JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.154.116.248

104.154.116.248 was found in our database!

This IP was reported 25 times. Confidence of Abuse is 74%: ?

74%

ISP	Google LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396982
Hostname(s)	248.116.154.104.bc.googleusercontent.com
Domain Name	google.com
Country	🇺🇸 United States of America
City	Council Bluffs, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.154.116.248

Whois 104.154.116.248

IP Abuse Reports for 104.154.116.248:

This IP address has been reported a total of 25 times from 15 distinct sources. 104.154.116.248 was first reported on June 8th 2026, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 masterguru	2026-06-11 00:51:07 (4 days ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 104.154.116.248 (US/United States/248.116.154. ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 104.154.116.248 (US/United States/248.116.154.104.bc.googleusercontent.com): 1 in the last 3600 secs (0-195) show less	Hacking
🇳🇱 homeshowdomain.nl	2026-06-09 21:59:18 (5 days ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-08. show less	Web App Attack SSH Hacking
🇫🇷 masterguru	2026-06-09 05:44:04 (6 days ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 104.154.116.248 (US/United States/248.116.154. ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 104.154.116.248 (US/United States/248.116.154.104.bc.googleusercontent.com): 1 in the last 3600 secs (0-196) show less	Hacking
🇳🇱 homeshowdomain.nl	2026-06-08 22:01:10 (6 days ago)	Auto-ban: >3000 req/min op 2026-06-08	Web App Attack SSH Hacking
🇩🇪 FeG Deutschland	2026-06-08 20:01:53 (6 days ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇫🇮 as211431.net	2026-06-08 19:24:26 (6 days ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /.git/config UA: Gulper Web Bot 0.2.4 (www.ecsl.cs.sunysb.edu/~maxim/cgi-bin/Link/GulperBot) This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇬🇧 Oakley	2026-06-08 19:22:24 (6 days ago)	(confirmed_bot_sig) Confirmed bot	Hacking
🇺🇸 TPI-Abuse	2026-06-08 16:55:19 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 104.154.116.248 (248.116.154.104.bc.googleuserc ... show more (mod_security) mod_security (id:210492) triggered by 104.154.116.248 (248.116.154.104.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 12:55:14.518112 2026] [security2:error] [pid 24177:tid 24177] [client 104.154.116.248:39740] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.slampools.com"] [uri "/.git/config"] [unique_id "aibz8rAwUTSsB4z55-PUCgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇹 NotACaptcha	2026-06-08 15:45:26 (1 week ago)	webserver:443 [08/Jun/2026] "GET /.git/config HTTP/1.1" 302 4266 "-" "Mozilla/5.0 (Windows Phone 8. ... show more webserver:443 [08/Jun/2026] "GET /.git/config HTTP/1.1" 302 4266 "-" "Mozilla/5.0 (Windows Phone 8.1; ARM; Trident/7.0; Touch; rv:11.0; IEMobile/11.0; NOKIA; Lumia 530) like Gecko" show less	Web App Attack
🇺🇸 NXTwoThou	2026-06-08 09:58:38 (1 week ago)	/.git/config	Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 09:58:08 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 104.154.116.248 (248.116.154.104.bc.googleuserc ... show more (mod_security) mod_security (id:210492) triggered by 104.154.116.248 (248.116.154.104.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 05:58:04.329516 2026] [security2:error] [pid 6921:tid 6921] [client 104.154.116.248:47658] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "darkcodeverse.com"] [uri "/.git/config"] [unique_id "aiaSLNoErY9f5kced6ciVwAAAFA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 09:37:43 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 104.154.116.248 (248.116.154.104.bc.googleuserc ... show more (mod_security) mod_security (id:210492) triggered by 104.154.116.248 (248.116.154.104.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 05:37:35.877670 2026] [security2:error] [pid 31725:tid 31725] [client 104.154.116.248:57878] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ww-bbs.com"] [uri "/.git/config"] [unique_id "aiaNX1YB08R_r-QLdHsjXAAAAIo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 09:08:58 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 104.154.116.248 (248.116.154.104.bc.googleuserc ... show more (mod_security) mod_security (id:210492) triggered by 104.154.116.248 (248.116.154.104.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 05:08:53.696927 2026] [security2:error] [pid 7220:tid 7245] [client 104.154.116.248:37608] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bullfrogsmusic.com"] [uri "/.git/config"] [unique_id "aiaGpbZJ5OOKwAwJ7ZjpxQAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 strxmpp	2026-06-08 08:01:57 (1 week ago)	104.154.116.248 - - [08/Jun/2026:10:01:56 +0200] "GET /.git/config HTTP/1.1" 404 495 "-" "Mozilla/5. ... show more 104.154.116.248 - - [08/Jun/2026:10:01:56 +0200] "GET /.git/config HTTP/1.1" 404 495 "-" "Mozilla/5.0 (Linux; Android 9; SM-A530W) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36" ... show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-08 08:00:12 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 104.154.116.248 (248.116.154.104.bc.googleuserc ... show more (mod_security) mod_security (id:210492) triggered by 104.154.116.248 (248.116.154.104.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 04:00:07.677982 2026] [security2:error] [pid 30746:tid 30746] [client 104.154.116.248:55364] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "3905ccn.us.3905ccn.org"] [uri "/.git/config"] [unique_id "aiZ2h7xMhvtx7BOg4JnmRgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 25 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 211.216.58.204

🇲🇾 211.24.107.72

🇩🇪 194.88.98.108

🇮🇹 185.31.65.66

🇮🇩 182.11.130.85

🇳🇱 176.65.131.188

🇺🇸 167.172.152.94

🇺🇸 135.233.96.197

🇹🇼 114.34.106.146

🇮🇹 89.107.107.3

🇺🇸 46.202.68.96

🇺🇸 44.220.188.31

🇵🇰 223.123.73.76

🇰🇷 211.253.9.49

🇧🇷 201.71.192.108

🇧🇪 188.93.112.20

🇻🇳 183.91.11.36

🇵🇪 179.6.0.62

🇰🇿 178.91.5.230

🇺🇸 172.202.113.3