JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.233.20.124

104.233.20.124 was found in our database!

This IP was reported 23 times. Confidence of Abuse is 0%: ?

ISP	FASTPLANET LTD
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	fastplanet.com
Country	🇨🇦 Canada
City	Montreal, Quebec

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.233.20.124

Whois 104.233.20.124

IP Abuse Reports for 104.233.20.124:

This IP address has been reported a total of 23 times from 7 distinct sources. 104.233.20.124 was first reported on October 30th 2023, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-01-27 04:20:47 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.233.20.124 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.233.20.124 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 26 23:20:42.697416 2026] [security2:error] [pid 8339:tid 8442] [client 104.233.20.124:48321] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kettlehill.net"] [uri "/sftp-config.json"] [unique_id "aXg9GoD2pNfqivIyv8qMIwAAAlQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-17 06:43:45 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.233.20.124 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.233.20.124 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 01:43:38.652739 2026] [security2:error] [pid 7104:tid 7104] [client 104.233.20.124:60873] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/.env_sample"] [unique_id "aWsvmhOkFmE00CoL7uG1GQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-01-01 05:22:01 (5 months ago)	[Thu Jan 01 06:22:01.093301 2026] [:error] [pid 107655:tid 107655] [client 104.233.20.124:35441] Mod ... show more [Thu Jan 01 06:22:01.093301 2026] [:error] [pid 107655:tid 107655] [client 104.233.20.124:35441] ModSecurity: Warning. Matched "Operator `Rx' with parameter `^\\(\\s*\\)\\s+\\{' against variable `REQUEST_HEADERS:Shellshock' (Value: `() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd' ) [file "/usr/local/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "662"] [id "932170"] [rev ""] [msg "Remote Command Execution: Shellshock (CVE-2014-6271)"] [data "Matched Data: () { found within REQUEST_HEADERS:Shellshock: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd"] [severity "2"] [ver "OWASP_CRS/4.22.0-dev"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-RCE"] [tag "capec/1000/152/248/88"] [uri "//cgi-bin/status"] [unique_id "176724492127.449950"] [ref "o0,4v204,74t ... show less	Web App Attack
🇺🇸 TPI-Abuse	2025-11-13 13:56:16 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.233.20.124 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.233.20.124 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 08:56:10.217637 2025] [security2:error] [pid 10147:tid 10147] [client 104.233.20.124:41529] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.nbcnewsradio.com"] [uri "/a.htaccess"] [unique_id "aRXjei9gxwgrwpzsPAGCiAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇪 RoboSOC	2025-10-16 08:35:41 (7 months ago)	Confluence Server OGNL Injection Remote Code Execution Vulnerability, PTR: PTR record not found	Hacking
🇺🇸 TPI-Abuse	2025-07-26 23:14:11 (10 months ago)	(mod_security) mod_security (id:221260) triggered by 104.233.20.124 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:221260) triggered by 104.233.20.124 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 19:08:20.188493 2025] [security2:error] [pid 19347:tid 19349] [client 104.233.20.124:46587] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|webdisk.kettlehill.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.kettlehill.com"] [uri "/cgi-bin/test"] [unique_id "aIVf5L-V5dLnzWTrDIooIAAAAQA"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-06-22 22:43:35 (11 months ago)	Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
🇺🇸 TPI-Abuse	2025-05-30 01:43:18 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 104.233.20.124 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.233.20.124 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 21:43:15.301750 2025] [security2:error] [pid 3924270:tid 3924270] [client 104.233.20.124:41735] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.farmers123.com"] [uri "/events../.git/config"] [unique_id "aDkNM-8xqc4-Q2NF6aPG9gAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-02-28 21:23:29 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 104.233.20.124 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:211190) triggered by 104.233.20.124 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 28 16:22:12.906826 2025] [security2:error] [pid 23560:tid 23764] [client 104.233.20.124:57705] [client 104.233.20.124] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|kettlehill.kettlehill.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /cgi-bin/tsaupload.cgi?file_name=../../../../../..//etc/passwd&password"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.kettlehill.com"] [uri "/cgi-bin/tsaupload.cgi"] [unique_id "Z8IpBK5U5SwoT6lNDCWdkAAAAlA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-02-27 16:30:15 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack
Anonymous	2024-11-21 07:56:56 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-11-14 07:30:03 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-11-03 17:53:46 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-10-27 16:07:06 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-10-19 23:46:44 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot

Showing 1 to 15 of 23 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 218.21.246.238

🇺🇸 66.132.172.204

🇺🇸 185.191.171.7

🇮🇳 122.165.124.15

🇳🇱 45.148.10.152

🇨🇳 218.94.137.166

🇺🇸 192.3.218.12

🇧🇷 187.51.219.26

🇸🇪 178.73.232.97

🇨🇳 153.37.156.211

🇱🇹 81.30.98.44

🇺🇸 65.49.1.60

🇺🇸 43.162.99.8

🇬🇧 193.163.125.35

🇨🇳 125.124.226.217

🇨🇳 124.117.195.153

🇵🇰 103.173.7.171

🇺🇸 40.78.155.180

🇨🇳 36.33.167.165

🇺🇸 216.218.206.121