JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.129.199.72

104.129.199.72 was found in our database!

This IP was reported 23 times. Confidence of Abuse is 0%: ?

ISP	Zscaler, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS22616
Domain Name	zscaler.com
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.129.199.72

Whois 104.129.199.72

IP Abuse Reports for 104.129.199.72:

This IP address has been reported a total of 23 times from 13 distinct sources. 104.129.199.72 was first reported on March 7th 2023, and the most recent report was 1 year ago.

Old Reports: The most recent abuse report for this IP address is from 1 year ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 hostseries	2024-07-29 22:05:43 (1 year ago)	Trigger: LF_DISTATTACK	Brute-Force
🇺🇸 TPI-Abuse	2024-07-08 10:24:04 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 104.129.199.72 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 104.129.199.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 08 06:23:57.683285 2024] [security2:error] [pid 3950] [client 104.129.199.72:14975] [client 104.129.199.72] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 128.127.104.80 (1+1 hits since last alert)\|www.fusionrep.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.fusionrep.com"] [uri "/xmlrpc.php"] [unique_id "Zou-PetZWC9G1VYZrCYKMgAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-07-08 06:23:06 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 104.129.199.72 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 104.129.199.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 08 02:23:01.955473 2024] [security2:error] [pid 31144:tid 47067375937280] [client 104.129.199.72:5951] [client 104.129.199.72] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 217.64.127.195 (0+1 hits since last alert)\|leadingedgesupply.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "leadingedgesupply.com"] [uri "/xmlrpc.php"] [unique_id "ZouFxVYf7OloJog1Kmem1QAAAM4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-07-08 03:54:16 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 104.129.199.72 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 104.129.199.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 07 23:54:08.812821 2024] [security2:error] [pid 13582] [client 104.129.199.72:63739] [client 104.129.199.72] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 141.98.102.179 (1+1 hits since last alert)\|www.abcollie.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.abcollie.com"] [uri "/xmlrpc.php"] [unique_id "Zoti4LuJwzZQmCaBAaMWowAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2024-06-19 19:35:00 (1 year ago)	"Scanning for multiple vulnerable file extensions and wp-login.php xmlrpc.php"	Web App Attack
Anonymous	2024-06-19 19:35:00 (1 year ago)	"Scanning for multiple vulnerable file extensions and wp-login.php xmlrpc.php"	Web App Attack
Anonymous	2024-06-19 19:35:00 (1 year ago)	"Scanning for multiple vulnerable file extensions and wp-login.php xmlrpc.php"	Web App Attack
Anonymous	2023-09-22 22:52:07 (2 years ago)		Web Spam Email Spam Blog Spam Bad Web Bot Web App Attack
🇩🇪 BarBonnetje	2023-05-15 11:01:48 (3 years ago)	May 15 13:01:43 SID=6462111765579.nullresp PID=3664975 SRC=104.129.199.72 SPT=28095 ET=00:00:04 ...	Brute-Force SSH
Anonymous	2023-05-13 11:30:32 (3 years ago)	port scan and connect, tcp 22 (ssh)	Port Scan
🇫🇷 nicosqc	2023-05-13 11:29:13 (3 years ago)	Invalid user admin from 104.129.199.72 port 13244	Brute-Force SSH
🇿🇦 IrisFlower	2023-05-12 22:15:02 (3 years ago)	Unauthorized connection attempt detected from IP address 104.129.199.72 to port 22 [J]	Port Scan Hacking
🇿🇦 IrisFlower	2023-05-12 20:41:49 (3 years ago)	Unauthorized connection attempt detected from IP address 104.129.199.72 to port 22 [J]	Port Scan Hacking
🇭🇰 seadog007	2023-05-12 18:19:53 (3 years ago)	Apr 17 22:04:18 swarmbyte sshd[2728636]: Invalid user admin from 104.129.199.72 port 20094 May 12 18 ... show more Apr 17 22:04:18 swarmbyte sshd[2728636]: Invalid user admin from 104.129.199.72 port 20094 May 12 18:19:52 swarmbyte sshd[2103059]: Invalid user Admin from 104.129.199.72 port 65524 ... show less	Brute-Force SSH
🇫🇷 LRNP	2023-05-12 04:35:42 (3 years ago)	May 12 04:35:38 helium sshd[51906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid ... show more May 12 04:35:38 helium sshd[51906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.129.199.72 May 12 04:35:39 helium sshd[51906]: Failed password for invalid user admin from 104.129.199.72 port 17023 ssh2 May 12 04:35:42 helium sshd[51906]: Connection closed by invalid user admin 104.129.199.72 port 17023 [preauth] ... show less	Brute-Force SSH

Showing 1 to 15 of 23 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇴 193.32.162.125

🇮🇳 117.235.16.40

🇨🇳 103.85.174.162

🇨🇳 61.169.193.210

🇮🇳 59.180.132.118

🇺🇸 2607:f298:6:a014::8c8:bbc2

🇰🇷 211.250.66.64

🇵🇭 203.177.99.217

🇨🇳 202.105.98.252

🇲🇰 185.193.240.246

🇹🇷 185.169.182.23

🇺🇸 170.106.165.186

🇮🇳 122.166.49.42

🇨🇦 104.255.152.19

🇺🇸 104.248.177.83

🇺🇸 100.29.192.66

🇮🇹 93.65.152.38

🇯🇵 87.76.198.198

🇧🇬 79.124.40.110

🇦🇱 79.98.119.2