JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.233.20.136

104.233.20.136 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 0%: ?

ISP	FASTPLANET LTD
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	fastplanet.com
Country	🇨🇦 Canada
City	Montreal, Quebec

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.233.20.136

Whois 104.233.20.136

IP Abuse Reports for 104.233.20.136:

This IP address has been reported a total of 17 times from 3 distinct sources. 104.233.20.136 was first reported on August 12th 2024, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-01-27 03:01:44 (4 months ago)	(mod_security) mod_security (id:221260) triggered by 104.233.20.136 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:221260) triggered by 104.233.20.136 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 26 22:01:39.004262 2026] [security2:error] [pid 23296:tid 23305] [client 104.233.20.136:60993] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|cpanel.kettlehill.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.kettlehill.net"] [uri "/test.cgi"] [unique_id "aXgqk0nBpq4P6Y3u9V4EhwAAAMU"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-13 12:14:09 (6 months ago)	(mod_security) mod_security (id:212620) triggered by 104.233.20.136 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:212620) triggered by 104.233.20.136 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 07:14:02.455919 2025] [security2:error] [pid 7128:tid 7128] [client 104.233.20.136:41747] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|ftp.nbcnewsradio.com\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /squid.svg?title=notfound&text=thisisnotthepageyouarelookingfor!&background=\\x22><script>alert(document.domain)</script><imgsrc=\\x22&small"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "ftp.nbcnewsradio.com"] [uri "/squid.svg"] [unique_id "aRXLijo7p4B5Pj5bFnA0wAAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-26 23:13:08 (10 months ago)	(mod_security) mod_security (id:221260) triggered by 104.233.20.136 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:221260) triggered by 104.233.20.136 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 19:08:19.990935 2025] [security2:error] [pid 19347:tid 19366] [client 104.233.20.136:40515] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|webdisk.kettlehill.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.kettlehill.com"] [uri "/debug.cgi"] [unique_id "aIVf47-V5dLnzWTrDIooHwAAARE"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-29 18:48:29 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 104.233.20.136 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.233.20.136 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 14:43:58.527097 2025] [security2:error] [pid 3139415:tid 3139415] [client 104.233.20.136:53641] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whm.farmers123.com"] [uri "/wp-config.php.orig"] [unique_id "aDiq7vSAYhIEx4jtJPVEPQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-01-24 18:40:19 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack
Anonymous	2024-11-22 07:40:52 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-11-15 07:39:29 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-11-08 07:19:07 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-11-01 06:02:09 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-10-25 04:57:13 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-10-18 02:18:31 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-10-11 01:31:37 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-10-03 19:58:48 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-09-26 02:39:13 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-09-18 19:50:17 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 176.65.139.151

🇺🇸 162.216.150.201

🇨🇳 118.249.191.163

🇦🇹 89.144.210.236

🇺🇸 45.146.54.165

🇷🇴 2.57.121.112

🇪🇸 185.242.251.171

🇬🇧 185.216.145.175

🇻🇳 171.244.39.95

🇧🇬 79.124.60.146

🇩🇪 43.228.157.21

🇹🇼 35.229.135.179

🇺🇸 216.73.163.247

🇮🇩 203.128.78.87

🇧🇷 191.245.36.16

🇬🇭 143.105.209.155

🇳🇱 85.121.127.143

🇲🇽 45.134.9.27

🇧🇪 34.62.136.236

🇺🇸 20.221.68.115