JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 107.173.37.12

107.173.37.12 was found in our database!

This IP was reported 286 times. Confidence of Abuse is 100%: ?

100%

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	107-173-37-12-host.colocrossing.com
Domain Name	hostpapa.com
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 107.173.37.12

Whois 107.173.37.12

IP Abuse Reports for 107.173.37.12:

This IP address has been reported a total of 286 times from 172 distinct sources. 107.173.37.12 was first reported on April 14th 2026, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇺 Mengda Wen	2026-05-23 05:44:57 (3 weeks ago)	Automated threat activity observed on 2026-05-23. Categories: bad_web_bot, hacking.	Bad Web Bot Hacking
🇳🇱 e.fierstra	2026-05-14 01:28:04 (1 month ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-14 00:25:57 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 107.173.37.12 (107-173-37-12-host.colocrossing. ... show more (mod_security) mod_security (id:210492) triggered by 107.173.37.12 (107-173-37-12-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 13 20:25:50.026584 2026] [security2:error] [pid 2479:tid 2479] [client 107.173.37.12:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.ccamp.dev"] [uri "/public/.env"] [unique_id "agUWjht7E0bmxqLXBoRs0wAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-13 23:31:47 (1 month ago)	(mod_security) mod_security triggered on hostname [redacted] 107.173.37.12 (US/United States/107-173 ... show more (mod_security) mod_security triggered on hostname [redacted] 107.173.37.12 (US/United States/107-173-37-12-host.colocrossing.com) show less	SQL Injection
🇺🇸 TPI-Abuse	2026-05-13 22:54:20 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 107.173.37.12 (107-173-37-12-host.colocrossing. ... show more (mod_security) mod_security (id:210492) triggered by 107.173.37.12 (107-173-37-12-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 13 18:54:12.932297 2026] [security2:error] [pid 2939:tid 2939] [client 107.173.37.12:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "365soft.top"] [uri "/admin/.env"] [unique_id "agUBFL2RQHL5h3B3zeFXpgAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-05-13 22:43:35 (1 month ago)	Excessive multi-domain requests	Brute-Force
🇳🇱 Joop	2026-05-13 21:35:16 (1 month ago)	2026-05-13 23:35:13 +0200 s2 /.git/config	Web App Attack
🇦🇺 clapper	2026-05-13 21:14:48 (1 month ago)	(mod_security) mod_security (id:949110) triggered by 107.173.37.12 (US/United States/107-173-37-12-h ... show more (mod_security) mod_security (id:949110) triggered by 107.173.37.12 (US/United States/107-173-37-12-host.colocrossing.com): 5 in the last 600 secs; ID: rub show less	Brute-Force Bad Web Bot
🇺🇸 nyt	2026-05-13 20:53:38 (1 month ago)	Bad Web Bot, Web App Attack, suspicious: 404 flood (16/60s)	Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-05-13 20:33:38 (1 month ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 CollideTech	2026-05-13 19:22:37 (1 month ago)	Probing wordpress site	Web App Attack
🇩🇪 updown.io	2026-05-13 16:56:14 (1 month ago)	{"level":"info","ts":1778691372.2497683,"logger":"http.log.access.log0","msg":"handled request","req ... show more {"level":"info","ts":1778691372.2497683,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"107.173.37.12","remote_port":"47278","client_ip":"107.173.37.12","proto":"HTTP/1.1","method":"GET","host":"djpn.status.updown.io","uri":"/api/.env","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["none"],"Accept-Encoding":["gzip"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36"],"Accept-Language":["en-US,en;q=0.9"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-User":["?1"],"Upgrade-Insecure-Requests":["1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"djpn.status.updown.io"}},"bytes_read":0,"user_id":"","duration":0.000556378,"size":0,"status":429,"resp_headers":{"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Retry-After":["1"]}} {" ... show less	DDoS Attack Web App Attack
🇺🇸 TPI-Abuse	2026-05-13 16:46:53 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 107.173.37.12 (107-173-37-12-host.colocrossing. ... show more (mod_security) mod_security (id:210492) triggered by 107.173.37.12 (107-173-37-12-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 13 12:46:48.129638 2026] [security2:error] [pid 3383:tid 3383] [client 107.173.37.12:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.hcoahawaii.org"] [uri "/.env"] [unique_id "agSq-EufMx_Ulj1_WRCDjAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇦 URAN Publishing Service	2026-05-13 16:00:44 (1 month ago)	107.173.37.12 - - [13/May/2026:19:00:43 +0300] "GET /backend/.env HTTP/1.1" 404 707 "-" "Mozilla/5.0 ... show more 107.173.37.12 - - [13/May/2026:19:00:43 +0300] "GET /backend/.env HTTP/1.1" 404 707 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" 107.173.37.12 - - [13/May/2026:19:00:43 +0300] "GET /.env HTTP/1.1" 404 707 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36" ... show less	Web App Attack
🇫🇷 masterguru	2026-05-13 15:47:44 (1 month ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 107.173.37.12 (US/United States/107-1 ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 107.173.37.12 (US/United States/107-173-37-12-host.colocrossing.com): 2 in the last 3600 secs (0-201) show less	Hacking

Showing 1 to 15 of 286 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇿 185.136.201.73

🇷🇺 178.178.222.55

🇲🇽 177.232.88.189

🇻🇳 116.107.223.195

🇿🇦 102.64.33.107

🇺🇸 65.49.139.223

🇳🇱 45.156.87.204

🇺🇸 44.217.39.161

🇩🇪 8.209.127.86

🇨🇳 221.226.232.42

🇪🇸 188.164.195.116

🇷🇺 188.0.178.55

🇳🇱 185.213.174.141

🇺🇸 149.72.236.79

🇫🇷 143.244.57.123

🇨🇳 111.113.88.186

🇳🇱 93.123.109.167

🇫🇷 91.231.89.48

🇨🇦 85.217.149.43

🇮🇩 36.68.27.185