JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.233.20.23

104.233.20.23 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 0%: ?

ISP	FASTPLANET LTD
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	fastplanet.com
Country	🇨🇦 Canada
City	Montreal, Quebec

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.233.20.23

Whois 104.233.20.23

IP Abuse Reports for 104.233.20.23:

This IP address has been reported a total of 19 times from 4 distinct sources. 104.233.20.23 was first reported on May 15th 2024, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-01-17 12:14:07 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.233.20.23 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.233.20.23 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 07:14:02.283605 2026] [security2:error] [pid 2507:tid 2507] [client 104.233.20.23:55315] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/wp-config.php.bak"] [unique_id "aWt9CgdcGvsxPfaJfQuMxgAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 17:50:48 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.233.20.23 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.233.20.23 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 12:50:31.770982 2025] [security2:error] [pid 30292:tid 30592] [client 104.233.20.23:37041] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.kettlehill.net"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "aVK_Z4Gwzh_8AlcRvOiGHwAAAQk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-13 13:33:09 (6 months ago)	(mod_security) mod_security (id:212620) triggered by 104.233.20.23 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:212620) triggered by 104.233.20.23 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 08:33:04.545139 2025] [security2:error] [pid 27313:tid 27313] [client 104.233.20.23:50865] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|ftp.nbcnewsradio.com\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /?author=1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "ftp.nbcnewsradio.com"] [uri "/"] [unique_id "aRXeEMq_c_gDxtUcnSyQgwAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-27 02:15:03 (10 months ago)	(mod_security) mod_security (id:221260) triggered by 104.233.20.23 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:221260) triggered by 104.233.20.23 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 22:14:57.915751 2025] [security2:error] [pid 729657:tid 729699] [client 104.233.20.23:45255] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|www.staging.kettlehill.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.staging.kettlehill.com"] [uri "/test.cgi"] [unique_id "aIWLoRUVDjlJfvQpjEJlpwAAAAU"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-29 22:07:41 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 104.233.20.23 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.233.20.23 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 18:07:34.675348 2025] [security2:error] [pid 3619436:tid 3619436] [client 104.233.20.23:38331] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.farmers123.com"] [uri "/.env.prod"] [unique_id "aDjapsQT4O0iqKgsiNZ-sQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-01-25 19:10:15 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack
Anonymous	2024-11-21 01:31:24 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-11-14 01:22:30 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-11-01 13:51:00 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-10-25 03:41:40 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-10-17 23:21:29 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-10-10 16:36:28 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-10-03 16:18:25 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-09-25 23:55:46 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-09-18 20:19:34 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇽 189.216.156.33

🇨🇦 96.46.48.39

🇳🇱 91.92.42.63

🇷🇴 80.94.92.186

🇮🇪 3.255.96.216

🇩🇪 213.209.159.52

🇳🇱 213.177.179.165

🇳🇱 213.177.179.145

🇧🇷 186.239.41.74

🇺🇸 172.214.47.17

🇺🇸 148.105.14.75

🇺🇸 147.185.132.231

🇬🇧 109.75.172.153

🇱🇹 91.224.92.190

🇱🇻 91.203.69.239

🇳🇱 91.92.243.207

🇷🇴 80.94.92.177

🇳🇱 45.198.224.134

🇮🇩 41.216.178.119

🇮🇪 34.240.197.5