JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.143.224.8

104.143.224.8 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 13%: ?

13%

ISP	FASTPLANET LTD
Usage Type	Fixed Line ISP
ASN	AS202044
Domain Name	fastplanet.com
Country	🇬🇧 United Kingdom of Great Britain and Northern Ireland
City	London, England

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.143.224.8

Whois 104.143.224.8

IP Abuse Reports for 104.143.224.8:

This IP address has been reported a total of 21 times from 11 distinct sources. 104.143.224.8 was first reported on July 30th 2023, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇸🇮 administrator	2026-06-10 22:20:16 (1 day ago)	2026-06-09 01:03:31,759 fail2ban.actions [1104]: NOTICE [apache-fakegooglebot] Ban 104.143.2 ... show more 2026-06-09 01:03:31,759 fail2ban.actions [1104]: NOTICE [apache-fakegooglebot] Ban 104.143.224.8 2026-06-10 00:11:18,285 fail2ban.actions [1080]: NOTICE [apache-fakegooglebot] Ban 104.143.224.8 2026-06-09 01:03:31,759 fail2ban.actions [1104]: NOTICE [apache-fakegooglebot] Ban 104.143.224.8 2026-06-10 00:11:18,285 fail2ban.actions [1080]: NOTICE [apache-fakegooglebot] Ban 104.143.224.8 ... show less	Bad Web Bot Web Spam Email Spam Blog Spam Port Scan Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-01 02:26:50 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 104.143.224.8 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.143.224.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 22:26:46.689863 2026] [security2:error] [pid 7732:tid 7760] [client 104.143.224.8:42097] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.kettlehill.com"] [uri "/.htaccess"] [unique_id "ahzt5iKq_i-FrRbJEDIEIwAAAU4"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 backslash	2026-04-08 00:36:00 (2 months ago)	block ruleset CC531825F9395F9A07FB06C1247C46770A2690F8	Bad Web Bot
🇺🇸 TPI-Abuse	2025-10-01 15:16:36 (8 months ago)	(mod_security) mod_security (id:210492) triggered by 104.143.224.8 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.143.224.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 11:16:33.223479 2025] [security2:error] [pid 12475:tid 12498] [client 104.143.224.8:56333] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.kettlehill.com"] [uri "/.htaccess"] [unique_id "aN1F0GCKjmgjI9kURFKsqQAAAVM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-01 07:58:17 (10 months ago)	(mod_security) mod_security (id:210730) triggered by 104.143.224.8 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 104.143.224.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 03:58:14.187311 2025] [security2:error] [pid 3712160:tid 3712186] [client 104.143.224.8:56287] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.kettlehill.net\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.kettlehill.net"] [uri "/default.php.bak"] [unique_id "aIxzltc_-1Eg368SpPiHGgAAAIk"], referer: http://ftp.kettlehill.net/default.php.bak show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2024-11-28 05:36:48 (1 year ago)	104.143.224.8 - - [28/Nov/2024:06:36:47 +0100] "GET /base/static/c:/windows/win.ini HTTP/1.1" 301 60 ... show more 104.143.224.8 - - [28/Nov/2024:06:36:47 +0100] "GET /base/static/c:/windows/win.ini HTTP/1.1" 301 605 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" ... show less	Hacking
🇩🇪 ps-center	2024-11-27 08:08:45 (1 year ago)	SS1: Web Attack GET /wp-content/uploads/dump.sql	Web Spam Hacking Bad Web Bot Web App Attack
🇩🇪 Alejandro Docasar	2024-11-26 14:43:07 (1 year ago)		Web App Attack
🇺🇸 TPI-Abuse	2024-10-27 02:37:28 (1 year ago)	(mod_security) mod_security (id:240950) triggered by 104.143.224.8 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240950) triggered by 104.143.224.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 26 22:37:05.933246 2024] [security2:error] [pid 12715:tid 12896] [client 104.143.224.8:60309] [client 104.143.224.8] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)\|\|webmail.kettlehill.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "webmail.kettlehill.com"] [uri "/secure/QueryComponentRendererValue!Default.jspa"] [unique_id "Zx2nUSzF41ATo4exCwv0UwAAAEE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-09-03 18:42:00 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 104.143.224.8 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:211190) triggered by 104.143.224.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 03 14:41:33.993940 2024] [security2:error] [pid 8859:tid 8859] [client 104.143.224.8:57191] [client 104.143.224.8] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|mail.stdavids-media.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /log_download.cgi?type=../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.stdavids-media.com"] [uri "/log_download.cgi"] [unique_id "ZtdYXdvQ-54TbkPMSzW0aQAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2024-08-21 21:30:43 (1 year ago)	104.143.224.8 - - [21/Aug/2024:23:30:42 +0200] "GET /..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\windows ... show more 104.143.224.8 - - [21/Aug/2024:23:30:42 +0200] "GET /..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini HTTP/1.1" 403 5383 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" 4908 ... show less	Hacking
🇺🇸 TPI-Abuse	2024-08-01 01:04:02 (1 year ago)	(mod_security) mod_security (id:221260) triggered by 104.143.224.8 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:221260) triggered by 104.143.224.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 31 21:03:59.026357 2024] [security2:error] [pid 27365:tid 27392] [client 104.143.224.8:32825] [client 104.143.224.8] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|autodiscover.staging.kettlehill.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.staging.kettlehill.com"] [uri "/"] [unique_id "Zqre_6gBPT69WcxC1M6xaQAAAZY"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 10dencehispahard SL	2024-06-28 03:12:29 (1 year ago)	Unauthorized login attempts [ accesslogs]	Brute-Force
🇪🇸 10dencehispahard SL	2024-05-27 03:00:48 (2 years ago)	Unauthorized login attempts [ accesslogs]	Brute-Force
🇺🇸 TPI-Abuse	2024-05-21 23:21:34 (2 years ago)	(mod_security) mod_security (id:212620) triggered by 104.143.224.8 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:212620) triggered by 104.143.224.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 21 19:19:43.242275 2024] [security2:error] [pid 4011:tid 47525632935680] [client 104.143.224.8:36619] [client 104.143.224.8] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|kettlehill.kettlehill.com\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /squid.svg?title=notfound&text=thisisnotthepageyouarelookingfor!&background=\\x22><script>alert(document.domain)</script><imgsrc=\\x22&small"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "kettlehill.kettlehill.com"] [uri "/squid.svg"] [unique_id "Zk0sDzHjro3uQnb1ONlALAAAAIA"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.152.249.37

🇧🇴 200.105.167.197

🇧🇷 189.50.142.78

🇳🇱 167.148.180.33

🇺🇸 147.185.132.246

🇮🇳 124.123.96.174

🇨🇳 117.62.203.160

🇯🇵 59.106.13.185

🇳🇱 45.148.10.152

🇩🇪 43.165.3.187

🇻🇳 14.248.82.157

🇯🇵 219.94.129.167

🇺🇸 209.90.232.249

🇫🇮 209.85.208.199

🇨🇴 181.52.238.13

🇩🇪 167.94.146.41

🇯🇵 156.227.232.198

🇮🇳 154.61.75.106

🇩🇪 130.12.182.142

🇵🇰 119.154.158.243