JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.239.13.42

104.239.13.42 was found in our database!

This IP was reported 11 times. Confidence of Abuse is 0%: ?

ISP	FASTPLANET LTD
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	fastplanet.com
Country	🇨🇦 Canada
City	Montreal, Quebec

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.239.13.42

Whois 104.239.13.42

IP Abuse Reports for 104.239.13.42:

This IP address has been reported a total of 11 times from 5 distinct sources. 104.239.13.42 was first reported on November 28th 2023, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-01-16 19:11:21 (4 months ago)	(mod_security) mod_security (id:221260) triggered by 104.239.13.42 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:221260) triggered by 104.239.13.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 14:11:04.223393 2026] [security2:error] [pid 15591:tid 15591] [client 104.239.13.42:35363] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\$\\\$\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|cpcontacts.nbcnewsradio.com:443\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.nbcnewsradio.com"] [uri "/cgi-bin/stats"] [unique_id "aWqNSCkWtveKr4JuWsXOBwAAAAQ"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 22:47:40 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.239.13.42 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.239.13.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 17:47:33.990470 2025] [security2:error] [pid 31199:tid 31199] [client 104.239.13.42:39335] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.farmers123.com"] [uri "/web.config"] [unique_id "aS9shVzKLpbHOOQGLS9KIgAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-01 06:16:25 (6 months ago)	(mod_security) mod_security (id:210350) triggered by 104.239.13.42 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 104.239.13.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 01:16:20.301720 2025] [security2:error] [pid 5083:tid 5098] [client 104.239.13.42:48945] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|kettlehill.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "kettlehill.com"] [uri "/403.shtml"] [unique_id "aS0ytLlODMhtlQGnj5dA3AAAAEw"], referer: https://www.kettlehill.com/403.shtml show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-10-30 03:20:00 (7 months ago)	Unauthorized connection attempt	Brute-Force
🇺🇸 TPI-Abuse	2025-09-01 04:21:05 (9 months ago)	(mod_security) mod_security (id:210492) triggered by 104.239.13.42 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.239.13.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 01 00:21:02.306649 2025] [security2:error] [pid 4167011:tid 4167144] [client 104.239.13.42:56811] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.kettlehill.com"] [uri "/wp-config.php.bak"] [unique_id "aLUfLhKedjo2Ng22upn6HwAAARU"] show less	Brute-Force Bad Web Bot Web App Attack
🇸🇬 raramos	2025-08-07 19:00:07 (9 months ago)	[SMB remote code execution attempt: port tcp/445] in blocklist.de:'listed [pop3]' in SpamCop:'listed ... show more [SMB remote code execution attempt: port tcp/445] in blocklist.de:'listed [pop3]' in SpamCop:'listed' in sorbs:'listed [web], [spam]' in Unsubscore:'listed' *(RWIN=8192)(04:10) show less	Web Spam Email Spam Port Scan Hacking Brute-Force Web App Attack
Anonymous	2025-07-30 09:56:00 (10 months ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇺🇸 TPI-Abuse	2025-06-01 08:53:20 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 104.239.13.42 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.239.13.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 04:53:14.064253 2025] [security2:error] [pid 2863387:tid 2863425] [client 104.239.13.42:50201] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htpasswd" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autoconfig.kettlehill.com"] [uri "/.htpasswd"] [unique_id "aDwU-sqrNi6s8vLirve5XwAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-05-01 08:30:18 (1 year ago)	\| XSS (Cross Site Scripting) attempt.	Hacking SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2024-05-24 19:45:28 (2 years ago)	(mod_security) mod_security (id:220020) triggered by 104.239.13.42 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:220020) triggered by 104.239.13.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 24 15:45:20.619456 2024] [security2:error] [pid 9530:tid 47963345016576] [client 104.239.13.42:57239] [client 104.239.13.42] ModSecurity: Access denied with code 403 (phase 1). Pattern match "(^\|;)=(;\|$)" at REQUEST_HEADERS:Cookie. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "74"] [id "220020"] [rev "2"] [msg "COMODO WAF: DoS vulnerability in Apache 2.2.17 - 2.2.21 (CVE-2012-0021)\|\|www.latinofederation.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.latinofederation.org"] [uri "/Contact.html"] [unique_id "ZlDuULrGv5fJ7ijjleEPXQAAAIc"], referer: https://lewiatan.pl show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2023-11-28 15:30:09 (2 years ago)	(mod_security) mod_security (id:210730) triggered by 104.239.13.42 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 104.239.13.42 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 28 10:29:59.084202 2023] [security2:error] [pid 3337609] [client 104.239.13.42:58395] [client 104.239.13.42] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.baliaccommodationpadangpadang.com\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.baliaccommodationpadangpadang.com"] [uri "/[email protected]"] [unique_id "ZWYHd9G9sgtyS1i5EbdzKwAAAB8"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 11 of 11 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 221.218.245.18

🇺🇸 192.153.76.69

🇧🇷 186.216.88.160

🇲🇹 141.8.67.235

🇪🇸 91.142.223.216

🇺🇸 74.125.80.144

🇮🇩 43.133.138.8

🇮🇩 36.95.194.52

🇬🇧 35.203.210.41

🇩🇪 213.209.159.227

🇨🇭 209.99.190.200

🇳🇬 197.210.71.241

🇲🇽 189.217.130.86

🇺🇸 165.154.206.124

🇫🇮 147.185.133.78

🇮🇳 123.58.203.202

🇷🇴 80.94.92.184

🇩🇪 69.5.169.212

🇪🇸 5.225.166.111

🇬🇧 2a06:4880:6000::70