JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 173.0.9.170

173.0.9.170 was found in our database!

This IP was reported 7 times. Confidence of Abuse is 4%: ?

ISP	Tier.Net Technologies LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS397423
Domain Name	tier.net
Country	🇺🇸 United States of America
City	Leesburg, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 173.0.9.170

Whois 173.0.9.170

IP Abuse Reports for 173.0.9.170:

This IP address has been reported a total of 7 times from 2 distinct sources. 173.0.9.170 was first reported on July 1st 2025, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-01 02:28:37 (4 days ago)	(mod_security) mod_security (id:210730) triggered by 173.0.9.170 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 173.0.9.170 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 22:28:18.182655 2026] [security2:error] [pid 7732:tid 7765] [client 173.0.9.170:38083] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kettlehill.net\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.net"] [uri "/application/logs/application.log"] [unique_id "ahzuQiKq_i-FrRbJEDIFyAAAAVM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-01 11:36:17 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 173.0.9.170 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 173.0.9.170 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 01 06:34:47.807225 2026] [security2:error] [pid 16720:tid 16839] [client 173.0.9.170:51011] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kettlehill.net\|F\|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.net"] [uri "/privatekey.key"] [unique_id "aX86V3gN2ebRaezbXtJFvgAAAUY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-16 10:00:31 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 173.0.9.170 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 173.0.9.170 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 05:00:13.368698 2026] [security2:error] [pid 2645:tid 2645] [client 173.0.9.170:40317] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.nbcnewsradio.com"] [uri "/.svn/wc.db"] [unique_id "aWoMLbMnNrGEA-LNq2wMKAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-12 16:49:20 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 173.0.9.170 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 173.0.9.170 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 12 11:49:07.944066 2025] [security2:error] [pid 24858:tid 24858] [client 173.0.9.170:57065] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nbcnewsradio.com"] [uri "/.env.bak"] [unique_id "aRS6g2mPWlut0EroBPdKuQAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-10-21 02:10:06 (7 months ago)	\| Suspicious URL access.	Hacking SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2025-08-05 20:50:33 (9 months ago)	(mod_security) mod_security (id:210730) triggered by 173.0.9.170 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 173.0.9.170 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 05 16:50:18.345006 2025] [security2:error] [pid 30488:tid 30488] [client 173.0.9.170:50725] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.nbcnewsradio.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.nbcnewsradio.com"] [uri "/errors.log"] [unique_id "aJJuihn8qBgikWDe42MpvQAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-01 05:58:06 (11 months ago)	(mod_security) mod_security (id:212620) triggered by 173.0.9.170 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:212620) triggered by 173.0.9.170 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 01 01:57:49.658159 2025] [security2:error] [pid 15241:tid 15288] [client 173.0.9.170:41267] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|staging.kettlehill.com\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /wpdmpro/list-packages/?orderby=title\\x22><script>alert(1)</script>&order=asc"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "staging.kettlehill.com"] [uri "/wpdmpro/list-packages/"] [unique_id "aGN43XYF3eGjRiRZ58ZKwQAAAEo"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 7 of 7 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 136.107.25.233

🇳🇱 45.148.10.151

🇺🇸 36.255.215.27

🇮🇶 194.31.220.229

🇺🇸 150.107.38.251

🇺🇸 147.185.132.27

🇧🇷 138.255.207.113

🇱🇦 115.84.114.157

🇰🇷 106.247.22.181

🇹🇷 95.70.185.105

🇺🇸 65.49.1.75

🇨🇳 58.211.39.86

🇺🇸 3.144.153.69

🇺🇸 162.216.149.181

🇺🇸 162.142.125.0

🇦🇷 143.202.96.250

🇪🇪 109.206.241.199

🇮🇩 103.180.165.117

🇷🇴 92.118.39.62

🇺🇸 66.132.195.18