JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 144.31.238.104

144.31.238.104 was found in our database!

This IP was reported 4 times. Confidence of Abuse is 14%: ?

14%

ISP	VPSPay - vpspay.cloud
Usage Type	Data Center/Web Hosting/Transit
ASN	AS201988
Domain Name	vpspay.cloud
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 144.31.238.104

Whois 144.31.238.104

IP Abuse Reports for 144.31.238.104:

This IP address has been reported a total of 4 times from 4 distinct sources. 144.31.238.104 was first reported on May 16th 2026, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 Jil Patel	2026-05-17 19:31:21 (1 month ago)	Suricata EVE alert: {"timestamp":"15/May/2026:10:38:07 +0000","src_ip":"144.31.238.104","src_port":6 ... show more Suricata EVE alert: {"timestamp":"15/May/2026:10:38:07 +0000","src_ip":"144.31.238.104","src_port":60385,"dest_ip":"10.30.15.40","dest_port":8080,"proto":"TCP","alert":{"signature_id":2027369,"signature":"ET EXPLOIT Possible Spring4Shell","category":"Attempted Information Leak","severity":2,"action":"blocked"}} show less	Hacking
🇩🇪 Vinh Nguyen	2026-05-17 19:18:27 (1 month ago)	ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i:(?:select\|union\|insert\|update\|delet ... show more ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i:(?:select\|union\|insert\|update\|delete\|drop\|alter))' against variable `ARGS:id' [file "/etc/nginx/modsec/crs/rules.conf"] [line "1234"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "Matched Data"] [severity "CRITICAL"] [ver "OWASP_CRS/4.0.0"] [maturity "5"] [accuracy "5"] 144.31.238.104 - - [15/May/2026:10:26:46 +0000] "GET /_all_dbs HTTP/1.1" 403 1704 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" show less	Hacking Web App Attack
🇱🇻 rodcr	2026-05-17 01:17:52 (1 month ago)	Fail2Ban (recidive): Ban 144.31.238.104 for 1 week Repeat offender: banned 4 times across jails: pos ... show more Fail2Ban (recidive): Ban 144.31.238.104 for 1 week Repeat offender: banned 4 times across jails: postfix-sasl, nginx-botsearch, traefik-auth, sshd Last ban: postfix-sasl jail at 15/May/2026:06:31:49 +0000 Total failed attempts: 351 show less	Brute-Force Hacking
🇷🇴 dlcoerks	2026-05-16 22:21:04 (1 month ago)	IP banned by Fail2Ban (sshd jail). 53 failed attempts. sshd[35734]: Failed password for invalid user ... show more IP banned by Fail2Ban (sshd jail). 53 failed attempts. sshd[35734]: Failed password for invalid user pi from 144.31.238.104 port 41130 ssh2 sshd[35735]: Failed password for invalid user root from 144.31.238.104 port 41131 ssh2 sshd[35736]: Failed password for nagios from 144.31.238.104 port 41132 ssh2 Banned at [15/May/2026:14:54:58 +0000] show less	Brute-Force SSH

Showing 1 to 4 of 4 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇽 187.211.120.115

🇦🇫 180.94.74.82

🇧🇷 172.71.10.187

🇺🇸 65.49.20.126

🇷🇴 2.57.122.177

🇮🇳 2404:6800:4013:802::120

🇵🇱 194.180.48.33

🇺🇸 162.216.149.95

🇮🇳 154.84.242.115

🇨🇳 116.228.233.93

🇮🇳 45.120.124.19

🇬🇧 35.203.210.71

🇨🇦 20.116.27.239

🇰🇿 2.134.15.12

🇺🇿 213.230.92.138

🇹🇼 198.235.24.97

🇦🇷 186.130.118.44

🇹🇭 125.27.57.136

🇮🇳 122.171.109.74

🇷🇴 80.94.95.221