JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.252.196.196

104.252.196.196 was found in our database!

This IP was reported 15 times. Confidence of Abuse is 21%: ?

21%

ISP	Subnet Digital LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS59711
Domain Name	subnetdigital.com
Country	🇫🇷 France
City	Marseille, Provence-Alpes-Cote d'Azur

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.252.196.196

Whois 104.252.196.196

IP Abuse Reports for 104.252.196.196:

This IP address has been reported a total of 15 times from 5 distinct sources. 104.252.196.196 was first reported on May 28th 2025, and the most recent report was 18 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 bigorre.org	2026-06-18 10:23:42 (18 hours ago)	Excessive crawling : exceed crawl-delay defined in robots.txt	Bad Web Bot
🇩🇪 EGP Abuse Dept	2026-06-02 06:36:39 (2 weeks ago)	Scanning for web/db/file exploits on tpc-001.mach3builders.nl	SQL Injection Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-01 02:06:48 (2 weeks ago)	(mod_security) mod_security (id:210350) triggered by 104.252.196.196 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210350) triggered by 104.252.196.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 22:06:39.472470 2026] [security2:error] [pid 7571:tid 7618] [client 104.252.196.196:37065] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|ftp.kettlehill.net\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "ftp.kettlehill.net"] [uri "/"] [unique_id "ahzpLwB9GwiQ72im4TcsBQAAAFc"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 Inartis	2026-04-18 18:18:40 (2 months ago)	104.252.196.196 - - [18/Apr/2026:20:18:39 +0200] "GET /admin/logs/error.log HTTP/1.1" 404 3649 "-" " ... show more 104.252.196.196 - - [18/Apr/2026:20:18:39 +0200] "GET /admin/logs/error.log HTTP/1.1" 404 3649 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" ... show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-07 12:35:28 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 104.252.196.196 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 104.252.196.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 07 07:35:24.216776 2026] [security2:error] [pid 18847:tid 18847] [client 104.252.196.196:60391] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.nbcnewsradio.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.nbcnewsradio.com"] [uri "/wp-login.php.bak"] [unique_id "aYcxjK_Rb6-08bdleKUkLQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-01 11:24:18 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 104.252.196.196 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 104.252.196.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 01 06:24:12.948065 2026] [security2:error] [pid 16720:tid 16838] [client 104.252.196.196:59693] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kettlehill.net\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.net"] [uri "/new/newhttp:/example.com"] [unique_id "aX833HgN2ebRaezbXtJCpgAAAUU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-01 05:54:43 (6 months ago)	(mod_security) mod_security (id:212750) triggered by 104.252.196.196 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:212750) triggered by 104.252.196.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 00:53:42.952671 2025] [security2:error] [pid 26090:tid 26455] [client 104.252.196.196:57763] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bon(?:abort\|blur\|change\|click\|dblclick\|dragdrop\|error\|focus\|keydown\|keypress\|keyup\|load\|mouse(?:down\|move\|out\|over\|up)\|move\|readystatechange\|reset\|resize\|select\|submit\|unload)\\\\b[^a-zA-Z0-9_]{0,}?=" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "69"] [id "212750"] [rev "3"] [msg "COMODO WAF: XSS Attack Detected\|\|ftp.kettlehill.net\|F\|2"] [data "Matched Data: onerror= found within REQUEST_URI: /?s=<img src=x onerror=alert(123);>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "ftp.kettlehill.net"] [uri "/"] [unique_id "aS0tZgqR0geke5MRGl4JvgAAAIk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-01 14:41:24 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.252.196.196 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 104.252.196.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 01 10:41:18.971542 2025] [security2:error] [pid 16199:tid 16222] [client 104.252.196.196:49349] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.staging.kettlehill.com"] [uri "/wp-config.php-backup"] [unique_id "aQYcDo48O1Di385V0mCQQQAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-28 22:59:55 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.252.196.196 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 104.252.196.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 18:59:48.961693 2025] [security2:error] [pid 11789:tid 11789] [client 104.252.196.196:55221] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.nbcnewsradio.com"] [uri "/a.htaccess"] [unique_id "aQFK5LxcxGX5PWwsC5XXrwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-22 20:40:18 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 104.252.196.196 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 104.252.196.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 22 16:40:04.571273 2025] [security2:error] [pid 22825:tid 22825] [client 104.252.196.196:59095] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.deandobkin.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.deandobkin.com"] [uri "/admin/logs/error.log"] [unique_id "aNG0JK3_P0MwX9XgzkQv9wAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-01 01:11:03 (9 months ago)	(mod_security) mod_security (id:210730) triggered by 104.252.196.196 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 104.252.196.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 31 21:11:00.255118 2025] [security2:error] [pid 4167172:tid 4167194] [client 104.252.196.196:60201] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.kettlehill.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.com"] [uri "/1.sql"] [unique_id "aLTypOryNSoVQ-6incke1wAAAUk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-06-01 05:36:55 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 104.252.196.196 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 104.252.196.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 01:36:13.906511 2025] [security2:error] [pid 2256135:tid 2256180] [client 104.252.196.196:36729] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.kettlehill.net"] [uri "/wp-config.php.dist"] [unique_id "aDvmza49PdggYnA6bssalgAAAEQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-30 23:37:09 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 104.252.196.196 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 104.252.196.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 30 19:37:04.461380 2025] [security2:error] [pid 821858:tid 821858] [client 104.252.196.196:43781] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.nbcnewsradio.com"] [uri "/wp-config.php.bak"] [unique_id "aDpBIN6Eku8t_68LZe7Q5AAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-28 19:54:10 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 104.252.196.196 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 104.252.196.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 28 15:54:05.446149 2025] [security2:error] [pid 1815968:tid 1815968] [client 104.252.196.196:33141] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|farmers123.com\|F\|2"] [data ".old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "farmers123.com"] [uri "/.ssh/known_hosts.old"] [unique_id "aDdp3T8xhWqCdUc2ZLDZpQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-05-28 04:50:12 (1 year ago)	\| A web attack returned code 200 (success).	Hacking SQL Injection Web App Attack

Showing 1 to 15 of 15 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇷 193.151.133.105

🇪🇸 158.158.104.28

🇲🇾 103.249.87.183

🇫🇷 85.217.140.10

🇲🇾 47.254.192.137

🇳🇱 178.16.53.230

🇫🇮 147.185.133.189

🇺🇸 98.86.147.125

🇺🇸 91.230.168.78

🇫🇷 79.137.67.90

🇺🇸 66.132.186.219

🇺🇸 20.163.5.98

🇮🇪 202.52.252.13

🇨🇳 116.25.249.117

🇰🇷 110.14.190.221

🇫🇷 91.231.89.228

🇨🇦 85.217.149.19

🇬🇧 2a06:4880:8000::97

🇰🇷 220.121.38.45

🇺🇸 216.218.206.107