JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 144.172.104.203

144.172.104.203 was found in our database!

This IP was reported 28 times. Confidence of Abuse is 100%: ?

100%

ISP	RouterHosting LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14956
Hostname(s)	203.104.172.144.static.cloudzy.com
Domain Name	cloudzy.com
Country	🇺🇸 United States of America
City	Ogden, Utah

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 144.172.104.203

Whois 144.172.104.203

IP Abuse Reports for 144.172.104.203:

This IP address has been reported a total of 28 times from 20 distinct sources. 144.172.104.203 was first reported on June 20th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 Mangelot Hosting	2026-06-25 20:51:32 (1 day ago)	(php_susp_dir) srv104 PHP in suspicious dir 2002:90ac:68cb::90ac:68cb (US/United States/-): 1 in the ... show more (php_susp_dir) srv104 PHP in suspicious dir 2002:90ac:68cb::90ac:68cb (US/United States/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
🇩🇪 todix	2026-06-25 06:06:13 (1 day ago)	Web App Attack Exploid from 144.172.104.203	Web App Attack
🇫🇷 dynamix	2026-06-25 05:09:45 (1 day ago)	Multiple WAF Violations	Web App Attack
🇬🇧 Mendip_Defender	2026-06-24 23:37:53 (1 day ago)	144.172.104.203 - - [25/Jun/2026:00:37:45 +0100] "GET /wp-content/plugins/about.php HTTP/1.1" 301 16 ... show more 144.172.104.203 - - [25/Jun/2026:00:37:45 +0100] "GET /wp-content/plugins/about.php HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.107 Mobile Safari/537.36" 144.172.104.203 - - [25/Jun/2026:00:37:45 +0100] "GET /inputs.php HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.107 Mobile Safari/537.36" 144.172.104.203 - - [25/Jun/2026:00:37:45 +0100] "GET /wp-admin/network/index.php HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.107 Mobile Safari/537.36" ... show less	Hacking Web App Attack
Anonymous	2026-06-24 21:47:02 (1 day ago)	Bot / scanning and/or hacking attempts: GET /wp-admin/network/index.php HTTP/1.1, GET /wp-login.php? ... show more Bot / scanning and/or hacking attempts: GET /wp-admin/network/index.php HTTP/1.1, GET /wp-login.php?redirect_to=https%3A%2F%2Fmuziekonderwijs-lei, GET /wp-content/plugins/about.php HTTP/1.1, GET /inputs.php HTTP/1.1 show less	Hacking Web App Attack
🇳🇱 Mangelot Hosting	2026-06-24 16:07:20 (2 days ago)	(php_susp_dir) srv104 PHP in suspicious dir 144.172.104.203 (US/United States/203.104.172.144.static ... show more (php_susp_dir) srv104 PHP in suspicious dir 144.172.104.203 (US/United States/203.104.172.144.static.cloudzy.com): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
🇩🇪 LRob.fr	2026-06-24 08:45:15 (2 days ago)	Repeated 403 errors, blocked by Fail2ban in custom-403 jail	Bad Web Bot
🇩🇪 FeG Deutschland	2026-06-24 05:35:55 (2 days ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 20:46:24 (3 days ago)	(mod_security) mod_security (id:210730) triggered by 2002:90ac:68cb::90ac:68cb (Unknown): 1 in the l ... show more (mod_security) mod_security (id:210730) triggered by 2002:90ac:68cb::90ac:68cb (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 16:46:19.540297 2026] [security2:error] [pid 8110:tid 8110] [client 2002:90ac:68cb::90ac:68cb:59571] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|1st-advantage-arkansas-real-estate-school.com\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "1st-advantage-arkansas-real-estate-school.com"] [uri "/home/cturedp1/1st-advantage-arkansas-real-estate-school.com"] [unique_id "ajrwmzio3xMhctnMd7T_jwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇷 setupgr	2026-06-23 11:02:08 (3 days ago)	(mod_security) mod_security (id:1000001) triggered by 144.172.104.203 (US/United States/Utah/Ogden/- ... show more (mod_security) mod_security (id:1000001) triggered by 144.172.104.203 (US/United States/Utah/Ogden/-/[AS14956 ROUTERHOSTING]): 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Tue Jun 23 14:02:06.838157 2026] [security2:error] [pid 1934718:tid 1934912] [client 144.172.104.203:60553] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/about.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "93"] [id "1000001"] [msg "Bad file blocked: /wp-content/plugins/about.php"] [severity "CRITICAL"] [tag "security"] [hostname "babis.photo"] [uri "/wp-content/plugins/about.php"] [unique_id "ajpnrp59dcPKThU2ezDqbAAAANc"] show less	Port Scan
Anonymous	2026-06-23 06:12:08 (3 days ago)	Suspicious activity detected in web server access logs	Web App Attack
🇳🇴 jad-abuse	2026-06-23 02:01:13 (3 days ago)	ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: wp_admin. ... show more ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: wp_admin. Observed by 1 sensor(s); 9 hits. show less	Brute-Force Web App Attack
🇧🇪 cmbplf	2026-06-22 07:46:17 (4 days ago)	382 requests with url.path */wp.php	Brute-Force Bad Web Bot
🇧🇾 lns.bz	2026-06-22 03:53:36 (4 days ago)	Too many 404 requests [BY]	Web App Attack
🇺🇸 mnsf	2026-06-21 22:05:05 (4 days ago)	Too many Status 40X (21)	Brute-Force Web App Attack

Showing 1 to 15 of 28 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2620:96:a006::259

🇮🇳 223.233.87.52

🇦🇷 186.64.103.155

🇳🇱 176.65.139.36

🇸🇬 173.239.196.153

🇻🇳 103.82.195.111

🇫🇮 77.105.161.120

🇳🇴 20.100.195.189

🇨🇳 14.116.156.100

🇺🇸 3.81.253.213

🇭🇰 2.27.173.166

🇩🇪 2.27.20.149

🇳🇱 176.65.139.215

🇰🇷 119.199.188.205

🇨🇳 111.113.88.235

🇺🇸 107.151.195.88

🇳🇱 45.148.10.157

🇨🇭 35.216.195.77

🇬🇧 35.203.211.181

🇰🇷 14.63.198.239