JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.164.173.139

104.164.173.139 was found in our database!

This IP was reported 73 times. Confidence of Abuse is 14%: ?

14%

ISP	EGIHosting
Usage Type	Data Center/Web Hosting/Transit
ASN	AS18779
Domain Name	egihosting.com
Country	🇺🇸 United States of America
City	Santa Clara, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.164.173.139

Whois 104.164.173.139

IP Abuse Reports for 104.164.173.139:

This IP address has been reported a total of 73 times from 35 distinct sources. 104.164.173.139 was first reported on June 6th 2023, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇷🇴 StarTech Team	2026-06-13 13:22:46 (1 week ago)	Web App Atack	Web App Attack
🇮🇹 VHosting	2026-05-25 23:00:05 (4 weeks ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇺🇸 mnsf	2026-05-12 11:05:23 (1 month ago)	Too many Status 40X (12)	Brute-Force Web App Attack
🇬🇧 cybersteve99	2026-04-05 21:03:49 (2 months ago)	Too many 4xx Requests -	Brute-Force Web App Attack
🇨🇭 backslash	2026-03-20 04:51:00 (3 months ago)	block ruleset AA06B7315BA6AEB6421B52F0B32E14B509FD5FF0	SQL Injection
🇺🇸 TPI-Abuse	2026-03-16 04:06:47 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.164.173.139 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 104.164.173.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 16 00:06:39.171586 2026] [security2:error] [pid 807521:tid 807521] [client 104.164.173.139:32522] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "needtoorder.us"] [uri "/USE-To-BLOCKwww.countryipblocks.net.htaccess"] [unique_id "abeBz-2UvEffHq-Ll3WYhAAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 Security@Home	2026-03-10 08:26:43 (3 months ago)	104.164.173.139 - - [10/Mar/2026:09:26:42 +0100] "GET /https%3A/pt.homenetworksecurity.eu/index.html ... show more 104.164.173.139 - - [10/Mar/2026:09:26:42 +0100] "GET /https%3A/pt.homenetworksecurity.eu/index.html HTTP/1.1" 404 72 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36" 104.164.173.139 - - [10/Mar/2026:09:26:42 +0100] "GET /https%3A/assets.homenetworksecurity.eu/styles/styles.css%3Fv%3D1.4 HTTP/1.1" 404 72 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36" 104.164.173.139 - - [10/Mar/2026:09:26:42 +0100] "GET /https%3A/www.homenetworksecurity.eu/index.html HTTP/1.1" 404 72 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36" ... show less	Web App Attack
🇩🇪 big-cloud.nl	2026-03-04 01:45:59 (3 months ago)	Try to access /https%3A/www.wierengareclame.nl/xmlrpc.php	Web App Attack
Anonymous	2026-02-28 18:57:34 (3 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-probing	Web App Attack Hacking
🇪🇸 gnom4ik	2026-02-21 04:03:44 (4 months ago)	ban-reviewer auto report; ip=104.164.173.139; scenario=http:scan; verdict=valid_ban; confidence=0.85 ... show more ban-reviewer auto report; ip=104.164.173.139; scenario=http:scan; verdict=valid_ban; confidence=0.85; categories=14,15,18; active_decisions=1; lookback_decisions=1; nginx_requests=0; appsec_matches=0; auth_events=0; kernel_events=0; signals=scan/exploit pattern detected (http:scan scenario); IP has been flagged for port scanning activities; decision was made based on abuseipdb context with relevant categories show less	Port Scan Hacking Brute-Force
🇩🇪 findlab	2026-02-16 14:00:03 (4 months ago)	Backdrop CMS module - malicious activity detected	Bad Web Bot Web App Attack
🇵🇱 IROK	2026-01-09 05:38:41 (5 months ago)	Firewall Blocked - Unauthorized Port Scanning ...	Port Scan
🇮🇩 hermawan	2026-01-04 17:47:17 (5 months ago)	[Mon Jan 05 00:47:16.403204 2026] [security2:error] [pid 85014:tid 140058924324544] [client 104.164. ... show more [Mon Jan 05 00:47:16.403204 2026] [security2:error] [pid 85014:tid 140058924324544] [client 104.164.173.139:51332] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "%3d" at REQUEST_FILENAME. [file "/etc/modsecurity/coreruleset-4.20.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "88"] [id "448101"] [msg "BAD REQUEST FILENAME - Detected and Blocked"] [data "Matched Data: %3d found within REQUEST_FILENAME: /index.php%3Fmodule%3DProxy%26action%3DgetCss%26cb%3D0a76cf9b183a618878b965fde393085f request_line = GET /index.php%3Fmodule%3DProxy%26action%3DgetCss%26cb%3D0a76cf9b183a618878b965fde393085f HTTP/1.1"] [severity "NOTICE"] [hostname "matomo.staklim-malang.info"] [uri "/index.php%3Fmodule%3DProxy%26action%3DgetCss%26cb%3D0a76cf9b183a618878b965fde393085f"] [unique_id "aVqnpLRiOur5K5oyhd-JFwAAAEA"] [matomo.staklim-malang.info] [matomo.staklim-malang.info] top=[85067] [qD1qiFPAHCI] [aVqnpLRiOur5K5oyhd-JFwAAAEA] keep_alive=[0] [2026-01-05 00:47:16.403218] [R:aVqnpLRiO ... show less	Hacking Web App Attack
🇵🇱 ketovoila.pl	2025-12-15 17:54:14 (6 months ago)	ketovoila.pl HONEYPOT traffic: count=1, paths=1; sample_path=ketovoila.pl/; UA=Mozilla/5.0 (X11; Lin ... show more ketovoila.pl HONEYPOT traffic: count=1, paths=1; sample_path=ketovoila.pl/; UA=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36; window=2025-12-15T17:17:02Z..2025-12-15T17:17:02Z show less	Port Scan Hacking Brute-Force
🇨🇿 huginet	2025-12-03 03:04:27 (6 months ago)	104.164.173.139 - - [03/Dec/2025:04:04:27 +0100] "GET /http%3A/coppermine-gallery.net/ HTTP/1.1" 404 ... show more 104.164.173.139 - - [03/Dec/2025:04:04:27 +0100] "GET /http%3A/coppermine-gallery.net/ HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" 104.164.173.139 - - [03/Dec/2025:04:04:27 +0100] "GET /index.php%3Fcat%3D0 HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" ... show less	Web Spam Web App Attack

Showing 1 to 15 of 73 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 195.230.103.250

🇨🇳 112.6.227.209

🇩🇪 69.5.169.181

🇺🇸 64.62.156.174

🇩🇪 43.228.157.8

🇷🇴 193.32.162.84

🇺🇸 172.212.174.123

🇨🇦 85.217.149.3

🇭🇰 23.100.91.106

🇺🇸 2400:cb00:612:1000:9aad:bf5c:d9da:e99b

🇪🇸 185.127.128.40

🇰🇷 121.181.194.23

🇯🇵 118.194.229.94

🇧🇬 79.124.59.78

🇺🇸 65.49.20.74

🇲🇾 47.254.255.111

🇳🇱 45.142.193.161

🇯🇵 20.89.138.37

🇻🇳 125.212.217.143

🇮🇳 122.187.228.231