JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.104.17.108

172.104.17.108 was found in our database!

This IP was reported 39 times. Confidence of Abuse is 13%: ?

13%

ISP	Linode
Usage Type	Data Center/Web Hosting/Transit
ASN	AS63949
Domain Name	linode.com
Country	🇺🇸 United States of America
City	Cedar Knolls, New Jersey

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.104.17.108

Whois 172.104.17.108

IP Abuse Reports for 172.104.17.108:

This IP address has been reported a total of 39 times from 25 distinct sources. 172.104.17.108 was first reported on October 24th 2021, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 femboy.cat	2026-06-11 11:27:55 (1 week ago)	Port scan to tcp/143 from 172.104.17.108	Brute-Force
🇨🇭 pingusurmars	2026-06-11 11:23:53 (1 week ago)	Blocked by UFW on amperetwo [994/tcp] Source port: 61000 TTL: 242 Packet length: 40 TOS: 0x00 This ... show more Blocked by UFW on amperetwo [994/tcp] Source port: 61000 TTL: 242 Packet length: 40 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 LotPhantom	2026-03-11 20:07:35 (3 months ago)	2026-03-11T20:05:55.059284+00:00 bridginggaps kernel: [UFW BLOCK] IN=eth0 OUT= MAC=2e:bc:64:1d:2c:e1 ... show more 2026-03-11T20:05:55.059284+00:00 bridginggaps kernel: [UFW BLOCK] IN=eth0 OUT= MAC=2e:bc:64:1d:2c:e1:fe:00:00:00:01:01:08:00 SRC=172.104.17.108 DST=157.230.217.55 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=55108 PROTO=TCP SPT=61000 DPT=25 WINDOW=1024 RES=0x00 SYN URGP=0 2026-03-11T20:07:34.585166+00:00 bridginggaps kernel: [UFW BLOCK] IN=eth0 OUT= MAC=2e:bc:64:1d:2c:e1:fe:00:00:00:01:01:08:00 SRC=172.104.17.108 DST=157.230.217.55 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=36259 PROTO=TCP SPT=61000 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ... show less	Port Scan Hacking
🇺🇸 uls0	2026-03-11 20:06:52 (3 months ago)	HELL STORM DETECTION: Identified QakBot / Emotet Mail Stealer node. Targeted port 995. Origin: Cedar ... show more HELL STORM DETECTION: Identified QakBot / Emotet Mail Stealer node. Targeted port 995. Origin: Cedar Knolls, United States. show less	Port Scan Hacking
🇺🇸 drewf.ink	2026-03-04 10:12:34 (3 months ago)	[10:12] Port scanning. Port(s) scanned: TCP/587	Port Scan
🇺🇸 drewf.ink	2026-01-05 16:06:41 (5 months ago)	[16:06] Port scanning. Port(s) scanned: TCP/5060	Port Scan
Anonymous	2023-03-27 20:48:30 (3 years ago)	www.tjarma-derma.de 172.104.17.108 [27/Mar/2023:22:48:28 +0200] "POST /xmlrpc.php HTTP/1.1" 200 5920 ... show more www.tjarma-derma.de 172.104.17.108 [27/Mar/2023:22:48:28 +0200] "POST /xmlrpc.php HTTP/1.1" 200 5920 "-" "Mozilla/5.0 (Linux; Android 10; SM-N960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Mobile Safari/537.36" www.tjarma-derma.de 172.104.17.108 [27/Mar/2023:22:48:29 +0200] "POST /xmlrpc.php HTTP/1.1" 200 5920 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0" show less	Web App Attack
🇫🇮 bittiguru.fi	2023-03-27 16:47:17 (3 years ago)	172.104.17.108 - [27/Mar/2023:19:46:38 +0300] "POST /xmlrpc.php HTTP/1.1" 200 470 "-" "Mozilla/5.0 ( ... show more 172.104.17.108 - [27/Mar/2023:19:46:38 +0300] "POST /xmlrpc.php HTTP/1.1" 200 470 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36" "-" 172.104.17.108 - [27/Mar/2023:19:47:16 +0300] "POST /xmlrpc.php HTTP/1.1" 200 470 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0" "-" ... show less	Hacking Brute-Force Web App Attack
🇫🇮 bittiguru.fi	2023-03-27 16:09:42 (3 years ago)	172.104.17.108 - - \[27/Mar/2023:19:08:33 +0300\] "POST /xmlrpc.php HTTP/1.1" 200 417 "-" "Mozilla/5 ... show more 172.104.17.108 - - \[27/Mar/2023:19:08:33 +0300\] "POST /xmlrpc.php HTTP/1.1" 200 417 "-" "Mozilla/5.0 \(Windows NT 10.0\; Win64\; x64\; rv:67.0\) Gecko/20100101 Firefox/67.0" "-" 172.104.17.108 - - \[27/Mar/2023:19:09:41 +0300\] "POST /xmlrpc.php HTTP/1.1" 200 417 "-" "Mozilla/5.0 \(Windows NT 10.0\; WOW64\) AppleWebKit/537.36 \(KHTML, like Gecko\) Chrome/72.0.3626.121 Safari/537.36" "-" ... show less	Hacking Brute-Force Web App Attack
🇦🇺 clapper	2023-03-27 15:33:46 (3 years ago)	(mod_security) mod_security (id:949110) triggered by 172.104.17.108 (US/United States/172-104-17-108 ... show more (mod_security) mod_security (id:949110) triggered by 172.104.17.108 (US/United States/172-104-17-108.ip.linodeusercontent.com): 5 in the last 14400 secs; ID: rub show less	Brute-Force Bad Web Bot
🇩🇪 karger	2023-03-27 15:02:22 (3 years ago)	Wordpress attack - hard filter	Brute-Force Web App Attack
🇩🇰 wnbhosting.dk	2023-03-27 14:20:50 (3 years ago)	WP xmlrpc [2023-03-27T16:20:50+02:00]	Hacking Web App Attack
🇮🇪 Jim Keir	2023-03-27 12:48:13 (3 years ago)	2023-03-27 12:48:12 172.104.17.108 File scanning, blocking 172.104.17.108 for 5 minutes	Web App Attack
🇫🇮 bittiguru.fi	2023-03-27 11:55:25 (3 years ago)	172.104.17.108 - - \[27/Mar/2023:14:54:45 +0300\] "POST /wordpress/xmlrpc.php HTTP/1.1" 200 428 "-" ... show more 172.104.17.108 - - \[27/Mar/2023:14:54:45 +0300\] "POST /wordpress/xmlrpc.php HTTP/1.1" 200 428 "-" "Mozilla/5.0 \(Windows NT 6.1\; WOW64\; rv:41.0\) Gecko/20100101 Firefox/41.0" "-" 172.104.17.108 - - \[27/Mar/2023:14:55:23 +0300\] "POST /wordpress/xmlrpc.php HTTP/1.1" 200 428 "-" "Mozilla/5.0 \(Windows NT 10.0\; Win64\; x64\) AppleWebKit/537.36 \(KHTML, like Gecko\) Chrome/65.0.3325.181 Safari/537.36" "-" ... show less	Hacking Brute-Force Web App Attack
🇩🇰 wnbhosting.dk	2023-03-27 11:51:28 (3 years ago)	WP xmlrpc [2023-03-27T13:51:28+02:00]	Hacking Web App Attack

Showing 1 to 15 of 39 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇩 163.7.9.84

🇺🇸 43.110.41.40

🇹🇼 172.69.221.191

🇸🇪 157.22.16.170

🇳🇱 92.63.197.197

🇺🇸 65.49.1.124

🇺🇸 54.166.155.219

🇪🇸 46.253.45.10

🇳🇱 45.148.10.152

🇩🇪 43.228.157.10

🇬🇧 35.203.210.50

🇹🇷 31.145.131.202

🇨🇦 20.220.10.205

🇮🇷 5.237.105.15

🇨🇳 180.76.98.187

🇺🇸 172.234.25.243

🇷🇺 90.150.172.17

🇫🇷 37.67.93.177

🇺🇸 34.132.180.243

🇮🇳 20.244.18.126