JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.168.118.128

104.168.118.128 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 0%: ?

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	104-168-118-128-host.colocrossing.com
Domain Name	hostpapa.com
Country	🇺🇸 United States of America
City	Buffalo, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.168.118.128

Whois 104.168.118.128

IP Abuse Reports for 104.168.118.128:

This IP address has been reported a total of 10 times from 4 distinct sources. 104.168.118.128 was first reported on June 1st 2025, and the most recent report was 2 months ago.

Old Reports: The most recent abuse report for this IP address is from 2 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇹 Inartis	2026-04-18 18:21:38 (2 months ago)	104.168.118.128 - - [18/Apr/2026:20:21:38 +0200] "GET /.gitlab-ci/variables.yml HTTP/1.1" 404 3649 " ... show more 104.168.118.128 - - [18/Apr/2026:20:21:38 +0200] "GET /.gitlab-ci/variables.yml HTTP/1.1" 404 3649 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" ... show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-01 12:45:52 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.168.118.128 (104-168-118-128-host.colocross ... show more (mod_security) mod_security (id:210492) triggered by 104.168.118.128 (104-168-118-128-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 01 07:45:44.902188 2026] [security2:error] [pid 12299:tid 12333] [client 104.168.118.128:60343] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.kettlehill.net"] [uri "/.env.prod.local"] [unique_id "aX9K-M_CAppeKcdveJ3j2AAAAI8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 23:02:44 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.168.118.128 (104-168-118-128-host.colocross ... show more (mod_security) mod_security (id:210492) triggered by 104.168.118.128 (104-168-118-128-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 18:02:38.304749 2025] [security2:error] [pid 18737:tid 18737] [client 104.168.118.128:35645] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autoconfig.farmers123.com"] [uri "/.env.www"] [unique_id "aS9wDi_ZeAzdbjhc4NHiiwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-01 06:23:20 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.168.118.128 (104-168-118-128-host.colocross ... show more (mod_security) mod_security (id:210492) triggered by 104.168.118.128 (104-168-118-128-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 01:23:08.420345 2025] [security2:error] [pid 27471:tid 27501] [client 104.168.118.128:59931] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htpasswd" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.kettlehill.net"] [uri "/.htpasswd"] [unique_id "aS00THLXOKC0tXS7y0kpDgAAAI0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Moby	2025-11-01 21:51:25 (7 months ago)	104.168.118.128 - - [01/Nov/2025:15:36:10 -0500] "GET /header.php.bak HTTP/1.1" 404 984 "-" "Mozilla ... show more 104.168.118.128 - - [01/Nov/2025:15:36:10 -0500] "GET /header.php.bak HTTP/1.1" 404 984 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" Sat Nov 01 16:02:00.347604 2025104.168.118.128 - - [01/Nov/2025:16:02:01 -0500] "GET /infophp.php HTTP/1.1" 404 984 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" 104.168.118.128 - - [01/Nov/2025:16:50:28 -0500] "GET /75.88.18.218.z HTTP/1.1" 404 984 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2025-10-28 20:52:26 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.168.118.128 (104-168-118-128-host.colocross ... show more (mod_security) mod_security (id:210492) triggered by 104.168.118.128 (104-168-118-128-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 16:52:21.209638 2025] [security2:error] [pid 547:tid 547] [client 104.168.118.128:35313] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htpasswd" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.nbcnewsradio.com"] [uri "/.htpasswd"] [unique_id "aQEtBd-oavXn7SleN8wv2QAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-01 17:08:51 (8 months ago)	(mod_security) mod_security (id:210492) triggered by 104.168.118.128 (104-168-118-128-host.colocross ... show more (mod_security) mod_security (id:210492) triggered by 104.168.118.128 (104-168-118-128-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 13:08:46.040304 2025] [security2:error] [pid 30036:tid 30071] [client 104.168.118.128:49771] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.kettlehill.net"] [uri "/.svn/entries"] [unique_id "aN1gHp4Gg6n9TdaAp9h_SgAAAIQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-01 06:37:56 (10 months ago)	(mod_security) mod_security (id:210730) triggered by 104.168.118.128 (104-168-118-128-host.colocross ... show more (mod_security) mod_security (id:210730) triggered by 104.168.118.128 (104-168-118-128-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 02:37:48.129098 2025] [security2:error] [pid 3331488:tid 3331548] [client 104.168.118.128:46719] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.kettlehill.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.kettlehill.com"] [uri "/settings.php.bak"] [unique_id "aIxgvAesNFIDOFtp0dFk3wAAAEM"], referer: http://ftp.kettlehill.com/settings.php.bak show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-06-01 17:30:04 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2025-06-01 06:53:22 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 104.168.118.128 (104-168-118-128-host.colocross ... show more (mod_security) mod_security (id:210730) triggered by 104.168.118.128 (104-168-118-128-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 02:53:14.695452 2025] [security2:error] [pid 2749697:tid 2749814] [client 104.168.118.128:48259] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|autodiscover.kettlehill.net\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "autodiscover.kettlehill.net"] [uri "/database.php.bak"] [unique_id "aDv42mzUxJS8AZi9Bz3UbAAAAE8"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 185.220.101.147

🇳🇱 93.123.72.183

🇫🇷 85.217.140.53

🇷🇺 85.174.194.137

🇳🇱 74.125.181.217

🇺🇸 65.49.1.130

🇺🇸 40.124.175.5

🇸🇪 31.59.160.12

🇱🇦 183.182.117.190

🇨🇳 150.255.38.190

🇺🇸 134.33.66.164

🇭🇷 85.203.20.245

🇺🇸 65.49.1.105

🇲🇽 187.190.88.72

🇳🇴 185.12.59.118

🇬🇧 139.59.181.93

🇰🇷 125.244.114.221

🇨🇳 110.249.201.7

🇯🇵 87.249.128.218

🇭🇷 85.203.20.37