JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 194.99.25.238

194.99.25.238 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 4%: ?

ISP	FINE GROUP SERVERS SOLUTIONS LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS26548
Domain Name	finegroupservers.com
Country	🇺🇸 United States of America
City	Seattle, Washington

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 194.99.25.238

Whois 194.99.25.238

IP Abuse Reports for 194.99.25.238:

This IP address has been reported a total of 21 times from 13 distinct sources. 194.99.25.238 was first reported on September 4th 2021, and the most recent report was 20 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 el-brujo	2026-06-13 13:34:57 (20 hours ago)	Cloudflare WAF: Request Path: /register2.html Request Query: Host: foro.elhacker.net userAgent: Moz ... show more Cloudflare WAF: Request Path: /register2.html Request Query: Host: foro.elhacker.net userAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36 Action: managed_challenge Source: firewallCustom ASN Description: PureVoltage Hosting Inc. Country: US Method: POST Timestamp: 2026-06-13T13:34:57Z ruleId: 5012d84c6d9f467499149a3cd38d0b9d. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇺🇸 fbarela	2025-11-12 01:00:57 (7 months ago)	FortiGate SSL VPN login failures.	Hacking Brute-Force
🇺🇸 IT Support	2025-10-28 16:01:00 (7 months ago)		Hacking Brute-Force
🇲🇽 licjperezl	2025-06-19 19:45:30 (11 months ago)	Ataque de diccionario o DDoS en nuestros servicios en linea	Brute-Force
🇨🇭 backslash	2025-05-24 05:02:05 (1 year ago)		Bad Web Bot
🇺🇸 TPI-Abuse	2025-05-06 05:27:29 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 194.99.25.238 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 194.99.25.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 06 01:27:23.516950 2025] [security2:error] [pid 629774:tid 629774] [client 194.99.25.238:50007] [client 194.99.25.238] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|vitalitywebb.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "vitalitywebb.com"] [uri "/backstore/Golden-Technologies/pics/Golden Technologies 2009 Marketing CD/Power Chairs/Compass/Thumbs.db"] [unique_id "aBmdu0XViSo1vtem4bF34wAAAAQ"], referer: https://vitalitywebb.com/backstore/Golden-Technologies/pics/Golden%20Technologies%202009%20Marketing%20CD/Power%20Chairs/Compass/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-03-05 10:02:16 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 194.99.25.238 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 194.99.25.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 05 05:02:09.900584 2025] [security2:error] [pid 39215:tid 39215] [client 194.99.25.238:21521] [client 194.99.25.238] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|vitalitywebb.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "vitalitywebb.com"] [uri "/backstore/Barcalounger/Images/Kendall II/Thumbs.db"] [unique_id "Z8ghIe_h96WcyQwX9ilcoAAAAAM"], referer: https://vitalitywebb.com/backstore/Barcalounger/Images/Kendall%20II/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Anonymous	2025-02-28 16:00:00 (1 year ago)	Brute force attack detected from 194.99.25.238	DDoS Attack Brute-Force Web App Attack
🇺🇸 Anonymous	2025-02-28 16:00:00 (1 year ago)	Brute force attack detected from 194.99.25.238	DDoS Attack Brute-Force Web App Attack
🇺🇸 Anonymous	2025-02-28 16:00:00 (1 year ago)	Brute force attack detected from 194.99.25.238	DDoS Attack Brute-Force Web App Attack
🇺🇸 Anonymous	2025-02-28 16:00:00 (1 year ago)	Brute force attack detected from 194.99.25.238	DDoS Attack Brute-Force Web App Attack
🇺🇸 Anonymous	2025-02-28 16:00:00 (1 year ago)	Brute force attack detected from 194.99.25.238	DDoS Attack Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2024-11-05 08:45:24 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 194.99.25.238 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 194.99.25.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 05 03:45:20.128822 2024] [security2:error] [pid 4000407:tid 4000407] [client 194.99.25.238:42827] [client 194.99.25.238] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|vitalitywebb.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "vitalitywebb.com"] [uri "/backstore/Barcalounger/Images/Horizon II/Horizon II/Stargo Black/originals/Thumbs.db"] [unique_id "ZynbIDr42e2XioVhGJeovgAAABA"], referer: https://vitalitywebb.com/backstore/Barcalounger/Images/Horizon%20II/Horizon%20II/Stargo%20Black/originals/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 wil.com	2024-09-25 04:33:24 (1 year ago)	GlobalProtect login attempts with user cvandermillion.	VPN IP Brute-Force
🇺🇸 lostswordfish.com	2024-05-21 02:45:07 (2 years ago)		Brute-Force SSH

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 193.163.125.85

🇨🇳 139.196.101.34

🇨🇳 120.230.22.79

🇳🇱 89.21.67.160

🇮🇹 79.45.111.204

🇺🇸 34.229.116.75

🇧🇷 179.176.210.17

🇨🇳 175.11.106.168

🇵🇭 136.158.71.62

🇮🇳 103.191.208.203

🇳🇱 93.123.109.114

🇮🇷 93.118.167.203

🇺🇸 68.235.61.155

🇺🇸 34.186.71.24

🇬🇧 2a06:4880:4000::6d

🇩🇪 213.209.159.56

🇩🇪 212.80.7.172

🇸🇪 171.25.158.57

🇨🇳 120.48.15.138

🇵🇰 110.93.224.226