JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.233.20.221

104.233.20.221 was found in our database!

This IP was reported 22 times. Confidence of Abuse is 0%: ?

ISP	FASTPLANET LTD
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	fastplanet.com
Country	🇨🇦 Canada
City	Montreal, Quebec

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.233.20.221

Whois 104.233.20.221

IP Abuse Reports for 104.233.20.221:

This IP address has been reported a total of 22 times from 6 distinct sources. 104.233.20.221 was first reported on May 15th 2024, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-01-17 00:24:45 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.233.20.221 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.233.20.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 19:24:08.641763 2026] [security2:error] [pid 13751:tid 13751] [client 104.233.20.221:49579] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.nbcnewsradio.com"] [uri "/.env.old"] [unique_id "aWrWqFHiIHuAkLl2r4acSQAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 17:49:07 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.233.20.221 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.233.20.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 12:48:59.454643 2025] [security2:error] [pid 30292:tid 30597] [client 104.233.20.221:46785] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.net"] [uri "/images../.git/config"] [unique_id "aVK_C4Gwzh_8AlcRvOiEuwAAAQ4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-13 14:55:56 (6 months ago)	(mod_security) mod_security (id:212620) triggered by 104.233.20.221 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:212620) triggered by 104.233.20.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 09:55:52.435781 2025] [security2:error] [pid 11069:tid 11069] [client 104.233.20.221:34241] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|ftp.nbcnewsradio.com\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /modules/fieldpopupnewsletter/ajax.php?callback=<script>alert(document.domain)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "ftp.nbcnewsradio.com"] [uri "/modules/fieldpopupnewsletter/ajax.php"] [unique_id "aRXxeHLNZ_yrjUNPRUJDeAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-27 00:10:07 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 104.233.20.221 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.233.20.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 20:09:21.635640 2025] [security2:error] [pid 146057:tid 146135] [client 104.233.20.221:55857] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.net"] [uri "/events../.git/config"] [unique_id "aIVuMQtdUXc7wYRdaLO0lwAAAYk"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-06-22 20:30:45 (11 months ago)	Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
🇺🇸 TPI-Abuse	2025-05-30 01:20:51 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 104.233.20.221 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.233.20.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 21:20:47.334104 2025] [security2:error] [pid 3897273:tid 3897273] [client 104.233.20.221:55873] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.farmers123.com"] [uri "/.env.prod.local"] [unique_id "aDkH7_nWaYVXMVUNd9INBwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-03-29 08:14:55 (1 year ago)	Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
Anonymous	2025-02-27 17:20:13 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack
🇳🇱 EGP Abuse Dept	2025-02-16 13:28:20 (1 year ago)	SQL injection attack	SQL Injection
Anonymous	2024-11-21 05:36:38 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-11-14 05:33:50 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-11-02 09:43:16 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-10-26 05:59:03 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-10-18 12:30:52 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-10-10 19:57:25 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 217.146.80.98

🇬🇪 212.58.103.94

🇬🇧 198.244.226.97

🇺🇸 165.154.172.10

🇺🇸 162.216.150.120

🇳🇱 155.117.6.32

🇬🇧 81.19.219.201

🇬🇧 51.195.183.221

🇬🇧 51.195.183.137

🇳🇱 45.148.10.206

🇳🇱 45.148.10.152

🇨🇳 202.46.62.85

🇷🇺 194.190.153.166

🇬🇧 193.176.29.15

🇬🇧 188.240.59.28

🇬🇧 138.68.167.25

🇻🇳 103.69.96.120

🇫🇷 82.102.18.182

🇬🇧 51.195.244.29

🇬🇧 51.195.183.136