JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.104.148.102

172.104.148.102 was found in our database!

This IP was reported 22 times. Confidence of Abuse is 71%: ?

71%

ISP	Linode
Usage Type	Data Center/Web Hosting/Transit
ASN	AS63949
Hostname(s)	172-104-148-102.ip.linodeusercontent.com
Domain Name	linode.com
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.104.148.102

Whois 172.104.148.102

IP Abuse Reports for 172.104.148.102:

This IP address has been reported a total of 22 times from 13 distinct sources. 172.104.148.102 was first reported on June 8th 2026, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇱🇹 SaturdayNightLive	2026-06-14 00:01:20 (4 days ago)	Port scan on 41327	Port Scan Hacking
🇩🇪 Admins@FBN	2026-06-13 15:35:58 (5 days ago)	Threat Host blocked...	Hacking
🇺🇸 TPI-Abuse	2026-06-13 08:29:34 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 172.104.148.102 (172-104-148-102.ip.linodeuserc ... show more (mod_security) mod_security (id:240335) triggered by 172.104.148.102 (172-104-148-102.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 04:29:26.474498 2026] [security2:error] [pid 17080:tid 17080] [client 172.104.148.102:60228] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 172.104.148.102 (+1 hits since last alert)\|ekur-art.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "ekur-art.com"] [uri "/xmlrpc.php"] [unique_id "ai0U5tzgQHq7E_YMo3hWXAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 stinpriza	2026-06-13 06:05:11 (5 days ago)	Web App Attack	Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 02:07:18 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 172.104.148.102 (172-104-148-102.ip.linodeuserc ... show more (mod_security) mod_security (id:210492) triggered by 172.104.148.102 (172-104-148-102.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 22:07:11.972235 2026] [security2:error] [pid 4801:tid 4801] [client 172.104.148.102:43344] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.spiritofacorn.com"] [uri "/.git/config"] [unique_id "aiy7T2VjnFCX3djRg-5VugAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-06-13 00:31:01 (5 days ago)	Web attack/malicious scanning detected	Web App Attack
🇱🇹 SaturdayNightLive	2026-06-12 23:59:28 (5 days ago)	Port scan on 41327	Port Scan Hacking
🇺🇸 oncord	2026-06-12 23:48:13 (5 days ago)	Form spam	Web Spam
🇨🇭 backslash	2026-06-12 22:03:02 (5 days ago)	block ruleset 3D3AFA921A373ECE19B6BA285C2D722163304638	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-12 20:59:19 (5 days ago)	(mod_security) mod_security (id:225170) triggered by 172.104.148.102 (172-104-148-102.ip.linodeuserc ... show more (mod_security) mod_security (id:225170) triggered by 172.104.148.102 (172-104-148-102.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 16:59:13.597876 2026] [security2:error] [pid 28275:tid 28275] [client 172.104.148.102:53320] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|onlinesuretybonds.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "onlinesuretybonds.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aixzIbISaZaBs1RnyhFcygAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 polido	2026-06-12 18:27:55 (5 days ago)	Unauthorized connection attempt to port 443 from 172.104.148.102	Port Scan
🇺🇸 TPI-Abuse	2026-06-12 18:10:08 (5 days ago)	(mod_security) mod_security (id:225170) triggered by 172.104.148.102 (172-104-148-102.ip.linodeuserc ... show more (mod_security) mod_security (id:225170) triggered by 172.104.148.102 (172-104-148-102.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 14:10:02.834254 2026] [security2:error] [pid 28747:tid 28747] [client 172.104.148.102:44784] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|coolcustomweddingproducts.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "coolcustomweddingproducts.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aixLeqLrExHN861bSh2E3gAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-12 18:05:42 (5 days ago)	Abuse Detected (1)	Brute-Force Web App Attack
🇩🇪 conseilgouz	2026-06-12 11:55:24 (6 days ago)	maw-(visforms) : try to access forms...	Hacking
🇩🇪 psauxit	2026-06-12 10:29:39 (6 days ago)	Fail2Ban - NGINX heavily bad-bot, possible vulnerability scanning and excessive crawling/scraping	Bad Web Bot Web App Attack Hacking Web Spam

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 198.235.24.103

🇵🇱 194.180.49.219

🇺🇸 154.83.197.50

🇧🇷 45.162.8.14

🇺🇸 45.130.83.246

🇩🇿 154.241.86.233

🇺🇸 152.32.207.234

🇳🇱 93.123.72.183

🇪🇸 88.98.104.229

🇺🇸 74.82.47.29

🇺🇸 65.49.1.217

🇭🇰 45.142.154.15

🇬🇧 35.203.211.136

🇺🇸 18.234.161.2

🇺🇸 217.181.71.67

🇲🇽 209.178.136.62

🇧🇪 198.235.24.238

🇸🇪 155.4.31.215

🇧🇷 129.121.50.245

🇸🇪 74.241.134.117