JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.239.81.57

104.239.81.57 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 0%: ?

ISP	FASTPLANET LTD
Usage Type	Data Center/Web Hosting/Transit
ASN	AS205659
Domain Name	fastplanet.com
Country	🇺🇸 United States of America
City	Dallas, Texas

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.239.81.57

Whois 104.239.81.57

IP Abuse Reports for 104.239.81.57:

This IP address has been reported a total of 21 times from 9 distinct sources. 104.239.81.57 was first reported on October 31st 2023, and the most recent report was 9 months ago.

Old Reports: The most recent abuse report for this IP address is from 9 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 SCHAPPY	2025-08-08 22:50:02 (9 months ago)	IP was involved in L7 DDoS attack.	DDoS Attack
🇩🇪 Alejandro Docasar	2024-11-28 12:13:40 (1 year ago)		Web App Attack
🇩🇪 ps-center	2024-11-27 08:14:56 (1 year ago)	SS1: Web Attack GET /wp-config.php.dist	Web Spam Hacking Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-10-27 02:36:35 (1 year ago)	(mod_security) mod_security (id:221260) triggered by 104.239.81.57 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:221260) triggered by 104.239.81.57 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 26 22:34:47.263699 2024] [security2:error] [pid 12714:tid 12868] [client 104.239.81.57:59391] [client 104.239.81.57] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|autoconfig.kettlehill.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autoconfig.kettlehill.com"] [uri "/cgi-bin/status"] [unique_id "Zx2mx8Qgf9D2avDXGrUW7QAAAAI"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-09-04 05:10:32 (1 year ago)	(mod_security) mod_security (id:212750) triggered by 104.239.81.57 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:212750) triggered by 104.239.81.57 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 04 01:10:28.931801 2024] [security2:error] [pid 17108:tid 17108] [client 104.239.81.57:50847] [client 104.239.81.57] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bon(?:abort\|blur\|change\|click\|dblclick\|dragdrop\|error\|focus\|keydown\|keypress\|keyup\|load\|mouse(?:down\|move\|out\|over\|up)\|move\|readystatechange\|reset\|resize\|select\|submit\|unload)\\\\b[^a-zA-Z0-9_]{0,}?=" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "72"] [id "212750"] [rev "3"] [msg "COMODO WAF: XSS Attack Detected\|\|mail.stdavids-media.com\|F\|2"] [data "Matched Data: onload= found within REQUEST_URI: /?key='>\\x22<svg/onload=confirm('xss')>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "mail.stdavids-media.com"] [uri "/"] [unique_id "ZtfrxBmrqXKnHBiR_k7GQwAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-07-27 20:22:43 (1 year ago)	(mod_security) mod_security (id:212620) triggered by 104.239.81.57 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:212620) triggered by 104.239.81.57 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 27 16:22:36.555481 2024] [security2:error] [pid 22440:tid 22490] [client 104.239.81.57:36911] [client 104.239.81.57] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|kettlehill.kettlehill.com\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /ma1ljrba\\x22><script>alert(document.domain)</script>/..cfide/wizards/common/_authenticatewizarduser.cfm"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "kettlehill.kettlehill.com"] [uri "/ma1lJrBA\\"><script>alert(document.domain)</script>/..CFIDE/wizards/common/_authenticatewizarduser.cfm"] [unique_id "ZqVXDBUtUDUbeeZ7GhUWZwAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ps-center	2024-07-16 00:50:08 (1 year ago)	SS1: Web Attack GET /public/plugins/alertlist/../../../../../../../../../../../../../../../../../../ ... show more SS1: Web Attack GET /public/plugins/alertlist/../../../../../../../../../../../../../../../../../../../etc/passwd show less	Web Spam Hacking Bad Web Bot Web App Attack
🇩🇪 dayda.net	2024-07-13 14:24:57 (1 year ago)	query: ../../../../../../../../etc/passwd	Bad Web Bot
🇪🇸 10dencehispahard SL	2024-06-27 16:08:28 (1 year ago)	Unauthorized login attempts [ accesslogs]	Brute-Force
🇺🇸 TPI-Abuse	2024-05-15 01:52:56 (2 years ago)	(mod_security) mod_security (id:210492) triggered by 104.239.81.57 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.239.81.57 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 14 21:52:49.805028 2024] [security2:error] [pid 20072:tid 47952269375232] [client 104.239.81.57:38541] [client 104.239.81.57] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.kettlehill.net"] [uri "/.env.prod"] [unique_id "ZkQVcZM3wD4Fbah2IMwxaQAAAcY"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 10dencehispahard SL	2024-05-08 07:00:43 (2 years ago)	Unauthorized login attempts []	Brute-Force
🇪🇸 10dencehispahard SL	2024-05-08 06:18:20 (2 years ago)	Web Attack	DDoS Attack Brute-Force Web App Attack
🇪🇸 10dencehispahard SL	2024-03-27 07:00:25 (2 years ago)	Unauthorized login attempts [ BI-16635]	Brute-Force
🇪🇸 10dencehispahard SL	2024-03-27 06:45:31 (2 years ago)	WP scan	Web App Attack
Anonymous	2024-02-27 23:30:09 (2 years ago)	\| A web attack returned code 200 (success).	Hacking SQL Injection Web App Attack

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 2800:1e0:1080:9:9999::3

🇹🇼 198.235.24.87

🇳🇱 185.226.197.60

🇺🇸 172.191.178.196

🇦🇹 156.146.60.140

🇳🇱 89.190.156.8

🇨🇳 58.19.83.2

🇺🇸 20.168.0.135

🇹🇼 198.235.24.125

🇨🇴 190.157.13.210

🇺🇸 162.216.150.206

🇨🇳 162.14.114.97

🇧🇩 161.248.201.12

🇮🇳 139.59.59.165

🇨🇳 119.188.3.165

🇨🇳 112.123.17.242

🇨🇳 112.46.212.232

🇺🇸 104.243.42.167

🇺🇸 91.230.168.239

🇷🇴 80.94.92.167