JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.239.40.216

104.239.40.216 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 3%: ?

ISP	FASTPLANET LTD
Usage Type	Fixed Line ISP
ASN	AS202044
Domain Name	fastplanet.com
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.239.40.216

Whois 104.239.40.216

IP Abuse Reports for 104.239.40.216:

This IP address has been reported a total of 17 times from 7 distinct sources. 104.239.40.216 was first reported on March 12th 2023, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-01 02:09:33 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 104.239.40.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.239.40.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 22:08:59.560256 2026] [security2:error] [pid 7732:tid 7747] [client 104.239.40.216:32883] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.staging.kettlehill.com"] [uri "/wp-config.php-backup"] [unique_id "ahzpuyKq_i-FrRbJEDL7nQAAAUE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-01 20:13:02 (3 months ago)	(mod_security) mod_security (id:211190) triggered by 104.239.40.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:211190) triggered by 104.239.40.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 01 15:12:34.227241 2026] [security2:error] [pid 3623:tid 3724] [client 104.239.40.216:52161] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|mail.kettlehill.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/mail-masta/inc/lists/csvexport.php?pl=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.kettlehill.com"] [uri "/wp-content/plugins/mail-masta/inc/lists/csvexport.php"] [unique_id "aaSdsl4WolzQRuAXATJzEgAAAUU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-16 10:19:18 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.239.40.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.239.40.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 05:19:15.072499 2026] [security2:error] [pid 29762:tid 29762] [client 104.239.40.216:56617] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/.env.dev"] [unique_id "aWoQozn6H4n7571AEhxwLQAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 19:14:28 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.239.40.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.239.40.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 14:13:55.840627 2025] [security2:error] [pid 22842:tid 22990] [client 104.239.40.216:46915] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.kettlehill.com"] [uri "/.env.www"] [unique_id "aVLS81KoonkfA7MmLZciEgAAAQI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-28 00:27:24 (6 months ago)	(mod_security) mod_security (id:211190) triggered by 104.239.40.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:211190) triggered by 104.239.40.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 27 19:27:17.458808 2025] [security2:error] [pid 2371:tid 2619] [client 104.239.40.216:48843] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|kettlehill.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /log_download.cgi?type=../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.com"] [uri "/log_download.cgi"] [unique_id "aSjsZUhIZrH6z5JJv-lO9wAAAJU"], referer: http://kettlehill.com/log_download.cgi?type=../../../../../../../../etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ps-center	2025-11-21 04:15:54 (6 months ago)	SS5: Web Attack GET /wp-login.php	Web Spam Hacking Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-13 10:37:37 (6 months ago)	(mod_security) mod_security (id:210580) triggered by 104.239.40.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210580) triggered by 104.239.40.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 05:37:05.416992 2025] [security2:error] [pid 17682:tid 17682] [client 104.239.40.216:36555] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/passwd" at ARGS:style. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt\|\|ftp.nbcnewsradio.com\|F\|2"] [data "Matched Data: etc/passwd found within ARGS:style: ../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "ftp.nbcnewsradio.com"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "aRW00Rw9KoC7YzRZ6aFPWQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-27 00:52:42 (10 months ago)	(mod_security) mod_security (id:221260) triggered by 104.239.40.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:221260) triggered by 104.239.40.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 20:52:34.816980 2025] [security2:error] [pid 404370:tid 404568] [client 104.239.40.216:57561] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|www.staging.kettlehill.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.staging.kettlehill.com"] [uri "/debug.cgi"] [unique_id "aIV4Usy-cZtwxEkIWL8yywAAAM8"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-07-22 11:01:36 (10 months ago)	Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
🇺🇸 TPI-Abuse	2025-05-29 18:56:37 (1 year ago)	(mod_security) mod_security (id:221260) triggered by 104.239.40.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:221260) triggered by 104.239.40.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 14:56:09.501912 2025] [security2:error] [pid 3227549:tid 3227549] [client 104.239.40.216:35061] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|whm.farmers123.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whm.farmers123.com"] [uri "/cgi-bin/test"] [unique_id "aDityU0IMxsaQmoRGr-gZwAAAAQ"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-02-28 14:10:02 (1 year ago)	\| Shellshock attack detected	Hacking SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2025-02-27 15:01:29 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 104.239.40.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 104.239.40.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 27 10:00:46.201725 2025] [security2:error] [pid 27063:tid 27216] [client 104.239.40.216:36277] [client 104.239.40.216] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.kettlehill.kettlehill.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.kettlehill.com"] [uri "/site.sql"] [unique_id "Z8B-HsnGgNPGej7DPucVgwAAAIk"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Steve	2024-07-08 19:34:04 (1 year ago)	Excessive crawling - not obeying robots.txt	Bad Web Bot
🇺🇸 ChamberofCommerce.com	2023-11-05 23:47:51 (2 years ago)	Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested ... show more Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested Before Block:226 show less	Bad Web Bot
🇺🇸 ChamberofCommerce.com	2023-11-02 04:55:43 (2 years ago)	Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested ... show more Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested Before Block:226 show less	Bad Web Bot

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇪 91.207.180.130

🇨🇭 85.5.148.125

🇮🇳 27.4.75.224

🇨🇳 120.240.178.153

🇺🇸 104.168.79.23

🇨🇳 101.68.50.194

🇺🇸 71.6.134.204

🇺🇸 66.132.195.110

🇲🇾 47.250.44.127

🇳🇱 45.198.224.145

🇧🇷 38.211.130.25

🇨🇱 34.176.161.70

🇧🇪 34.79.5.197

🇧🇪 34.78.175.120

🇨🇳 27.17.133.31

🇷🇺 213.180.203.133

🇳🇱 176.65.148.81

🇺🇸 34.136.212.158

🇦🇺 34.40.255.75

🇷🇴 2.57.122.177