JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 82.25.107.159

82.25.107.159 was found in our database!

This IP was reported 32 times. Confidence of Abuse is 100%: ?

100%

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS47583
Domain Name	netutils.io
Country	🇮🇳 India
City	Mumbai, Maharashtra

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 82.25.107.159

Whois 82.25.107.159

IP Abuse Reports for 82.25.107.159:

This IP address has been reported a total of 32 times from 24 distinct sources. 82.25.107.159 was first reported on June 6th 2026, and the most recent report was 4 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇺 paulshipley.com.au	2026-06-08 00:50:52 (4 minutes ago)	[Mon Jun 08 10:50:51.396592 2026] [security2:error] [pid 44052] [client 82.25.107.159:40210] [client ... show more [Mon Jun 08 10:50:51.396592 2026] [security2:error] [pid 44052] [client 82.25.107.159:40210] [client 82.25.107.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "angleseaarthouse.com.au"] [uri "/laravel/.env"] [unique_id "aiYR6zshT02a7CbSM5HAKwAAAA8"] ... show less	Web App Attack
🇫🇷 ✨	2026-06-08 00:44:06 (11 minutes ago)	Domain : djstefanotesta.com Rule : env 2026-06-08 00:42:34 *hidden-privacy* GET /dev/.env - 443 ... show more Domain : djstefanotesta.com Rule : env 2026-06-08 00:42:34 *hidden-privacy* GET /dev/.env - 443 - 82.25.107.159 HTTP/1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 - djstefanotesta.com 301 0 0 446 227 109 - - show less	Hacking SQL Injection
🇺🇸 TPI-Abuse	2026-06-07 19:04:54 (5 hours ago)	(mod_security) mod_security (id:210492) triggered by 82.25.107.159 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 82.25.107.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 15:04:48.565600 2026] [security2:error] [pid 2887:tid 2887] [client 82.25.107.159:42564] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jackkerrigan.com"] [uri "/api/.env.save"] [unique_id "aiXA0D5SUF47KIfbJFGmPAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 17:34:11 (7 hours ago)	(mod_security) mod_security (id:210492) triggered by 82.25.107.159 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 82.25.107.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 13:34:05.405130 2026] [security2:error] [pid 19640:tid 19640] [client 82.25.107.159:51946] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "senecaalumni.com"] [uri "/core/.env"] [unique_id "aiWrjVNFtJygNIDl39-WRQAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-07 16:41:03 (8 hours ago)	Bot / scanning and/or hacking attempts: GET /laravel/.env HTTP/1.1, GET /.env HTTP/1.1, GET /admin/. ... show more Bot / scanning and/or hacking attempts: GET /laravel/.env HTTP/1.1, GET /.env HTTP/1.1, GET /admin/.env HTTP/1.1, GET /api/.env HTTP/1.1, GET /backend/.env HTTP/1.1, GET /dev/.env HTTP/1.1, GET /members/.env HTTP/1.1, GET /core/.env HTTP/1.1, GET /app/.env HTTP/1.1, GET /api/.env.save HTTP/1.1, GET /core/.env.save HTTP/1.1, GET /.env.save HTTP/1.1 show less	Hacking Web App Attack
🇳🇱 debestelapp	2026-06-07 16:30:06 (8 hours ago)		Web App Attack
🇩🇪 paissangroup	2026-06-07 15:18:31 (9 hours ago)	Multiple WAF Violations	Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 12:22:50 (12 hours ago)	(mod_security) mod_security (id:210492) triggered by 82.25.107.159 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 82.25.107.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 08:22:43.536950 2026] [security2:error] [pid 30549:tid 30549] [client 82.25.107.159:52924] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "garantagroup.com"] [uri "/api/.env"] [unique_id "aiVik5v8ggCKvFEJsjH7oQAAACM"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇺 DZBOT	2026-06-07 11:34:00 (13 hours ago)	DZBOT: Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
🇫🇷 masterguru	2026-06-07 10:24:27 (14 hours ago)	Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-201)	Hacking Web App Attack
🇩🇪 big-cloud.nl	2026-06-07 10:21:57 (14 hours ago)	Try to access /.env	Web App Attack
🇩🇪 ghostwarriors	2026-06-07 10:20:04 (14 hours ago)	Attempts against non-existent wp-login	Brute-Force Web App Attack
🇧🇾 lns.bz	2026-06-07 09:57:42 (14 hours ago)	.env scanning [BY]	Web App Attack
🇦🇺 AWW-Admin	2026-06-07 09:07:07 (15 hours ago)	(mod_security) mod_security triggered on hostname [redacted] 82.25.107.159 (IN/India/-)	SQL Injection
🇳🇱 wlt-blocker	2026-06-07 08:38:52 (16 hours ago)	Unauthorized access to webpage admin	Web App Attack

Showing 1 to 15 of 32 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.180.246.51

🇬🇧 192.248.150.180

🇨🇳 162.14.81.53

🇺🇸 129.153.145.135

🇺🇸 107.175.156.152

🇿🇦 102.129.56.145

🇭🇰 34.92.135.118

🇹🇷 5.181.87.35

🇨🇳 220.202.112.205

🇭🇰 199.45.154.182

🇸🇦 176.44.64.73

🇨🇳 115.191.10.40

🇨🇳 111.229.35.233

🇺🇸 104.243.43.19

🇺🇸 104.194.10.16

🇨🇳 101.201.101.120

🇪🇸 90.162.116.66

🇹🇷 88.255.189.50

🇧🇬 79.124.62.122

🇺🇸 47.251.254.233