.171

🇩🇪 8.209.100.130

🇧🇪 198.235.24.182

🇬🇧 193.32.209.254