JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.239.124.41

104.239.124.41 was found in our database!

This IP was reported 15 times. Confidence of Abuse is 0%: ?

ISP	FASTPLANET LTD
Usage Type	Data Center/Web Hosting/Transit
ASN	AS205659
Domain Name	fastplanet.com
Country	🇺🇸 United States of America
City	Dallas, Texas

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.239.124.41

Whois 104.239.124.41

IP Abuse Reports for 104.239.124.41:

This IP address has been reported a total of 15 times from 8 distinct sources. 104.239.124.41 was first reported on September 12th 2023, and the most recent report was 1 year ago.

Old Reports: The most recent abuse report for this IP address is from 1 year ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2024-11-28 06:22:08 (1 year ago)	104.239.124.41 - - [28/Nov/2024:07:22:07 +0100] "GET /%5Cwindows/win.ini HTTP/1.1" 404 5458 "-" "Moz ... show more 104.239.124.41 - - [28/Nov/2024:07:22:07 +0100] "GET /%5Cwindows/win.ini HTTP/1.1" 404 5458 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" ... show less	Hacking
🇩🇪 Alejandro Docasar	2024-11-27 21:25:44 (1 year ago)		Web App Attack
🇩🇪 ps-center	2024-11-27 02:50:18 (1 year ago)	SS1: Web Attack GET /wp-admin/admin-ajax.php?action=duplicator_download&file=..%2F..%2F..%2F..%2F..% ... show more SS1: Web Attack GET /wp-admin/admin-ajax.php?action=duplicator_download&file=..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd show less	Web Spam Hacking Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-11-26 23:18:50 (1 year ago)	(mod_security) mod_security (id:212340) triggered by 104.239.124.41 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:212340) triggered by 104.239.124.41 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 26 18:18:01.909565 2024] [security2:error] [pid 14709:tid 14866] [client 104.239.124.41:50069] [client 104.239.124.41] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "<!--" at ARGS:windowTitle. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "56"] [id "212340"] [rev "5"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|ftp.kettlehill.net\|F\|2"] [data "Matched Data: <!-- found within ARGS:windowTitle: AdministratorHelpWindow></TITLE></HEAD><body><script>alert(document.domain)</script><!--"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "ftp.kettlehill.net"] [uri "/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp"] [unique_id "Z0ZXKaT8ZjqC-hUlXJfd0gAAAEo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-09-03 18:43:06 (1 year ago)	(mod_security) mod_security (id:212620) triggered by 104.239.124.41 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:212620) triggered by 104.239.124.41 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 03 14:42:56.032266 2024] [security2:error] [pid 21512:tid 21512] [client 104.239.124.41:40929] [client 104.239.124.41] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "3"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|mail.stdavids-media.com\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /squid.svg?title=notfound&text=thisisnotthepageyouarelookingfor!&background=\\x22><script>alert(document.domain)</script><imgsrc=\\x22&small"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "mail.stdavids-media.com"] [uri "/squid.svg"] [unique_id "ZtdYsBaNTHlESmL66lFctwAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-09-01 01:55:32 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 104.239.124.41 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:211190) triggered by 104.239.124.41 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 31 21:51:35.081248 2024] [security2:error] [pid 3087700:tid 3087731] [client 104.239.124.41:39091] [client 104.239.124.41] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|autodiscover.kettlehill.net\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /index.php?option=com_album&Itemid=128&target=../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.kettlehill.net"] [uri "/index.php"] [unique_id "ZtPIp9yH84duF-C5mXVHCAAAAYE"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ps-center	2024-07-16 00:41:01 (1 year ago)	SS1: Web Attack GET /../../../../../etc/passwd	Web Spam Hacking Bad Web Bot Web App Attack
Anonymous	2024-07-14 23:06:46 (1 year ago)	Common attack or app scan event detected and blocked	Port Scan Hacking Web App Attack
🇺🇸 TPI-Abuse	2024-06-27 07:08:49 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 104.239.124.41 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:211190) triggered by 104.239.124.41 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 27 03:08:39.887981 2024] [security2:error] [pid 31357:tid 47386382579456] [client 104.239.124.41:35579] [client 104.239.124.41] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|www.staging.kettlehill.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /awcuser/cgi-bin/vcs_access_file.cgi?file=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.staging.kettlehill.com"] [uri "/awcuser/cgi-bin/vcs_access_file.cgi"] [unique_id "Zn0P9-hhp4qy_W6hp2wr4wAAANI"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 10dencehispahard SL	2024-05-08 06:01:07 (2 years ago)	Unauthorized login attempts [ accesslogs]	Brute-Force
🇺🇸 TPI-Abuse	2024-04-03 18:31:02 (2 years ago)	(mod_security) mod_security (id:210492) triggered by 104.239.124.41 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.239.124.41 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 03 14:30:42.134477 2024] [security2:error] [pid 29639:tid 47764744668928] [client 104.239.124.41:44847] [client 104.239.124.41] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kettlehill.net"] [uri "/.env.www"] [unique_id "Zg2gUkMbCuCCUcnq7J_ErAAAAUE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2024-03-29 10:45:07 (2 years ago)	\| Common web attack.	Hacking SQL Injection Web App Attack
🇪🇸 10dencehispahard SL	2024-03-27 07:00:25 (2 years ago)	Unauthorized login attempts [ BI-16635]	Brute-Force
🇪🇸 10dencehispahard SL	2024-03-27 06:42:53 (2 years ago)	WP scan	Web App Attack
🇦🇺 oncord	2023-09-12 10:18:00 (2 years ago)	Form spam	Web Spam

Showing 1 to 15 of 15 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 208.87.243.51

🇧🇪 198.235.24.167

🇪🇹 196.188.168.148

🇳🇱 195.178.110.30

🇨🇦 142.44.247.134

🇰🇷 118.193.69.67

🇳🇬 102.88.137.145

🇺🇸 91.230.168.121

🇱🇹 81.30.98.158

🇺🇸 66.132.172.234

🇺🇸 66.132.172.219

🇺🇸 66.132.172.125

🇳🇱 45.148.10.141

🇺🇸 2607:f8b0:400e:c17::121

🇨🇳 222.176.201.24

🇹🇭 202.29.236.76

🇧🇪 198.235.24.163

🇹🇼 198.235.24.121

🇹🇼 198.235.24.115

🇪🇹 196.188.93.169