JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.164.173.34

104.164.173.34 was found in our database!

This IP was reported 97 times. Confidence of Abuse is 16%: ?

16%

ISP	EGIHosting
Usage Type	Data Center/Web Hosting/Transit
ASN	AS18779
Domain Name	egihosting.com
Country	🇺🇸 United States of America
City	Santa Clara, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.164.173.34

Whois 104.164.173.34

IP Abuse Reports for 104.164.173.34:

This IP address has been reported a total of 97 times from 35 distinct sources. 104.164.173.34 was first reported on July 25th 2023, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇭 Origon	2026-06-21 04:56:07 (2 days ago)	http-crawl-non_statics - IP: 104.164.173.34 - time="2026-06-21T06:56:07+02:00" level=info msg="(555 ... show more http-crawl-non_statics - IP: 104.164.173.34 - time="2026-06-21T06:56:07+02:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-crawl-non_statics by ip 104.164.173.34 (US/18779) : 4h ban on Ip 104.164.173.34" module=db show less	Bad Web Bot
🇩🇪 IVski	2026-05-31 13:16:40 (3 weeks ago)	IVski WAF \| Rate limit exceeded or DoS pattern detected - multiple rapid requests	DDoS Attack Bad Web Bot
🇺🇸 lavnet.net	2026-05-06 07:19:13 (1 month ago)	104.164.173.34 - - [06/May/2026:07:19:12 +0000] "GET /assets/built/screen.css%3Fv%3D421ef6b03c HTTP/ ... show more 104.164.173.34 - - [06/May/2026:07:19:12 +0000] "GET /assets/built/screen.css%3Fv%3D421ef6b03c HTTP/1.1" 404 3004 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36" 104.164.173.34 - - [06/May/2026:07:19:12 +0000] "GET /https%3A/ghost.lavweb.com/ HTTP/1.1" 404 3003 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36" 104.164.173.34 - - [06/May/2026:07:19:12 +0000] "GET /https%3A/ghost.lavweb.com/rss/ HTTP/1.1" 404 3458 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36" 104.164.173.34 - - [06/May/2026:07:19:12 +0000] "GET /https%3A/ghost.lavweb.com/webmentions/receive/ HTTP/1.1" 404 3457 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36" 104.164.173.34 - - [06/May/2026:07:19:12 +0000] "GET /public/cards.min.css%3Fv%3D421ef6b03c HTTP/1.1" 404 3003 "-" "Mozilla/5.0 (X ... show less	Brute-Force
🇨🇭 Origon	2026-04-21 15:48:00 (2 months ago)	http-probing - IP: 104.164.173.34 - time="2026-04-21T17:48:00+02:00" level=info msg="(555f66b4f6a74 ... show more http-probing - IP: 104.164.173.34 - time="2026-04-21T17:48:00+02:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-probing by ip 104.164.173.34 (US/18779) : 4h ban on Ip 104.164.173.34" module=db show less	Web App Attack
🇫🇷 Octopuce	2026-04-17 14:50:04 (2 months ago)	Aggressive web search of vulnerable pages: /Lyon/http%3A/voyeaud.org/Lyon/14_18/ /Lyon/14_18/http%3A ... show more Aggressive web search of vulnerable pages: /Lyon/http%3A/voyeaud.org/Lyon/14_18/ /Lyon/14_18/http%3A/www.memorial-genweb.org/ /Lyon/14_18/http% ... show less	Web App Attack
🇺🇸 Charlesiv	2026-03-09 20:04:00 (3 months ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE ASN: 18779 (EGIHO ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE ASN: 18779 (EGIHOSTING - EGIHosting) Protocol: HTTP/1.1 (GET method) Endpoint: / Timestamp: 2026-03-09T18:32:45Z Ray ID: 9d9c2a0328a81b51 UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 show less	Bad Web Bot
🇵🇱 IROK	2026-01-27 22:06:25 (4 months ago)	Firewall Blocked - Unauthorized Port Scanning ...	Port Scan
🇺🇸 TPI-Abuse	2026-01-25 06:01:37 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.164.173.34 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.164.173.34 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 25 01:01:31.267658 2026] [security2:error] [pid 5609:tid 5609] [client 104.164.173.34:19484] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "needtoorder.us"] [uri "/USE-To-BLOCKwww.countryipblocks.net.htaccess"] [unique_id "aXWxu-DS3aHgc40HoqlYAAAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 HandyTreff.de	2026-01-17 21:07:17 (5 months ago)	Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -62.379 (Bad < -10 / Very Bad < -20 ... show more Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -62.379 (Bad < -10 / Very Bad < -20 / Extreme < -35) \| UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0. show less	Bad Web Bot Web App Attack
🇩🇪 Mr-Money	2026-01-17 18:24:24 (5 months ago)	scenario: crowdsecurity/http-probing - events: 11	Hacking Web App Attack
🇯🇵 beon	2026-01-17 02:08:00 (5 months ago)	This IP performed automated reconnaissance and vulnerability scanning against my server between 2026 ... show more This IP performed automated reconnaissance and vulnerability scanning against my server between 2026-01-16T01:38:06Z and 2026-01-16T01:38:10Z UTC. Observed automated reconnaissance behavior involving URL-encoded external URLs used as request paths. Characteristics: - GET requests such as: /https%3A/www.abuseipdb.com/user/(some account num) /https%3A/(hostname)%3F(some querys)... /https%3A/(with sub).(hostname)/ - Same URL-encoded format reused - External URLs used directly as path components - Multiple IP addresses exhibiting similar behavior - No accompanying normal browsing activity This behavior is consistent with automated SSRF/RFI existence checks or path-based URL handling probes. show less	Hacking Brute-Force Web App Attack
🇵🇱 mscode.pl	2025-12-17 22:47:27 (6 months ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: / UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 show less	Bad Web Bot
🇨🇭 Origon	2025-12-07 11:24:57 (6 months ago)	http-probing - IP: 104.164.173.34 - time="2025-12-07T12:24:57+01:00" level=info msg="(555f66b4f6a74 ... show more http-probing - IP: 104.164.173.34 - time="2025-12-07T12:24:57+01:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-probing by ip 104.164.173.34 (US/18779) : 4h ban on Ip 104.164.173.34" module=db show less	Web App Attack
🇨🇭 backslash	2025-11-18 09:40:06 (7 months ago)	block ruleset CC531825F9395F9A07FB06C1247C46770A2690F8	Bad Web Bot
🇨🇭 blinx	2025-11-17 15:15:15 (7 months ago)	Suspicious activity detected by Modsecurity	Web Spam Port Scan Hacking Bad Web Bot Web App Attack

Showing 1 to 15 of 97 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 207.174.2.240

🇹🇭 165.154.120.223

🇳🇱 45.148.10.152

🇦🇷 186.139.179.228

🇩🇪 165.22.76.65

🇺🇸 157.230.186.59

🇺🇸 144.202.37.139

🇺🇸 66.132.186.204

🇳🇱 66.33.215.239

🇩🇪 198.7.114.240

🇺🇸 193.3.53.8

🇩🇪 83.169.38.142

🇧🇬 79.124.62.134

🇸🇮 31.57.216.7

🇭🇰 20.255.152.91

🇳🇱 164.92.220.118

🇺🇸 162.216.149.108

🇭🇰 152.32.171.73

🇨🇦 138.197.130.251

🇺🇸 135.237.126.218