AbuseIPDB » 104.244.78.162

104.244.78.162 was found in our database!

This IP was reported 1,944 times. Confidence of Abuse is 80%: ?

80%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	BuyVM
Usage Type	Data Center/Web Hosting/Transit
ASN	AS53667
Domain Name	frantech.ca
Country	Luxembourg
City	Luxembourg, Luxembourg

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 104.244.78.162

Whois 104.244.78.162

IP Abuse Reports for 104.244.78.162:

This IP address has been reported a total of 1,944 times from 496 distinct sources. 104.244.78.162 was first reported on October 28th 2023, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
TPI-Abuse	2025-06-22 03:06:38 (1 day ago)	(mod_security) mod_security (id:210831) triggered by 104.244.78.162 (-): 1 in the last 300 secs; Por ... show more(mod_security) mod_security (id:210831) triggered by 104.244.78.162 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 21 23:06:30.157658 2025] [security2:error] [pid 1376473:tid 1376473] [client 104.244.78.162:51400] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.charityroast.net|F|4"] [data "panscient.com"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.charityroast.net"] [uri "/robots.txt"] [unique_id "aFdzNnwAOPoQPH12Fl4NfAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
SiteXL	2025-06-21 03:06:01 (2 days ago)	{"event":{"DateTime":"2025-06-21T02:56:05Z","RemoteAddr":"104.244.78.162:44436","Protocol":"SSH","Co ... show more{"event":{"DateTime":"2025-06-21T02:56:05Z","RemoteAddr":"104.244.78.162:44436","Protocol":"SSH","Command":"","CommandOutput":"","Status":"Stateless","Msg":"New SSH Login Attempt","ID":"446cb23d-1586-4b96-81e9-f25958973645","Environ":"","User":"root","Password":"root","Client":"SSH-2.0-OpenSSH_9.9","Headers":null,"Cookies":"","UserAgent":"","HostHTTPRequest":"","Body":"","HTTPMethod":"","RequestURI":"","Description":"SSH interactive","SourceIp":"104.244.78.162","SourcePort":"44436","TLSServerName":"","Handler":""},"level":"info","msg":"New Event","status":"Stateless"} {"event":{"DateTime":"2025-06-21T02:56:05Z","RemoteAddr":"104.244.78.162:44436","Protocol":"SSH","Command":"LC_ALL=C top -bn1","CommandOutput":"top - 17:24:05 up 25 days, 3:42, 1 user, load average: 0.00, 0.01, 0.05\nTasks: 102 total, 1 running, 101 sleeping, 0 stopped, 0 zombie\n%Cpu(s): 0.3 us, 0.1 sy, 0.0 ni, 99.4 id, 0.1 wa, 0.0 hi, 0.1 si, 0.0 st\nKiB Mem : 8163408 total, 1847328 free, 2436500 used, 3880080 buff/cache\nK show less	Port Scan Hacking Brute-Force SSH
TPI-Abuse	2025-06-20 22:11:27 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 104.244.78.162 (-): 1 in the last 300 secs; Por ... show more(mod_security) mod_security (id:210492) triggered by 104.244.78.162 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 20 18:11:21.477372 2025] [security2:error] [pid 2920832:tid 2920832] [client 104.244.78.162:33830] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.chooseyourowntrail.com"] [uri "/.git/config"] [unique_id "aFXciUTCNejOR6shul__7QAAAC0"] show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-06-19 03:12:11 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 104.244.78.162 (-): 1 in the last 300 secs; Por ... show more(mod_security) mod_security (id:210492) triggered by 104.244.78.162 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 18 23:11:56.227800 2025] [security2:error] [pid 3466198:tid 3466198] [client 104.244.78.162:35406] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "global.ic1.biz"] [uri "/.git/config"] [unique_id "aFN__AYFBw9ruBTuZUEWVgAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
oncord	2025-06-17 01:12:06 (6 days ago)	Form spam	Web Spam
octageeks.com	2025-06-16 04:06:54 (1 week ago)	Wordpress malicious attack:[sshd]	Web App Attack
oncord	2025-06-14 01:10:29 (1 week ago)	Form spam	Web Spam
uira.live	2025-06-13 20:54:25 (1 week ago)	Malicious activity detected from 53667 PONYNET towards host uira.live (GET HTTP/2) @ 2025-06-13T20:5 ... show moreMalicious activity detected from 53667 PONYNET towards host uira.live (GET HTTP/2) @ 2025-06-13T20:54:25Z (10 occurrences) show less	DDoS Attack
jfz-abuse	2025-06-13 10:19:06 (1 week ago)	fail2ban: apache-php-recon ...	Web App Attack
dynamix	2025-06-10 07:25:47 (1 week ago)	Multiple WAF Violations	Web App Attack
LRob.fr	2025-06-09 23:00:09 (2 weeks ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
Site.eu	2025-06-09 10:53:08 (2 weeks ago)	Excessive multi-domain requests	Brute-Force
digitallodge.cloud	2025-06-08 23:40:23 (2 weeks ago)	Blocked on port 32408 (TTL:247, LEN:67, TOS:0x00). Reason: UFW BLOCK IN=eth0 OUT= MAC=00:11:22:33:44 ... show moreBlocked on port 32408 (TTL:247, LEN:67, TOS:0x00). Reason: UFW BLOCK IN=eth0 OUT= MAC=00:11:22:33:44:55 SRC=104.244.78.162 DST=45.134.39.16 LEN=67 TOS=0x00 PREC=0x00 TTL=247 ID=12345 PROTO=TCP SPT=12345 DPT=32408 WINDOW=65535 RES=0x00 SYN URGP=0. Reported by DigitalLodge Security. show less	Hacking Brute-Force
vexhost.pl	2025-06-08 17:01:18 (2 weeks ago)	Suspicous activity [srv-R9-1] | 2025-06-08 17:01:18 UTC	Brute-Force
vexhost.pl	2025-06-07 22:21:45 (2 weeks ago)	Suspicous activity [srv-R9-1] | 2025-06-07 22:21:45 UTC	Brute-Force

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩