JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.23.239.104

104.23.239.104 was found in our database!

This IP was reported 171 times. Confidence of Abuse is 0%: ?

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Important Note: 104.23.239.104 is an IP address from within our whitelist belonging to the subnet 104.16.0.0/13, which we identify as: "Cloudflare Reverse Proxy".

Whitelisted netblocks are typically owned by trusted entities, such as Google or Microsoft who may use them for search engine spiders. However, these same entities sometimes also provide cloud servers and mail services which are easily abused. Pay special attention when trusting or distrusting these IPs.

Report 104.23.239.104

Whois 104.23.239.104

IP Abuse Reports for 104.23.239.104:

This IP address has been reported a total of 171 times from 58 distinct sources. 104.23.239.104 was first reported on July 14th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-07 04:52:06 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 104.23.239.104 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.23.239.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 00:52:00.325951 2026] [security2:error] [pid 10804:tid 10804] [client 104.23.239.104:13667] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cityslickerstomp.info"] [uri "/.git/config"] [unique_id "aiT48NhrQ4Dev598i6rvHwAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 updown.io	2026-06-06 04:59:56 (2 days ago)	{"level":"info","ts":1780721907.3207388,"logger":"http.log.access.log1","msg":"handled request","req ... show more {"level":"info","ts":1780721907.3207388,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"104.23.239.104","remote_port":"12379","client_ip":"104.23.239.104","proto":"HTTP/2.0","method":"GET","host":"status.officeclip.com","uri":"/dns/%2eenv","headers":{"Accept-Encoding":["gzip, br"],"X-Forwarded-For":["127.0.0.1,185.177.72.16"],"X-Host":["127.0.0.1"],"User-Agent":["curl/8.7.1"],"X-Originating-Ip":["127.0.0.1"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"X-Forwarded-Proto":["https"],"Cf-Ipcountry":["FR"],"Cf-Ray":["a074d790aafab1ea-FRA"],"Accept":["/"],"X-Azure-Socketip":["127.0.0.1"],"True-Client-Ip":["127.0.0.1"],"Cdn-Loop":["cloudflare; loops=1"],"Cf-Connecting-Ip":["185.177.72.16"],"X-Azure-Clientip":["127.0.0.1"],"Accept-Language":["en-US,en;q=0.9"],"X-Client-Ip":["127.0.0.1"],"X-Forwared":["127.0.0.1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"status.officeclip.com","ech":false}},"bytes_read":0,"user_id":""," ... show less	DDoS Attack Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 21:12:12 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 104.23.239.104 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.23.239.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 17:12:09.892155 2026] [security2:error] [pid 9925:tid 9925] [client 104.23.239.104:14162] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "adn-media.net"] [uri "/.git/config"] [unique_id "aiM7qfIQJuUu5f5stMUxIAAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 RootOPSOVH	2026-06-05 14:27:17 (3 days ago)	GET /wp-admin/install.php?step=1 \| UA: http://rootops.ovh/wp-admin/install.php?step=1	Web Spam Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 20:23:43 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 104.23.239.104 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.23.239.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 16:23:39.500614 2026] [security2:error] [pid 20629:tid 20629] [client 104.23.239.104:9404] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pinetreedistrict.org"] [uri "/.git/config"] [unique_id "aiHey0_GvJh7BY9YeH6x7AAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 07:50:44 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 104.23.239.104 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.23.239.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 03:50:41.312111 2026] [security2:error] [pid 4137:tid 4270] [client 104.23.239.104:12296] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dreammile.info"] [uri "/.git/config"] [unique_id "aiEuUWYDwuUV6bo5nYLR6gAAARc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 17:32:53 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 104.23.239.104 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.23.239.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 13:32:34.494021 2026] [security2:error] [pid 8064:tid 8064] [client 104.23.239.104:10620] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "title16.com"] [uri "/.git/config"] [unique_id "ah8TsgNb-sMOoDjQHhUS1AAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 RootOPSOVH	2026-06-02 14:09:03 (6 days ago)	GET /wp-admin/install.php?step=1 \| UA: http://rootops.ovh/wp-admin/install.php?step=1	Web Spam Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 12:53:49 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 104.23.239.104 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.23.239.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 08:53:44.621792 2026] [security2:error] [pid 14524:tid 14524] [client 104.23.239.104:12913] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "indiahouseportland.com"] [uri "/.git/config"] [unique_id "ah7SWBA1x88FlTXxHyHyjQAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 10:31:08 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 104.23.239.104 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.23.239.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 06:31:02.812487 2026] [security2:error] [pid 9149:tid 9149] [client 104.23.239.104:9260] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "clisanchezenterprises.com"] [uri "/.git/config"] [unique_id "ah6w5la6MHErgQ-imfMu3wAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-05-31 20:05:22 (1 week ago)	Abuse Detected (1)	Brute-Force Web App Attack
🇮🇹 alessio loto	2026-05-31 09:36:14 (1 week ago)	WAF Detection: Security_Scanner_Blocked. AI Confirmed Attack Payload.	Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-31 07:41:50 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 104.23.239.104 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.23.239.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 03:41:46.465679 2026] [security2:error] [pid 3225:tid 3225] [client 104.23.239.104:9948] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "backstore.com"] [uri "/.env.backup"] [unique_id "ahvmOgnXWy7GPgBIwOSb4gAAAAw"], referer: https://www.google.com/search?q=backstore.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-30 06:51:39 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 104.23.239.104 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.23.239.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 30 02:51:28.637270 2026] [security2:error] [pid 13218:tid 13218] [client 104.23.239.104:9812] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "wastetrack.io"] [uri "/.env.backup"] [unique_id "ahqI8NWfv4_FA61e49OwgQAAAAc"], referer: https://www.google.com/search?q=wastetrack.io show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-25 01:43:42 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 104.23.239.104 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.23.239.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 24 21:43:37.841680 2026] [security2:error] [pid 32429:tid 32429] [client 104.23.239.104:12293] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.perlcreative.com"] [uri "/.env.development"] [unique_id "ahOpSWxxBFy-jRhRxE3DMQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 171 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 209.97.141.74

🇵🇰 153.117.40.127

🇱🇹 62.60.130.128

🇧🇷 177.71.84.44

🇺🇸 70.164.250.141

🇭🇰 61.244.153.78

🇨🇳 61.240.213.113

🇵🇱 45.43.137.130

🇳🇱 45.8.17.36

🇵🇱 20.215.66.169

🇺🇸 20.51.61.81

🇬🇧 18.133.30.244

🇳🇱 185.213.174.123

🇨🇳 180.184.86.82

🇪🇸 138.100.233.40

🇮🇳 125.19.194.166

🇨🇳 116.207.109.163

🇨🇳 113.221.97.73

🇷🇴 92.118.39.236

🇬🇧 51.38.75.122