JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.196.53.2

104.196.53.2 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 89%: ?

89%

ISP	Google LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396982
Hostname(s)	2.53.196.104.bc.googleusercontent.com
Domain Name	google.com
Country	🇺🇸 United States of America
City	North Charleston, South Carolina

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.196.53.2

Whois 104.196.53.2

IP Abuse Reports for 104.196.53.2:

This IP address has been reported a total of 16 times from 15 distinct sources. 104.196.53.2 was first reported on June 13th 2026, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 Savvii	2026-06-15 07:36:40 (2 hours ago)	20 attempts against mh-misbehave-ban on ficus	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 03:59:23 (5 hours ago)	(mod_security) mod_security (id:210492) triggered by 104.196.53.2 (2.53.196.104.bc.googleusercontent ... show more (mod_security) mod_security (id:210492) triggered by 104.196.53.2 (2.53.196.104.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 23:59:15.049831 2026] [security2:error] [pid 12293:tid 12293] [client 104.196.53.2:58688] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jeffhinkley.com"] [uri "/.env.local"] [unique_id "ai94k00X4b1bnlpMgNAzBAAAACI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-15 02:05:49 (7 hours ago)	Scanning/Probing (28)	Brute-Force Web App Attack
Anonymous	2026-06-15 01:09:37 (8 hours ago)	Aggressive web scan	Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 00:31:04 (9 hours ago)	(mod_security) mod_security (id:210492) triggered by 104.196.53.2 (2.53.196.104.bc.googleusercontent ... show more (mod_security) mod_security (id:210492) triggered by 104.196.53.2 (2.53.196.104.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 20:30:58.573384 2026] [security2:error] [pid 25927:tid 26011] [client 104.196.53.2:56802] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "inkandthreadllc.com"] [uri "/.env.local"] [unique_id "ai9HwhwAJM5trOnT7S0MVgAAAdE"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇷 Halux	2026-06-14 22:48:27 (10 hours ago)	104.196.53.2 Probing protected path or service	Web App Attack
🇸🇬 securejdprop	2026-06-14 21:12:00 (12 hours ago)	This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(🐾 - 🔔 Many TCP/SYN ... show more This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(🐾 - 🔔 Many TCP/SYN - Possible Masscan Network Service Discovery 🥷 - T1046). Ip 104.196.53.2 performed 'crowdsecurity/suricata-major-severity' (1 events over 0s) at 2026-06-14 21:11:58.976702528 +0000 UTC show less	Hacking Web App Attack
🇫🇷 dynamix	2026-06-14 19:53:03 (13 hours ago)	Multiple WAF Violations	Web App Attack
🇩🇪 bluematrix	2026-06-14 16:01:03 (17 hours ago)	crowdsecurity/http-sensitive-files - Ip 104.196.53.2 performed 'crowdsecurity/http-sensitive-files' ... show more crowdsecurity/http-sensitive-files - Ip 104.196.53.2 performed 'crowdsecurity/http-sensitive-files' (5 events over 222.424072ms) at 2026-06-14 16:01:03.841587517 +0000 UTC show less	Port Scan Hacking Brute-Force Web App Attack
🇩🇪 Nevermind	2026-06-14 10:03:49 (23 hours ago)	104.196.53.2 - - [14/Jun/2026:12:03:48 +0200] "GET /.env.docker HTTP/1.1" 403 6299 "-" "Mozilla/5.0 ... show more 104.196.53.2 - - [14/Jun/2026:12:03:48 +0200] "GET /.env.docker HTTP/1.1" 403 6299 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" 104.196.53.2 - - [14/Jun/2026:12:03:48 +0200] "GET /api/.env.staging HTTP/1.1" 403 6299 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.0 Safari/532.5" 104.196.53.2 - - [14/Jun/2026:12:03:48 +0200] "GET /api/.env.dev HTTP/1.1" 403 6299 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; Media Center PC 6.0; InfoPath.3; MS-RTC LM 8; Zune 4.7)" 104.196.53.2 - - [14/Jun/2026:12:03:48 +0200] "GET /api/.env.bak HTTP/1.1" 403 6299 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/76.0.3809.81 Mobile/15E148 Safari/605.1" ... show less	Web App Attack
Anonymous	2026-06-14 06:52:22 (1 day ago)	104.196.53.2 - - [14/Jun/2026:01:52:22 -0500] "GET /.env.testing HTTP/1.1" 403 199 "-" "Mozilla/5.0 ... show more 104.196.53.2 - - [14/Jun/2026:01:52:22 -0500] "GET /.env.testing HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Linux; Android 9; POT-LX1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.101 Mobile Safari/537.36" 104.22.24.187 104.196.53.2 - - [14/Jun/2026:01:52:22 -0500] "GET /.env.local.bak HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US) AppleWebKit/125.4 (KHTML, like Gecko, Safari) OmniWeb/v563.15" 104.22.24.187 104.196.53.2 - - [14/Jun/2026:01:52:22 -0500] "GET /.env.sample HTTP/1.1" 403 199 "-" "msnbot/0.11 ( http://search.msn.com/msnbot.htm)" 104.22.24.187 104.196.53.2 - - [14/Jun/2026:01:52:22 -0500] "GET /.env.old HTTP/1.1" 403 199 "-" "Mozilla/5.0 (compatible; Konqueror/4.5; NetBSD 5.0.2; X11; amd64; en_US) KHTML/4.5.4 (like Gecko)" 104.22.1.232 104.196.53.2 - - [14/Jun/2026:01:52:22 -0500] "GET /.env.dev HTTP/1.1" 403 199 "-" "Mozilla/5.0 (X11; Linux) KHTML/4.9.1 (like Gecko) Konqueror/4.9" 104.22.56.184 104.196.53.2 - - [14/Jun/2026:01:52:22 -0500] "GET / ... show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 zynex	2026-06-14 04:07:22 (1 day ago)	URL Probing: /app/.env	Web App Attack
Anonymous	2026-06-14 03:30:26 (1 day ago)	Multiple web server 400 error codes from same source ip	Web App Attack
🇩🇪 FeG Deutschland	2026-06-14 02:27:22 (1 day ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇮🇹 VHosting	2026-06-14 02:20:04 (1 day ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 66.132.172.242

🇧🇷 34.95.239.245

🇬🇧 217.154.42.110

🇳🇱 195.178.110.104

🇳🇱 195.178.110.30

🇺🇸 146.88.241.158

🇻🇳 103.81.87.161

🇸🇪 95.155.194.123

🇨🇳 43.248.108.72

🇨🇱 34.176.86.176

🇺🇸 24.101.212.107

🇺🇸 2604:a880:400:d1:0:4:9623:7001

🇲🇽 189.240.44.9

🇲🇽 187.230.190.69

🇺🇸 154.92.23.249

🇷🇴 80.94.92.164

🇩🇪 69.5.169.91

🇬🇧 45.82.76.133

🇮🇳 34.47.134.30

🇺🇸 4.157.250.195