JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.239.42.40

104.239.42.40 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 0%: ?

ISP	FASTPLANET LTD
Usage Type	Fixed Line ISP
ASN	AS202044
Domain Name	fastplanet.com
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.239.42.40

Whois 104.239.42.40

IP Abuse Reports for 104.239.42.40:

This IP address has been reported a total of 17 times from 3 distinct sources. 104.239.42.40 was first reported on August 19th 2024, and the most recent report was 5 months ago.

Old Reports: The most recent abuse report for this IP address is from 5 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2025-12-29 17:38:24 (5 months ago)	(mod_security) mod_security (id:218420) triggered by 104.239.42.40 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:218420) triggered by 104.239.42.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 12:37:39.286952 2025] [security2:error] [pid 27855:tid 28176] [client 104.239.42.40:46945] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|www.staging.kettlehill.com\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "staging.kettlehill.com"] [uri "/cgi-bin/php-cgi.exe"] [unique_id "aVK8Y60TyVBQ9TgqIEW_aAAAAQo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-13 09:21:52 (6 months ago)	(mod_security) mod_security (id:211190) triggered by 104.239.42.40 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:211190) triggered by 104.239.42.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 04:21:45.179274 2025] [security2:error] [pid 1321:tid 1321] [client 104.239.42.40:33215] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|ftp.nbcnewsradio.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-json/lp/v1/courses/archive-course?template_path=..%2F..%2F..%2Fetc%2Fpasswd&return_type=html"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.nbcnewsradio.com"] [uri "/wp-json/lp/v1/courses/archive-course"] [unique_id "aRWjKVFe2nOs-XZRLHztEwAAACQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-27 01:45:57 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 104.239.42.40 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.239.42.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 21:45:54.785816 2025] [security2:error] [pid 729657:tid 729705] [client 104.239.42.40:36255] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.staging.kettlehill.com"] [uri "/.env.production"] [unique_id "aIWE0hUVDjlJfvQpjEJYCAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-29 15:34:12 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 104.239.42.40 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:211190) triggered by 104.239.42.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 11:33:50.204077 2025] [security2:error] [pid 2889310:tid 2889310] [client 104.239.42.40:40415] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|autodiscover.farmers123.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /api/console/api_server?sense_version=%40%40SENSE_VERSION&apis=../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.farmers123.com"] [uri "/api/console/api_server"] [unique_id "aDh-Xsn0SfeJI_YbUok5AgAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-01-26 03:40:02 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack
Anonymous	2024-11-23 05:19:58 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-11-16 05:02:54 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-11-09 04:23:27 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-11-01 22:33:48 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-10-25 21:05:43 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-10-18 15:45:18 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-10-10 18:03:59 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-10-03 13:20:00 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-09-26 10:41:25 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-09-19 10:04:00 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 162.243.228.110

🇨🇳 14.103.127.66

🇧🇷 187.40.215.162

🇺🇸 167.172.152.196

🇸🇬 159.223.36.55

🇺🇸 147.185.132.223

🇨🇦 144.217.74.127

🇲🇲 103.59.163.135

🇦🇺 58.7.105.207

🇸🇬 52.221.86.223

🇸🇬 47.130.61.219

🇺🇸 20.127.224.63

🇸🇬 18.136.246.89

🇺🇸 13.89.121.92

🇷🇴 2.57.121.112

🇮🇳 217.21.82.85

🇬🇧 198.244.242.70

🇵🇱 194.113.39.34

🇵🇱 194.113.39.6

🇧🇷 170.83.41.79