JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.131.9.27

104.131.9.27 was found in our database!

This IP was reported 214 times. Confidence of Abuse is 100%: ?

100%

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Hostname(s)	db3-int.qeryz.com
Domain Name	digitalocean.com
Country	🇺🇸 United States of America
City	Clifton, New Jersey

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.131.9.27

Whois 104.131.9.27

IP Abuse Reports for 104.131.9.27:

This IP address has been reported a total of 214 times from 62 distinct sources. 104.131.9.27 was first reported on June 22nd 2023, and the most recent report was 8 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇵🇱 genokrad	2026-06-29 08:37:00 (8 hours ago)	Unauthorized connection attempt on TCP/6379 (Redis)	Port Scan
🇨🇿 lp	2026-06-29 08:01:40 (9 hours ago)	anomaly: tcp_port_scan, 501 > threshold 500, repeats 22533 times	Port Scan
🇩🇪 andrepcg	2026-06-28 06:48:04 (1 day ago)	Port scanning (104.131.9.27 -> :6379)	Port Scan Brute-Force
🇫🇷 EDSL	2026-06-28 05:15:05 (1 day ago)	[SRV-VPN1] Blocked by SysWarden Firewall (Database/Cache Attack)	Brute-Force Port Scan Hacking
🇧🇷 diego	2026-06-28 05:09:32 (1 day ago)	[rede-164-29] 06/28/2026-02:09:32.550691, 104.131.9.27, Protocol: 6, ET CINS Active Threat Intellige ... show more [rede-164-29] 06/28/2026-02:09:32.550691, 104.131.9.27, Protocol: 6, ET CINS Active Threat Intelligence Poor Reputation IP group 149 show less	Hacking
🇳🇱 VMHeaven.io	2026-06-28 05:05:03 (1 day ago)	Blocked by UFW [6379/tcp] Source port: 57833 TTL: 48 Packet length: 60	Port Scan
🇳🇱 ByeByte API	2026-06-28 05:05:03 (1 day ago)	byebyte.space auth: TCP packet to port 6379 (Redis) at 2026-06-28T05:05:03Z. Source port 10632. TCP ... show more byebyte.space auth: TCP packet to port 6379 (Redis) at 2026-06-28T05:05:03Z. Source port 10632. TCP flags: SYN. Packet: 60B, TTL 50, window 29200, IP id 2482. Single packet, dropped at firewall. p0f: OS Linux 2.2.x-3.x (generic match), 14 hops, link Ethernet or modem. show less	Port Scan
🇩🇪 guldkage	2026-06-28 05:02:26 (1 day ago)	Unauthorized connection attempt detected from IP address 104.131.9.27 to port 6379 (ger-02) [REDIS]	Exploited Host
🇳🇱 COMPLEX	2026-06-28 04:28:00 (1 day ago)	Unsolicited TCP traffic \| Action: DROP \| Port 6379	Brute-Force
🇨🇳 pengpeng	2026-06-27 20:09:09 (1 day ago)	monitor: on VM-0-7-ubuntu \| port: 6379 \| ttl: 251 script: github.com/sefinek/UFW-AbuseIPDB-Reporter	Port Scan
🇺🇸 k3rn3l109	2026-06-27 16:02:20 (2 days ago)	Sentinel honeypot: opencanary-redis hit on fake Redis service (server-01-CA) UA=opencanary	Port Scan Hacking
🇨🇦 Arpan Sen	2026-06-27 15:49:51 (2 days ago)	Network port/address scan: probed 1 distinct port(s) across 64 host(s); 100% of connections received ... show more Network port/address scan: probed 1 distinct port(s) across 64 host(s); 100% of connections received no service (SYN, no reply) -- passive network sensor. show less	Port Scan
Anonymous	2026-06-27 15:23:57 (2 days ago)	2026-06-27T16:23:56.909149+01:00 vps kernel: [44313980.198953] [PORTSCAN DETECTED] IN=ens3 OUT= MAC= ... show more 2026-06-27T16:23:56.909149+01:00 vps kernel: [44313980.198953] [PORTSCAN DETECTED] IN=ens3 OUT= MAC=fa:16:3e:66:f6:24:02:37:19:0d:c2:f3:08:00 SRC=104.131.9.27 DST=54.37.14.118 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=11248 DF PROTO=TCP SPT=12957 DPT=6379 WINDOW=29200 RES=0x00 SYN URGP=0 ... show less	Port Scan Brute-Force
🇩🇪 heyzg	2026-06-27 08:48:00 (2 days ago)	HTTP Malware Staging (observed): 26 cmds, 2 HTTP, 10s; attempted remote file download & cron persist ... show more HTTP Malware Staging (observed): 26 cmds, 2 HTTP, 10s; attempted remote file download & cron persistence; payload: hxxp://34[.]70[.]205[.]211/plugins-dist/safehtml/lang/font/kworker, hxxp://38[.]150[.]0[.]118/dewfhuewr4r89/98hy67//kworker; external IP: 34[.]70[.]205[.]211, 38[.]150[.]0[.]118 show less	Hacking Exploited Host SSH
🇳🇵 radheykrishna.com.np	2026-06-27 05:15:12 (2 days ago)	Jun 27 11:00:11 kernel: [6027172.944830] [UFW BLOCK] IN=ens160 OUT= SRC=104.131.9.27 LEN=60 TOS=0x00 ... show more Jun 27 11:00:11 kernel: [6027172.944830] [UFW BLOCK] IN=ens160 OUT= SRC=104.131.9.27 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=55875 DF PROTO=TCP SPT=56877 DPT=6379 WINDOW=29200 RES=0x00 SYN URGP=0 ... show less	Port Scan

Showing 1 to 15 of 214 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 185.147.157.141

🇸🇬 8.219.132.71

🇮🇷 2.180.171.220

🇺🇸 107.150.105.116

🇮🇳 103.132.243.250

🇫🇮 95.133.253.196

🇫🇷 85.217.140.6

🇺🇸 72.167.44.205

🇳🇱 45.148.10.121

🇻🇳 27.79.42.228

🇰🇷 20.194.24.159

🇨🇳 14.103.46.139

🇩🇪 8.209.90.19

🇺🇸 209.250.4.237

🇹🇼 198.235.24.122

🇹🇼 198.235.24.86

🇧🇷 179.125.91.65

🇧🇷 177.128.224.122

🇺🇸 173.247.255.22

🇮🇳 152.58.58.70