JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.239.42.98

104.239.42.98 was found in our database!

This IP was reported 25 times. Confidence of Abuse is 0%: ?

ISP	FASTPLANET LTD
Usage Type	Fixed Line ISP
ASN	AS202044
Domain Name	fastplanet.com
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.239.42.98

Whois 104.239.42.98

IP Abuse Reports for 104.239.42.98:

This IP address has been reported a total of 25 times from 8 distinct sources. 104.239.42.98 was first reported on May 4th 2023, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-01-17 16:35:34 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.239.42.98 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.239.42.98 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 11:35:29.274701 2026] [security2:error] [pid 16739:tid 16739] [client 104.239.42.98:41511] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/.env_sample"] [unique_id "aWu6UVf8DBpWtOL6SU9a9AAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 19:24:52 (5 months ago)	(mod_security) mod_security (id:211070) triggered by 104.239.42.98 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:211070) triggered by 104.239.42.98 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 14:24:46.385398 2025] [security2:error] [pid 22842:tid 23026] [client 104.239.42.98:58449] ModSecurity: Access denied with code 403 (phase 1). Pattern match "," at REQUEST_HEADERS:Transfer-Encoding. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "38"] [id "211070"] [rev "1"] [msg "COMODO WAF: HTTP Request Smuggling Attack.\|\|webmail.kettlehill.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "webmail.kettlehill.com"] [uri "/tmui/login.jsp"] [unique_id "aVLVflKoonkfA7MmLZcyeQAAARQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇪 RoboSOC	2025-10-16 08:35:04 (7 months ago)	Apache Struts2 OGNL Remote Code Execution Vulnerability, PTR: PTR record not found	Hacking
🇩🇪 SCHAPPY	2025-08-01 08:10:02 (10 months ago)	IP was involved in L7 DDoS attack.	DDoS Attack
🇺🇸 TPI-Abuse	2025-07-27 00:24:47 (10 months ago)	(mod_security) mod_security (id:221260) triggered by 104.239.42.98 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:221260) triggered by 104.239.42.98 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 20:24:31.382729 2025] [security2:error] [pid 291259:tid 291314] [client 104.239.42.98:60391] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|webdisk.kettlehill.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.kettlehill.net"] [uri "/403.shtml"] [unique_id "aIVxv2QX5AgegSXcd9rUXgAAAQk"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-06-23 16:03:35 (11 months ago)	Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
🇺🇸 TPI-Abuse	2025-05-29 23:46:09 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 104.239.42.98 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.239.42.98 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 19:46:01.784324 2025] [security2:error] [pid 3780532:tid 3780532] [client 104.239.42.98:32955] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.farmers123.com"] [uri "/wp-config.php.original"] [unique_id "aDjxuY4G6sR5bE56dkik8wAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-02-27 14:49:37 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 104.239.42.98 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 104.239.42.98 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 27 09:49:28.320913 2025] [security2:error] [pid 27061:tid 27154] [client 104.239.42.98:43461] [client 104.239.42.98] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.kettlehill.net\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.net"] [uri "/www.kettlehill.net/errors.log"] [unique_id "Z8B7eB0YO9vnfm9-bP1GxwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-01-26 11:10:06 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack
Anonymous	2024-11-22 18:54:57 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-11-15 18:30:22 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-11-08 17:58:54 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-11-01 13:14:41 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-10-25 07:32:49 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-10-17 22:24:19 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot

Showing 1 to 15 of 25 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2a03:2880:10ff:40::

🇮🇩 163.7.8.79

🇩🇪 4.184.246.230

🇳🇱 195.178.110.30

🇩🇪 172.68.192.149

🇸🇬 146.190.104.81

🇹🇷 85.111.68.99

🇺🇸 65.49.1.227

🇳🇱 45.156.128.52

🇳🇱 45.148.10.121

🇮🇷 5.237.82.235

🇺🇸 2604:a880:400:d1:0:4:8c0a:9001

🇺🇸 162.216.149.181

🇺🇸 162.216.149.173

🇮🇳 103.21.79.242

🇳🇱 45.148.10.218

🇷🇴 2.57.122.238

🇺🇸 205.210.31.100

🇧🇷 177.137.4.203

🇨🇳 124.223.4.67