JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 109.204.52.72

109.204.52.72 was found in our database!

This IP was reported 15 times. Confidence of Abuse is 72%: ?

72%

ISP	GTT - EMEA Ltd.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Hostname(s)	unn-109-204-52-72.datapacket.com
Domain Name	cdn77.com
Country	🇺🇸 United States of America
City	New York City, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 109.204.52.72

Whois 109.204.52.72

IP Abuse Reports for 109.204.52.72:

This IP address has been reported a total of 15 times from 12 distinct sources. 109.204.52.72 was first reported on June 3rd 2026, and the most recent report was 11 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-04 06:05:11 (11 hours ago)	Blocked: Reason='Suspicious traffic score=60 (review-based detection)'; Requests=21	Hacking
🇲🇾 Rizzy	2026-06-04 05:37:16 (11 hours ago)	Multiple WAF Violations	Brute-Force Web App Attack
Anonymous	2026-06-04 05:26:26 (12 hours ago)	109.204.52.72 - - [04/Jun/2026:07:26:26 +0200] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 289 " ... show more 109.204.52.72 - - [04/Jun/2026:07:26:26 +0200] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 289 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 109.204.52.72 - - [04/Jun/2026:07:26:26 +0200] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 438 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 109.204.52.72 - - [04/Jun/2026:07:26:26 +0200] "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 289 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 109.204.52.72 - - [04/Jun/2026:07:26:26 +0200] "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 438 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 109.204.52.72 - - [04/Jun/2026:07:26:26 +0200] "GET /web/wp-includes/wlwmanifest.xml HTTP/1.1" 404 289 "-" ... show less	Brute-Force Web App Attack
🇩🇪 grassau.com	2026-06-04 05:03:57 (12 hours ago)	(wordpress) Failed wordpress login from 109.204.52.72 (US/United States/New York/New York/unn-109-20 ... show more (wordpress) Failed wordpress login from 109.204.52.72 (US/United States/New York/New York/unn-109-204-52-72.datapacket.com) show less	Brute-Force
🇫🇷 masterguru	2026-06-04 04:52:21 (12 hours ago)	(xmlrpc) Apache: Failed xmlrpc access from 109.204.52.72 (GB/United Kingdom/unn-109-204-52-72.datapa ... show more (xmlrpc) Apache: Failed xmlrpc access from 109.204.52.72 (GB/United Kingdom/unn-109-204-52-72.datapacket.com): 10 in the last 3600 secs (0-201) show less	Hacking
🇺🇸 TPI-Abuse	2026-06-04 04:52:19 (12 hours ago)	(mod_security) mod_security (id:225170) triggered by 109.204.52.72 (unn-109-204-52-72.datapacket.com ... show more (mod_security) mod_security (id:225170) triggered by 109.204.52.72 (unn-109-204-52-72.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 00:52:12.272361 2026] [security2:error] [pid 19819:tid 19819] [client 109.204.52.72:36128] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.321q.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.321q.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aiEEfBDVbhLEwMKoApICOAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇦 URAN Publishing Service	2026-06-04 04:33:09 (13 hours ago)	109.204.52.72 - - [04/Jun/2026:07:33:08 +0300] "GET /wp-content/uploads/ HTTP/1.1" 404 728 "-" "Go-h ... show more 109.204.52.72 - - [04/Jun/2026:07:33:08 +0300] "GET /wp-content/uploads/ HTTP/1.1" 404 728 "-" "Go-http-client/1.1" ... show less	Web App Attack
🇺🇸 n2nguyenn2nguyen	2026-06-04 04:15:02 (13 hours ago)	Blocked by YFC Security on https://1904.brixzly.com — type: xmlrpc_attempts	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 03:36:19 (13 hours ago)	(mod_security) mod_security (id:225170) triggered by 109.204.52.72 (unn-109-204-52-72.datapacket.com ... show more (mod_security) mod_security (id:225170) triggered by 109.204.52.72 (unn-109-204-52-72.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 23:36:11.350891 2026] [security2:error] [pid 25692:tid 25692] [client 109.204.52.72:60746] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|barriebrown.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "barriebrown.com"] [uri "/wordpress/wp-json/wp/v2/users/"] [unique_id "aiDyqyIDQWAPtqigtVum9gAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 masterguru	2026-06-04 03:34:25 (14 hours ago)	(xmlrpc) Failed xmlrpc access from 109.204.52.72 (US/United States/unn-109-204-52-72.datapacket.com) ... show more (xmlrpc) Failed xmlrpc access from 109.204.52.72 (US/United States/unn-109-204-52-72.datapacket.com): 5 in the last 3600 secs (0-122) show less	Hacking
🇵🇱 strefapi_com	2026-06-04 03:32:58 (14 hours ago)	Brute-force, web ...	Hacking Brute-Force Web App Attack
🇺🇦 URAN Publishing Service	2026-06-04 03:32:58 (14 hours ago)	109.204.52.72 - - [04/Jun/2026:06:32:51 +0300] "GET /xmlrpc.php?rsd HTTP/1.1" 404 683 "-" "Mozilla/5 ... show more 109.204.52.72 - - [04/Jun/2026:06:32:51 +0300] "GET /xmlrpc.php?rsd HTTP/1.1" 404 683 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 109.204.52.72 - - [04/Jun/2026:06:32:58 +0300] "POST /xmlrpc.php HTTP/1.1" 404 683 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ... show less	Web App Attack
🇫🇷 Baking333	2026-06-04 03:30:18 (14 hours ago)	[redacted] 109.204.52.72 - - [04/Jun/2026:04:30:16 +0100] "GET //wp-includes/[redacted] HTTP/1.1" 30 ... show more [redacted] 109.204.52.72 - - [04/Jun/2026:04:30:16 +0100] "GET //wp-includes/[redacted] HTTP/1.1" 302 5288 0/74348 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" [redacted] 109.204.52.72 - - [04/Jun/2026:04:30:17 +0100] "GET //[redacted]?rsd HTTP/1.1" 302 1559 0/173934 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" show less	Bad Web Bot Web App Attack
🇩🇪 macrob	2026-06-04 03:29:25 (14 hours ago)	2026/06/04 03:29:24 [error] 879218#879218: 279529191 access forbidden by rule, client: 109.204.52.7 ... show more 2026/06/04 03:29:24 [error] 879218#879218: 279529191 access forbidden by rule, client: 109.204.52.72, server: 100fs.org, request: "GET /wp-includes/wlwmanifest.xml HTTP/1.1", host: "100fs.org" 2026/06/04 03:29:24 [error] 879218#879218: 279529195 access forbidden by rule, client: 109.204.52.72, server: 100fs.org, request: "GET /xmlrpc.php?rsd HTTP/1.1", host: "100fs.org" 2026/06/04 03:29:24 [error] 879218#879218: 279529209 access forbidden by rule, client: 109.204.52.72, server: 100fs.org, request: "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1", host: "100fs.org" ... show less	Web App Attack
🇩🇪 pltcldvlpr	2026-06-03 17:01:06 (1 day ago)	Bogus Useragent: 109.204.52.72 - - [03/Jun/2026:19:01:05 +0200] "GET /protocol?id=mv_7_17&paragraph= ... show more Bogus Useragent: 109.204.52.72 - - [03/Jun/2026:19:01:05 +0200] "GET /protocol?id=mv_7_17&paragraph=7468298&seq=2603 HTTP/1.1" 302 5 "-" "Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.01; Trident/5.0)" asn=212238 org="Datacamp Limited" country=US ... show less	Bad Web Bot

Showing 1 to 15 of 15 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 196.242.141.22

🇬🇪 185.228.135.197

🇺🇸 172.212.160.50

🇺🇸 52.206.124.26

🇩🇪 167.94.146.76

🇭🇰 152.32.129.236

🇫🇮 147.185.133.203

🇨🇳 103.56.79.2

🇮🇩 36.78.107.60

🇺🇾 179.26.225.5

🇹🇼 175.182.37.66

🇳🇱 172.94.9.74

🇧🇷 143.137.90.168

🇦🇪 132.243.121.237

🇻🇳 103.153.254.96

🇮🇹 95.232.200.250

🇷🇺 85.95.166.40

🇺🇸 52.173.234.82

🇺🇸 44.233.184.52

🇮🇳 20.193.141.133