JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.239.97.65

104.239.97.65 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 0%: ?

ISP	FASTPLANET LTD
Usage Type	Data Center/Web Hosting/Transit
ASN	AS149428
Domain Name	fastplanet.com
Country	🇦🇺 Australia
City	Sydney, New South Wales

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.239.97.65

Whois 104.239.97.65

IP Abuse Reports for 104.239.97.65:

This IP address has been reported a total of 12 times from 5 distinct sources. 104.239.97.65 was first reported on September 5th 2023, and the most recent report was 5 months ago.

Old Reports: The most recent abuse report for this IP address is from 5 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2025-12-29 18:46:48 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.239.97.65 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.239.97.65 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 13:46:45.037408 2025] [security2:error] [pid 22842:tid 23026] [client 104.239.97.65:41215] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.kettlehill.com"] [uri "/sftp-config.json"] [unique_id "aVLMlVKoonkfA7MmLZf8bwAAARQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-14 01:59:45 (6 months ago)	Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
🇺🇸 TPI-Abuse	2025-11-13 11:50:26 (6 months ago)	(mod_security) mod_security (id:218420) triggered by 104.239.97.65 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:218420) triggered by 104.239.97.65 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 06:50:22.858696 2025] [security2:error] [pid 13052:tid 13052] [client 104.239.97.65:36379] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|ftp.nbcnewsradio.com\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "ftp.nbcnewsradio.com"] [uri "/cgi-bin/php-cgi.exe"] [unique_id "aRXF_klYVs-_5jCqpHkm7QAAAB8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-27 01:13:31 (10 months ago)	(mod_security) mod_security (id:212750) triggered by 104.239.97.65 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:212750) triggered by 104.239.97.65 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 21:13:26.777918 2025] [security2:error] [pid 653296:tid 653320] [client 104.239.97.65:35131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bon(?:abort\|blur\|change\|click\|dblclick\|dragdrop\|error\|focus\|keydown\|keypress\|keyup\|load\|mouse(?:down\|move\|out\|over\|up)\|move\|readystatechange\|reset\|resize\|select\|submit\|unload)\\\\b[^a-zA-Z0-9_]{0,}?=" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "69"] [id "212750"] [rev "3"] [msg "COMODO WAF: XSS Attack Detected\|\|staging.kettlehill.com\|F\|2"] [data "Matched Data: onerror= found within REQUEST_URI: /?s=<img src=x onerror=alert(123);>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "staging.kettlehill.com"] [uri "/"] [unique_id "aIV9Nr5epZI5Xx2m9sk-0gAAAUw"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-06-23 16:11:08 (11 months ago)	Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
🇺🇸 TPI-Abuse	2025-05-30 00:33:40 (1 year ago)	(mod_security) mod_security (id:221260) triggered by 104.239.97.65 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:221260) triggered by 104.239.97.65 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 20:33:36.838075 2025] [security2:error] [pid 3850820:tid 3850820] [client 104.239.97.65:59843] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|webdisk.farmers123.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.farmers123.com"] [uri "/test.cgi"] [unique_id "aDj84CYJqSy17zk7O_P5UwAAAAc"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-03-29 08:39:27 (1 year ago)	Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
Anonymous	2025-02-28 18:20:03 (1 year ago)	\| A web attack returned code 200 (success).	Hacking SQL Injection Web App Attack
🇺🇸 ChamberofCommerce.com	2023-11-06 01:09:39 (2 years ago)	Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested ... show more Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested Before Block:226 show less	Bad Web Bot
🇺🇸 ChamberofCommerce.com	2023-11-02 04:31:48 (2 years ago)	Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested ... show more Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested Before Block:227 show less	Bad Web Bot
🇺🇸 ChamberofCommerce.com	2023-10-30 23:48:15 (2 years ago)	Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested ... show more Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested Before Block:226 show less	Bad Web Bot
Anonymous	2023-09-05 09:16:15 (2 years ago)		Web App Attack

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 221.153.118.173

🇬🇧 195.140.214.27

🇺🇸 192.3.206.66

🇻🇳 116.110.159.36

🇭🇰 103.149.26.43

🇱🇹 81.30.98.144

🇨🇳 58.212.237.8

🇳🇱 45.156.128.103

🇳🇱 45.156.128.102

🇨🇳 223.85.54.40

🇺🇸 207.241.173.59

🇭🇺 188.36.7.196

🇨🇳 116.30.125.141

🇹🇷 85.108.197.219

🇸🇬 47.84.105.165

🇫🇮 46.8.64.51

🇳🇱 45.156.128.101

🇰🇷 39.117.79.36

🇧🇪 35.210.61.208

🇨🇳 14.103.127.80