JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.233.20.252

104.233.20.252 was found in our database!

This IP was reported 24 times. Confidence of Abuse is 4%: ?

ISP	FASTPLANET LTD
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	fastplanet.com
Country	🇨🇦 Canada
City	Montreal, Quebec

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.233.20.252

Whois 104.233.20.252

IP Abuse Reports for 104.233.20.252:

This IP address has been reported a total of 24 times from 7 distinct sources. 104.233.20.252 was first reported on October 30th 2023, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 bigorre.org	2026-06-14 14:44:48 (2 days ago)	Excessive crawling : exceed crawl-delay defined in robots.txt	Bad Web Bot
🇺🇸 TPI-Abuse	2026-01-17 22:30:40 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.233.20.252 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.233.20.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 17:30:33.011248 2026] [security2:error] [pid 14033:tid 14033] [client 104.233.20.252:48541] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/wp-config.php.txt"] [unique_id "aWwNiWhBbh5Hvckm7D3TkAAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 19:03:43 (5 months ago)	(mod_security) mod_security (id:210350) triggered by 104.233.20.252 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210350) triggered by 104.233.20.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 14:03:36.798464 2025] [security2:error] [pid 31734:tid 31763] [client 104.233.20.252:47765] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|ftp.kettlehill.net\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "ftp.kettlehill.net"] [uri "/sse"] [unique_id "aVLQiGCDVM70TD0LIjvPoAAAAVY"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 [email protected]	2025-12-29 03:47:50 (5 months ago)	Attack attempt against Interwebbi servers; Port Scan detected from 104.233.20.252 (CA/Canada/-). 5 ... show more Attack attempt against Interwebbi servers; Port Scan detected from 104.233.20.252 (CA/Canada/-). 5 hits in the last 460 seconds; IP: 104.233.20.252; Ports: *; Direction: 0; Trigger: PS_LIMIT; show less	Brute-Force
🇺🇸 TPI-Abuse	2025-12-02 22:19:53 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.233.20.252 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.233.20.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 17:19:47.995130 2025] [security2:error] [pid 29089:tid 29089] [client 104.233.20.252:42021] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.farmers123.com"] [uri "/htaccess_for_page_not_found_redirects.htaccess"] [unique_id "aS9mA81s3p_8OjJ-UidIYQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-01 15:11:17 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.233.20.252 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.233.20.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 01 11:11:11.496572 2025] [security2:error] [pid 27531:tid 27536] [client 104.233.20.252:55963] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.kettlehill.net"] [uri "/htaccess_for_page_not_found_redirects.htaccess"] [unique_id "aQYjD32WO2IkxYJ6zsITmwAAAQM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-29 12:56:47 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.233.20.252 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.233.20.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 29 08:56:39.367240 2025] [security2:error] [pid 9494:tid 9494] [client 104.233.20.252:45677] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.davispickering.com"] [uri "/.env.www"] [unique_id "aQIPBwUp5F3QnRCmgyulUgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-28 21:45:52 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 104.233.20.252 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 104.233.20.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 17:45:48.409359 2025] [security2:error] [pid 25825:tid 25825] [client 104.233.20.252:43031] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.nbcnewsradio.com\|F\|2"] [data ".axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.nbcnewsradio.com"] [uri "/elmah.axd"] [unique_id "aQE5jD6FsHnzS_D_HElBXwAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 mgarofano80	2025-10-22 20:38:24 (7 months ago)		Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-07-27 00:16:34 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 104.233.20.252 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.233.20.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 20:16:27.702786 2025] [security2:error] [pid 172229:tid 172478] [client 104.233.20.252:37231] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htpasswd" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.kettlehill.net"] [uri "/.htpasswd"] [unique_id "aIVv2-Zd-uShJ73phjvkmwAAAQ0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-29 20:15:00 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 104.233.20.252 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.233.20.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 16:14:57.194726 2025] [security2:error] [pid 3416435:tid 3416435] [client 104.233.20.252:40823] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whm.farmers123.com"] [uri "/.env.www"] [unique_id "aDjAQdOF5BBkguOxw3keOAAAACc"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-01-17 15:20:39 (1 year ago)	\| A web attack returned code 200 (success).	Hacking SQL Injection Web App Attack
Anonymous	2024-11-21 13:36:57 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-11-14 13:19:17 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-11-01 14:29:10 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot

Showing 1 to 15 of 24 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇦 198.50.202.93

🇧🇷 191.121.232.112

🇯🇵 140.238.43.38

🇺🇸 95.164.235.254

🇧🇷 191.9.120.9

🇧🇷 187.87.104.234

🇺🇸 170.231.251.176

🇲🇽 158.23.88.242

🇨🇳 139.9.191.197

🇺🇸 107.152.36.218

🇮🇩 103.112.5.7

🇳🇱 45.148.10.151

🇹🇼 198.235.24.59

🇦🇷 191.83.220.146

🇧🇷 152.237.33.176

🇸🇬 111.119.222.27

🇷🇴 109.100.14.222

🇸🇬 101.47.158.56

🇺🇸 3.226.34.98

🇳🇱 185.242.226.72