JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.239.10.97

104.239.10.97 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 0%: ?

ISP	FASTPLANET LTD
Usage Type	Data Center/Web Hosting/Transit
ASN	AS205659
Domain Name	fastplanet.com
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.239.10.97

Whois 104.239.10.97

IP Abuse Reports for 104.239.10.97:

This IP address has been reported a total of 10 times from 5 distinct sources. 104.239.10.97 was first reported on July 21st 2023, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-01-27 03:26:13 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.239.10.97 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.239.10.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 26 22:26:08.842101 2026] [security2:error] [pid 30779:tid 30794] [client 104.239.10.97:43659] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whm.kettlehill.com"] [uri "/.env.stage"] [unique_id "aXgwUNHp9a6aOJN1nOPm-gAAAcY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-17 10:32:12 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.239.10.97 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.239.10.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 05:31:59.754972 2026] [security2:error] [pid 7916:tid 7916] [client 104.239.10.97:43615] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/.env.example"] [unique_id "aWtlH-kV1HhemCQVTXoqFQAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-26 23:58:23 (10 months ago)	(mod_security) mod_security (id:221260) triggered by 104.239.10.97 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:221260) triggered by 104.239.10.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 19:57:08.263545 2025] [security2:error] [pid 24708:tid 24740] [client 104.239.10.97:35329] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|kettlehill.kettlehill.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.kettlehill.com"] [uri "/test.cgi"] [unique_id "aIVrVNCGcANRee83lKGZ-gAAAAE"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-07-23 08:06:29 (10 months ago)	Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
Anonymous	2025-06-23 19:03:51 (11 months ago)	Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
🇺🇸 TPI-Abuse	2025-05-29 15:30:33 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 104.239.10.97 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:211190) triggered by 104.239.10.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 11:30:15.387936 2025] [security2:error] [pid 2877826:tid 2877826] [client 104.239.10.97:37683] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|autodiscover.farmers123.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /poc.jsp?cmd=cat+%2Fetc%2Fpasswd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.farmers123.com"] [uri "/poc.jsp"] [unique_id "aDh9h2j2Yk6rDyU7i7ZAQAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-04-19 05:32:00 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 104.239.10.97 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.239.10.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 19 01:30:39.205449 2025] [security2:error] [pid 9525:tid 9534] [client 104.239.10.97:58089] [client 104.239.10.97] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "blog.spinningdesigns.com"] [uri "/wp-config.php.original"] [unique_id "aAM0_-gH_4suWGdE9de6hwAAAIc"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-01-24 22:20:07 (1 year ago)	\| Shellshock attack attempt	Hacking SQL Injection Web App Attack
🇫🇷 bzhH29280	2024-01-17 00:44:58 (2 years ago)	DDoS Attack	DDoS Attack
🇺🇸 BridgeBurner	2023-07-21 13:32:14 (2 years ago)	Layer 7 ddos	DDoS Attack

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2001:470:1:c84::27c

🇰🇷 220.126.95.19

🇧🇷 177.53.170.114

🇨🇳 171.213.137.156

🇻🇳 116.110.216.230

🇺🇸 47.251.101.233

🇧🇪 34.78.194.214

🇺🇸 24.104.225.201

🇩🇪 213.209.159.56

🇩🇪 212.132.120.41

🇱🇻 196.196.53.8

🇺🇸 147.185.132.13

🇸🇬 35.247.151.219

🇺🇸 34.19.127.190

🇯🇵 8.221.140.189

🇩🇪 8.209.80.8

🇰🇷 222.239.251.12

🇳🇱 204.76.203.15

🇺🇸 195.184.76.136

🇲🇽 187.154.100.150