JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.168.118.211

104.168.118.211 was found in our database!

This IP was reported 5 times. Confidence of Abuse is 0%: ?

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	104-168-118-211-host.colocrossing.com
Domain Name	hostpapa.com
Country	🇺🇸 United States of America
City	Buffalo, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.168.118.211

Whois 104.168.118.211

IP Abuse Reports for 104.168.118.211:

This IP address has been reported a total of 5 times from 2 distinct sources. 104.168.118.211 was first reported on January 26th 2025, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-01-27 04:23:13 (4 months ago)	(mod_security) mod_security (id:221260) triggered by 104.168.118.211 (104-168-118-211-host.colocross ... show more (mod_security) mod_security (id:221260) triggered by 104.168.118.211 (104-168-118-211-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 26 23:23:10.292310 2026] [security2:error] [pid 8340:tid 8456] [client 104.168.118.211:34499] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|whm.kettlehill.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whm.kettlehill.com"] [uri "/debug.cgi"] [unique_id "aXg9rpdz8F31Nrc2UVRE8AAAAo4"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-17 18:16:32 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.168.118.211 (104-168-118-211-host.colocross ... show more (mod_security) mod_security (id:210492) triggered by 104.168.118.211 (104-168-118-211-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 13:16:25.885191 2026] [security2:error] [pid 10224:tid 10224] [client 104.168.118.211:51739] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/.env.www"] [unique_id "aWvR-YQF6900xI9f9tVFPwAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-26 23:12:34 (10 months ago)	(mod_security) mod_security (id:221260) triggered by 104.168.118.211 (104-168-118-211-host.colocross ... show more (mod_security) mod_security (id:221260) triggered by 104.168.118.211 (104-168-118-211-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 19:08:26.544769 2025] [security2:error] [pid 27651:tid 27878] [client 104.168.118.211:53573] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|autodiscover.staging.kettlehill.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.staging.kettlehill.com"] [uri "/"] [unique_id "aIVf6q1-ZZtwgx0Wzfst1AAAAUU"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-29 16:19:08 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 104.168.118.211 (104-168-118-211-host.colocross ... show more (mod_security) mod_security (id:210730) triggered by 104.168.118.211 (104-168-118-211-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 12:19:01.270879 2025] [security2:error] [pid 2948899:tid 2948899] [client 104.168.118.211:47663] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.farmers123.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.farmers123.com"] [uri "/database.sql"] [unique_id "aDiI9Y_YMcv7qV9-143yegAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-01-26 03:10:20 (1 year ago)	\| A web attack returned code 200 (success).	Hacking SQL Injection Web App Attack

Showing 1 to 5 of 5 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 164.92.211.104

🇮🇳 128.185.225.78

🇭🇰 118.193.39.103

🇳🇱 45.148.10.151

🇰🇼 37.34.237.45

🇮🇩 34.128.101.224

🇬🇧 34.39.25.155

🇮🇳 13.203.73.59

🇨🇳 223.73.141.83

🇳🇱 195.178.110.30

🇫🇷 176.177.9.11

🇺🇸 173.16.14.61

🇫🇷 172.71.122.198

🇮🇪 168.63.79.147

🇺🇸 119.12.205.204

🇺🇸 104.23.187.115

🇺🇸 98.159.37.107

🇺🇸 71.68.224.87

🇨🇱 66.249.85.12

🇦🇺 54.252.170.250