JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.239.43.45

104.239.43.45 was found in our database!

This IP was reported 26 times. Confidence of Abuse is 0%: ?

ISP	FASTPLANET LTD
Usage Type	Fixed Line ISP
ASN	AS202044
Domain Name	fastplanet.com
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.239.43.45

Whois 104.239.43.45

IP Abuse Reports for 104.239.43.45:

This IP address has been reported a total of 26 times from 8 distinct sources. 104.239.43.45 was first reported on October 30th 2023, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Lino Project	2026-05-03 18:52:34 (1 month ago)	CrowdSec abuse IP report (host SRV-2) Scenario: crowdsecurity/http-bad-user-agent	Hacking
🇺🇸 TPI-Abuse	2026-01-16 23:28:29 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 104.239.43.45 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 104.239.43.45 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 18:28:22.228849 2026] [security2:error] [pid 16652:tid 16652] [client 104.239.43.45:33277] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.nbcnewsradio.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.nbcnewsradio.com"] [uri "/www.db"] [unique_id "aWrJlgEMdW8tDbLen9Cq1gAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 17:37:39 (5 months ago)	(mod_security) mod_security (id:211190) triggered by 104.239.43.45 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:211190) triggered by 104.239.43.45 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 12:36:52.331958 2025] [security2:error] [pid 27849:tid 28203] [client 104.239.43.45:49583] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|www.kettlehill.net\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /cgi-bin/mainfunction.cgi/apmcfgupload?session=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx0.%52$c%52$ccat${IFS}/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kettlehill.net"] [uri "/cgi-bin/mainfunction.cgi/apmcfgupload"] [unique_id "aVK8NFQ7a22kNO2lY86fRAAAAMM"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-14 08:51:54 (7 months ago)	Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
🇺🇸 TPI-Abuse	2025-11-13 11:31:45 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.239.43.45 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.239.43.45 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 06:31:39.636913 2025] [security2:error] [pid 25159:tid 25159] [client 104.239.43.45:37443] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.nbcnewsradio.com"] [uri "/.env.stage"] [unique_id "aRXBm5tHaRysAfaKZW7h9QAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-22 20:45:31 (8 months ago)	(mod_security) mod_security (id:210492) triggered by 104.239.43.45 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.239.43.45 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 22 16:45:25.498878 2025] [security2:error] [pid 15823:tid 15823] [client 104.239.43.45:57799] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.deandobkin.com"] [uri "/.env.live"] [unique_id "aNG1Ze40qyIsQiliaH_PxgAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-27 00:21:26 (10 months ago)	(mod_security) mod_security (id:212620) triggered by 104.239.43.45 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:212620) triggered by 104.239.43.45 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 20:21:14.280336 2025] [security2:error] [pid 172224:tid 172363] [client 104.239.43.45:58305] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|ftp.kettlehill.net\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /wpdmpro/list-packages/?orderby=title\\x22><script>alert(1)</script>&order=asc"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "ftp.kettlehill.net"] [uri "/wpdmpro/list-packages/"] [unique_id "aIVw-vsl9f9qGESiG9bP_QAAAAg"], referer: http://ftp.kettlehill.net/wpdmpro/list-packages/?orderby=title%22%3E%3Cscript%3Ealert(1)%3C/script%3E&order=asc show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-30 04:51:19 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 104.239.43.45 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.239.43.45 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 30 00:51:14.528446 2025] [security2:error] [pid 4095861:tid 4095861] [client 104.239.43.45:55113] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.farmers123.com"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "aDk5QhGj52skZC2NlZ_swQAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-04-19 05:24:42 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 104.239.43.45 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 104.239.43.45 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 19 01:24:03.035281 2025] [security2:error] [pid 22650:tid 22672] [client 104.239.43.45:33647] [client 104.239.43.45] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.blog.spinningdesigns.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "blog.spinningdesigns.com"] [uri "/admin/errors.log"] [unique_id "aAMzc8LYwl69KqC_78iZpAAAAFM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-02-27 14:26:23 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 104.239.43.45 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 104.239.43.45 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 27 09:26:17.890894 2025] [security2:error] [pid 12804:tid 12913] [client 104.239.43.45:49167] [client 104.239.43.45] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kettlehill.net\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.net"] [uri "/footer.php.bak"] [unique_id "Z8B2CWEh_l93Ydjtj_6hywAAAVU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-01-26 03:50:12 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack
Anonymous	2024-11-22 13:24:57 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-11-15 12:54:08 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-11-08 12:49:58 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
Anonymous	2024-11-01 11:20:44 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot

Showing 1 to 15 of 26 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 195.184.76.134

🇺🇸 179.61.232.244

🇮🇩 160.187.174.22

🇦🇹 152.53.0.56

🇲🇾 115.135.234.221

🇩🇪 213.209.159.231

🇳🇱 185.224.128.16

🇮🇳 182.95.150.186

🇳🇱 176.65.148.215

🇮🇩 103.154.231.122

🇩🇪 69.5.169.165

🇩🇿 41.110.4.106

🇰🇷 175.207.205.249

🇸🇦 144.24.209.174

🇭🇰 125.215.199.37

🇺🇸 104.23.203.148

🇳🇱 91.92.42.86

🇳🇱 91.92.40.52

🇨🇳 61.146.235.54

🇳🇱 51.15.81.150