JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.104.42.97

172.104.42.97 was found in our database!

This IP was reported 41 times. Confidence of Abuse is 73%: ?

73%

ISP	Linode
Usage Type	Data Center/Web Hosting/Transit
ASN	AS63949
Hostname(s)	172-104-42-97.ip.linodeusercontent.com
Domain Name	linode.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.104.42.97

Whois 172.104.42.97

IP Abuse Reports for 172.104.42.97:

This IP address has been reported a total of 41 times from 27 distinct sources. 172.104.42.97 was first reported on December 31st 2022, and the most recent report was 39 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇭 4server	2026-06-28 13:30:52 (39 minutes ago)	[SunJun2815:30:50.1107562026][security2:error][pid2065244:tid2065259][client172.104.42.97:0]ModSecur ... show more [SunJun2815:30:50.1107562026][security2:error][pid2065244:tid2065259][client172.104.42.97:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"facil-services.ch\"][uri\"/sftp-config.json\"][unique_id\"akEiCuTOmI0tuch3EHv6ZQAAAI0\"] show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 13:25:05 (45 minutes ago)	(mod_security) mod_security (id:210492) triggered by 172.104.42.97 (172-104-42-97.ip.linodeuserconte ... show more (mod_security) mod_security (id:210492) triggered by 172.104.42.97 (172-104-42-97.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 09:25:01.800685 2026] [security2:error] [pid 15163:tid 15163] [client 172.104.42.97:51567] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "evelia.com"] [uri "/sftp-config.json"] [unique_id "akEgrXd2N8WS3uFiftdqAgAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 11:23:15 (2 hours ago)	(mod_security) mod_security (id:210492) triggered by 172.104.42.97 (172-104-42-97.ip.linodeuserconte ... show more (mod_security) mod_security (id:210492) triggered by 172.104.42.97 (172-104-42-97.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 07:23:12.672022 2026] [security2:error] [pid 15919:tid 15919] [client 172.104.42.97:53243] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "evelynkay.com"] [uri "/sftp-config.json"] [unique_id "akEEIGHntsa7IzKC1zl2lgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 11:02:01 (3 hours ago)	(mod_security) mod_security (id:210492) triggered by 172.104.42.97 (172-104-42-97.ip.linodeuserconte ... show more (mod_security) mod_security (id:210492) triggered by 172.104.42.97 (172-104-42-97.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 07:01:56.743039 2026] [security2:error] [pid 6469:tid 6469] [client 172.104.42.97:60923] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "evolute.io"] [uri "/sftp-config.json"] [unique_id "akD_JH5gMoc__9PIxLvU6wAAACk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 10:15:26 (3 hours ago)	(mod_security) mod_security (id:210492) triggered by 172.104.42.97 (172-104-42-97.ip.linodeuserconte ... show more (mod_security) mod_security (id:210492) triggered by 172.104.42.97 (172-104-42-97.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 06:15:22.193537 2026] [security2:error] [pid 22458:tid 22482] [client 172.104.42.97:51306] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "farmerlabor.org"] [uri "/sftp-config.json"] [unique_id "akD0OgTSdVcQPpf2mG0TowAAAYg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 09:37:12 (4 hours ago)	(mod_security) mod_security (id:210492) triggered by 172.104.42.97 (172-104-42-97.ip.linodeuserconte ... show more (mod_security) mod_security (id:210492) triggered by 172.104.42.97 (172-104-42-97.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 05:37:06.573740 2026] [security2:error] [pid 29052:tid 29052] [client 172.104.42.97:50972] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mapleleaf-marketing.com"] [uri "/sftp-config.json"] [unique_id "akDrQj8yPiVEBTF-idV1VgAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 filstal.org	2026-06-28 09:11:46 (4 hours ago)	Web reconnaissance detected: automated probing for sensitive files, backup archives, admin panels an ... show more Web reconnaissance detected: automated probing for sensitive files, backup archives, admin panels and known vulnerability paths. show less	Hacking Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 04:47:14 (9 hours ago)	(mod_security) mod_security (id:210492) triggered by 172.104.42.97 (172-104-42-97.ip.linodeuserconte ... show more (mod_security) mod_security (id:210492) triggered by 172.104.42.97 (172-104-42-97.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 00:47:06.025752 2026] [security2:error] [pid 31253:tid 31253] [client 172.104.42.97:56689] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "englishmagic.us"] [uri "/sftp-config.json"] [unique_id "akCnSkRWQuUs6eQ5JYobgQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇺 green_elephant	2026-06-28 02:38:34 (11 hours ago)	ET SCAN SFTP/FTP Password Exposure via sftp-config.json (172.104.42.97:63375 -> port 80) \| packets: ... show more ET SCAN SFTP/FTP Password Exposure via sftp-config.json (172.104.42.97:63375 -> port 80) \| packets: 4 show less	Port Scan Brute-Force SSH
🇬🇧 consul.to	2026-06-27 21:15:00 (16 hours ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 TPI-Abuse	2026-06-27 19:55:50 (18 hours ago)	(mod_security) mod_security (id:210492) triggered by 172.104.42.97 (172-104-42-97.ip.linodeuserconte ... show more (mod_security) mod_security (id:210492) triggered by 172.104.42.97 (172-104-42-97.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 15:55:46.245390 2026] [security2:error] [pid 26989:tid 27000] [client 172.104.42.97:65361] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "evan-hotel.com"] [uri "/sftp-config.json"] [unique_id "akAqwqqDt6hyNm7UBP6kwgAAAMQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-27 18:15:47 (19 hours ago)	(mod_security) mod_security (id:210492) triggered by 172.104.42.97 (172-104-42-97.ip.linodeuserconte ... show more (mod_security) mod_security (id:210492) triggered by 172.104.42.97 (172-104-42-97.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 14:15:40.095415 2026] [security2:error] [pid 32114:tid 32114] [client 172.104.42.97:63900] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "environmentaldesigns.org"] [uri "/sftp-config.json"] [unique_id "akATTAmML2IfhQeInVQhsQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-27 16:47:15 (21 hours ago)	Restricted File Access Attempt. Matched phrase "config.json" at REQUEST_FILENAME. (930130-197)	Hacking Web App Attack
🇫🇷 masterguru	2026-06-27 16:19:15 (21 hours ago)	Restricted File Access Attempt. Matched phrase "config.json" at REQUEST_FILENAME. (930130-201)	Hacking Web App Attack
🇳🇿 Tripwire	2026-06-27 15:37:27 (22 hours ago)	Scanning for exploits - /.vscode/sftp.json	Web App Attack

Showing 1 to 15 of 41 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 195.178.110.30

🇺🇸 188.213.202.39

🇺🇸 178.128.66.248

🇺🇸 162.216.150.175

🇺🇸 66.132.186.138

🇨🇦 51.79.67.63

🇮🇳 49.42.181.61

🇺🇸 45.147.234.160

🇺🇸 45.33.52.85

🇺🇸 20.118.241.250

🇦🇺 203.196.42.114

🇹🇳 197.240.199.180

🇩🇪 178.27.90.142

🇩🇪 167.94.145.20

🇦🇫 149.54.62.62

🇺🇸 148.153.121.224

🇺🇸 147.185.132.229

🇫🇮 89.167.113.15

🇳🇱 77.83.39.16

🇭🇰 45.142.154.34