AbuseIPDB » 107.172.62.104

107.172.62.104 was found in our database!

This IP was reported 919 times. Confidence of Abuse is 49%: ?

49%

ISP	RackNerd LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	107-172-62-104-host.colocrossing.com
Domain Name	racknerd.com
Country	United States of America
City	Buffalo, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 107.172.62.104

Whois 107.172.62.104

IP Abuse Reports for 107.172.62.104:

This IP address has been reported a total of 919 times from 503 distinct sources. 107.172.62.104 was first reported on February 22nd 2024, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago. It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
ThreatBook.io	2025-06-27 23:28:28 (2 weeks ago)	ThreatBook Intelligence: Scanner more details on http://threatbook.io/ip/107.172.62.104 2025-0 ... show moreThreatBook Intelligence: Scanner more details on http://threatbook.io/ip/107.172.62.104 2025-06-27 01:01:14 / 2025-06-27 01:05:01 / show less	Web App Attack
JCB	2025-06-27 14:57:00 (2 weeks ago)	107.172.62.104 - - [27/Jun/2025:05:29:10 +0300] "GET /icons/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2 ... show more107.172.62.104 - - [27/Jun/2025:05:29:10 +0300] "GET /icons/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd HTTP/1.1" 400 438 "-" "-" 107.172.62.104 - - [27/Jun/2025:05:29:10 +0300] "GET /icons/../../../../../../etc/passwd HTTP/1.1" 400 438 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/608.2.11 (KHTML, like Gecko) Version/13 Safari/608.2.11" ... show less	Hacking Web App Attack
www.winos.me	2025-06-24 12:16:43 (2 weeks ago)	stream fail	Web App Attack
TPI-Abuse	2025-06-19 00:02:17 (3 weeks ago)	(mod_security) mod_security (id:217200) triggered by 107.172.62.104 (107-172-62-104-host.colocrossin ... show more(mod_security) mod_security (id:217200) triggered by 107.172.62.104 (107-172-62-104-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 18 20:02:12.881731 2025] [security2:error] [pid 3259491:tid 3259491] [client 107.172.62.104:51976] ModSecurity: Access denied with code 403 (phase 1). Match of "endsWith /wp-cron.php" against "REQUEST_FILENAME" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "103"] [id "217200"] [rev "2"] [msg "COMODO WAF: HTTP/1.1 POST request missing Content-Length Header||192.64.150.25:80|F|2"] [data "/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "192.64.150.25"] [uri "/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh"] [unique_id "aFNThMWFCeFaEk4JzNeAGwAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
BlueWire Hosting	2025-06-18 20:10:08 (3 weeks ago)	Detected as a bad bot	Bad Web Bot
ps-center	2025-06-17 23:26:31 (3 weeks ago)	C1: Web Attack GET /icons/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65 ... show moreC1: Web Attack GET /icons/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/etc/passwd show less	Web Spam Hacking Bad Web Bot Web App Attack
Anonymous	2025-06-17 20:40:36 (3 weeks ago)		DNS Compromise DDoS Attack
IRT@Unisi	2025-06-17 16:41:16 (3 weeks ago)	web_app:PHP.User.Agent.Backdoor.Command.Injection	Web App Attack
penjaga BRIN	2025-06-17 08:41:06 (3 weeks ago)	Apache HTTP Server Path Traversal Vulnerability(91752)	Web App Attack
JCB	2025-06-16 15:13:00 (3 weeks ago)	107.172.62.104 - - [15/Jun/2025:23:13:28 0300] "GET /cgi-bin/../../../../etc/passwd HTTP/1.1" 400 2 ... show more107.172.62.104 - - [15/Jun/2025:23:13:28 0300] "GET /cgi-bin/../../../../etc/passwd HTTP/1.1" 400 226 "-" "Mozilla/5.0 (SS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36" 107.172.62.104 - - [15/Jun/2025:23:13:32 0300] "POST /cgi-bin/../../../../../../bin/sh HTTP/1.1" 400 226 "-" "Mozilla/5.0 (Mac OS X 13_2) AppleWebKit/537.36 (KHTML, like Gecko) Edge/119.0 Safari/537.36" ... show less	Hacking Web App Attack
TPI-Abuse	2025-06-16 14:05:26 (3 weeks ago)	(mod_security) mod_security (id:217200) triggered by 107.172.62.104 (107-172-62-104-host.colocrossin ... show more(mod_security) mod_security (id:217200) triggered by 107.172.62.104 (107-172-62-104-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 16 10:05:21.214956 2025] [security2:error] [pid 3590545:tid 3590592] [client 107.172.62.104:35326] ModSecurity: Access denied with code 403 (phase 1). Match of "endsWith /wp-cron.php" against "REQUEST_FILENAME" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "103"] [id "217200"] [rev "2"] [msg "COMODO WAF: HTTP/1.1 POST request missing Content-Length Header||192.64.150.21:80|F|2"] [data "/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "192.64.150.21"] [uri "/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh"] [unique_id "aFAkoc_imaoajmsQaE2ypAAAAIc"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-06-16 13:50:18 (3 weeks ago)	107.172.62.104 - - \[16/Jun/2025:21:50:17 +0800\] \"GET /icons/%%32%65%%32%65/%%32%65%%32%65/%%32%65 ... show more107.172.62.104 - - \[16/Jun/2025:21:50:17 +0800\] \"GET /icons/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/etc/passwd HTTP/1.1\" 400 392 \"-\" \"-\" show less	Web App Attack
Anonymous	2025-06-16 13:35:47 (3 weeks ago)	CVE-2021-41773 - APACHE TRAVERSAL RCE EXPLOIT - HTTP(REQUEST)	Hacking
Anonymous	2025-06-16 10:30:29 (3 weeks ago)	CVE-2024-4577 - PHP CGI Argument Injection Remote Code Execution - HTTP (Request)	Hacking
penjaga BRIN	2025-06-16 08:29:59 (3 weeks ago)	Apache HTTP Server Path Traversal Vulnerability(91752)	Web App Attack

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩