JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.224.90.225

104.224.90.225 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 1%: ?

ISP	Code200
Usage Type	Data Center/Web Hosting/Transit
ASN	AS21769
Hostname(s)	104.224.90.225.colocationamerica.com
Domain Name	code200.global
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.224.90.225

Whois 104.224.90.225

IP Abuse Reports for 104.224.90.225:

This IP address has been reported a total of 21 times from 8 distinct sources. 104.224.90.225 was first reported on November 27th 2023, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-05-21 15:23:06 (3 weeks ago)	LH-Watcher: FAKE_ID [Fake Googlebot]	Bad Web Bot
🇺🇸 TPI-Abuse	2026-04-08 21:36:33 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 104.224.90.225 (104.224.90.225.colocationameric ... show more (mod_security) mod_security (id:210730) triggered by 104.224.90.225 (104.224.90.225.colocationamerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 08 17:36:25.102158 2026] [security2:error] [pid 177912:tid 177912] [client 104.224.90.225:44017] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|nbcnewsradio.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "nbcnewsradio.com"] [uri "/php_errors.log"] [unique_id "adbKWSYbdlJL93IZ4xeDsgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 17:38:13 (5 months ago)	(mod_security) mod_security (id:210381) triggered by 104.224.90.225 (104.224.90.225.colocationameric ... show more (mod_security) mod_security (id:210381) triggered by 104.224.90.225 (104.224.90.225.colocationamerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 12:37:12.959263 2025] [security2:error] [pid 27849:tid 28207] [client 104.224.90.225:40665] ModSecurity: Access denied with code 403 (phase 2). Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "82"] [id "210381"] [rev "6"] [msg "COMODO WAF: URL Encoding Abuse Attack Attempt\|\|kettlehill.kettlehill.com\|F\|4"] [data "REQUEST_URI=/account/?user=1&tab=groups&group-name=p%27+or+%27%%27=%27%%27+union+all+select+1,2,3,4,5,6,7,8,9,10,11,concat(%22Database:%22,md5(999999999),0x7c,%20%22Version:%22,version()),13--+-"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "kettlehill.kettlehill.com"] [uri "/account/"] [unique_id "aVK8SFQ7a22kNO2lY86gVgAAAMc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-13 11:57:57 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 104.224.90.225 (104.224.90.225.colocationameric ... show more (mod_security) mod_security (id:210730) triggered by 104.224.90.225 (104.224.90.225.colocationamerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 06:57:54.011247 2025] [security2:error] [pid 21324:tid 21324] [client 104.224.90.225:59989] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.nbcnewsradio.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.nbcnewsradio.com"] [uri "/database.php.bak"] [unique_id "aRXHwuSBo3chQ9LgY7nflAAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-27 03:29:57 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 104.224.90.225 (104.224.90.225.colocationameric ... show more (mod_security) mod_security (id:210492) triggered by 104.224.90.225 (104.224.90.225.colocationamerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 23:29:51.146789 2025] [security2:error] [pid 872116:tid 872211] [client 104.224.90.225:37677] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.kettlehill.com"] [uri "/wp-config.php.txt"] [unique_id "aIWdL-DLJ9DFkwipcB3kBQAAAkI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-29 17:19:14 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 104.224.90.225 (104.224.90.225.colocationameric ... show more (mod_security) mod_security (id:211190) triggered by 104.224.90.225 (104.224.90.225.colocationamerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 13:18:59.040335 2025] [security2:error] [pid 3055374:tid 3055374] [client 104.224.90.225:54461] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|ftp.farmers123.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /pages/setup.php?defaultlanguage=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.farmers123.com"] [uri "/pages/setup.php"] [unique_id "aDiXA__d6vK13BUS3HYUMAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-12-27 06:37:47 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 104.224.90.225 (104.224.90.225.colocationameric ... show more (mod_security) mod_security (id:211190) triggered by 104.224.90.225 (104.224.90.225.colocationamerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 27 01:36:26.401260 2024] [security2:error] [pid 30040:tid 30064] [client 104.224.90.225:43801] [client 104.224.90.225] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|mail.kettlehill.net\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /servlets/FetchFile?fileName=../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.kettlehill.net"] [uri "/servlets/FetchFile"] [unique_id "Z25K6lPknNVrOJxzrw5rAAAAAFU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Alejandro Docasar	2024-11-27 21:37:29 (1 year ago)		Web App Attack
🇩🇪 dayda.net	2024-11-22 04:07:19 (1 year ago)	query: rest_route=/h5vp/v1/view/1&id=1'+AND+(SELECT+1+FROM+(SELECT(SLEEP(10)))a)--+-	Bad Web Bot
🇺🇸 TPI-Abuse	2024-09-27 00:13:18 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 104.224.90.225 (104.224.90.225.colocationameric ... show more (mod_security) mod_security (id:211190) triggered by 104.224.90.225 (104.224.90.225.colocationamerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 26 20:11:10.055938 2024] [security2:error] [pid 16248:tid 16264] [client 104.224.90.225:59937] [client 104.224.90.225] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|ftp.kettlehill.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /catalog.php?filename=../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.kettlehill.com"] [uri "/catalog.php"] [unique_id "ZvX4HqCPOG9JWfFC0TMaxwAAAE4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-09-03 18:39:37 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 104.224.90.225 (104.224.90.225.colocationameric ... show more (mod_security) mod_security (id:211190) triggered by 104.224.90.225 (104.224.90.225.colocationamerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 03 14:38:38.199059 2024] [security2:error] [pid 8830:tid 8830] [client 104.224.90.225:59567] [client 104.224.90.225] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|mail.stdavids-media.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /ccmivr/IVRGetAudioFile.do?file=../../../../../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.stdavids-media.com"] [uri "/ccmivr/IVRGetAudioFile.do"] [unique_id "ZtdXrsO6J-6kAmG5NZ4NfwAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ps-center	2024-07-15 18:03:41 (1 year ago)	SS1: Web Attack GET /.%00./.%00./.%00./.%00./.%00./.%00./.%00./etc/passwd	Web Spam Hacking Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-07-05 09:17:45 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 104.224.90.225 (104.224.90.225.colocationameric ... show more (mod_security) mod_security (id:210492) triggered by 104.224.90.225 (104.224.90.225.colocationamerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 05 05:17:24.409106 2024] [security2:error] [pid 14532:tid 47646786045696] [client 104.224.90.225:36119] [client 104.224.90.225] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.staging.kettlehill.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "Zoe6JB6vg0VWluVRLyaSKQAAAQU"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 10dencehispahard SL	2024-05-08 07:00:43 (2 years ago)	Unauthorized login attempts []	Brute-Force
🇪🇸 10dencehispahard SL	2024-05-08 06:11:25 (2 years ago)	Web Attack	DDoS Attack Brute-Force Web App Attack

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.227

🇳🇱 209.85.218.54

🇰🇷 112.161.42.97

🇮🇹 95.231.249.182

🇺🇸 52.230.163.217

🇫🇷 13.140.175.36

🇩🇪 213.209.159.225

🇲🇿 197.219.210.94

🇳🇱 195.178.110.30

🇲🇽 187.213.154.138

🇮🇳 163.223.48.92

🇺🇸 130.131.220.154

🇮🇳 115.96.207.41

🇨🇳 112.47.86.236

🇺🇸 107.174.1.138

🇮🇹 79.49.178.149

🇧🇬 78.90.19.40

🇱🇺 46.151.182.34

🇹🇷 46.104.61.228

🇺🇸 20.124.80.111