JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.252.28.94

104.252.28.94 was found in our database!

This IP was reported 11 times. Confidence of Abuse is 14%: ?

14%

ISP	Subnet Digital LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	subnetdigital.com
Country	🇨🇦 Canada
City	Montreal, Quebec

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.252.28.94

Whois 104.252.28.94

IP Abuse Reports for 104.252.28.94:

This IP address has been reported a total of 11 times from 4 distinct sources. 104.252.28.94 was first reported on February 27th 2025, and the most recent report was 6 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 bigorre.org	2026-06-01 10:02:38 (6 days ago)	Excessive crawling : exceed crawl-delay defined in robots.txt	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-01 02:14:14 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 104.252.28.94 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.252.28.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 22:13:55.849483 2026] [security2:error] [pid 12707:tid 12714] [client 104.252.28.94:47295] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kettlehill.net"] [uri "/_.htaccess"] [unique_id "ahzq4_r1zQOtbkd9viUpxAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 HandyTreff.de	2026-02-24 17:53:10 (3 months ago)	Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -40.216 (Bad < -10 / Very Bad < -20 ... show more Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -40.216 (Bad < -10 / Very Bad < -20 / Extreme < -35) \| UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Sa show less	Web App Attack Bad Web Bot
🇺🇸 TPI-Abuse	2026-01-17 06:43:46 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.252.28.94 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.252.28.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 01:43:38.688591 2026] [security2:error] [pid 6827:tid 6827] [client 104.252.28.94:34605] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/htaccess_for_page_not_found_redirects.htaccess"] [unique_id "aWsvmvjQwtyckogD_ndGZgAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 21:35:58 (5 months ago)	(mod_security) mod_security (id:221260) triggered by 104.252.28.94 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:221260) triggered by 104.252.28.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 16:35:50.596702 2025] [security2:error] [pid 21673:tid 21691] [client 104.252.28.94:35123] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|webdisk.kettlehill.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.kettlehill.net"] [uri "/cgi-bin/status/status.cgi"] [unique_id "aVL0NtoKFoxlNLdnJRxiuQAAAE8"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-01 06:48:57 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.252.28.94 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.252.28.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 01:48:47.816953 2025] [security2:error] [pid 27471:tid 27490] [client 104.252.28.94:56509] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.kettlehill.net"] [uri "/.env.save"] [unique_id "aS06T3LXOKC0tXS7y0kzpgAAAII"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-12 07:55:23 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 104.252.28.94 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 104.252.28.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 12 02:55:15.991976 2025] [security2:error] [pid 6588:tid 6588] [client 104.252.28.94:53191] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.nbcnewsradio.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.nbcnewsradio.com"] [uri "/admin/log/error.log"] [unique_id "aRQ9Y-hZAEtF81xvT1MjXwAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-27 01:21:48 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 104.252.28.94 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.252.28.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 21:21:41.665085 2025] [security2:error] [pid 729657:tid 729716] [client 104.252.28.94:47295] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.kettlehill.com"] [uri "/css../.git/config"] [unique_id "aIV_JRUVDjlJfvQpjEI_WwAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-30 04:13:30 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 104.252.28.94 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 104.252.28.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 30 00:13:25.988636 2025] [security2:error] [pid 4056475:tid 4056475] [client 104.252.28.94:49323] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|farmers123.com\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "farmers123.com"] [uri "/file=http:/example.com"] [unique_id "aDkwZaqGdY0xLL971q6JrgAAACU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-04-19 05:25:32 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 104.252.28.94 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:211190) triggered by 104.252.28.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 19 01:24:41.049142 2025] [security2:error] [pid 22650:tid 22659] [client 104.252.28.94:36377] [client 104.252.28.94] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|www.blog.spinningdesigns.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "blog.spinningdesigns.com"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "aAMzmcLYwl69KqC_78iZ9gAAAEY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-02-27 17:30:21 (1 year ago)	\| A web attack returned code 200 (success).	Hacking SQL Injection Web App Attack

Showing 1 to 11 of 11 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 194.195.210.47

🇸🇬 178.128.123.153

🇧🇷 131.161.249.165

🇧🇷 45.171.154.14

🇷🇴 2.57.122.177

🇺🇸 2604:a880:400:d1:0:4:8c0b:8001

🇰🇷 218.149.228.170

🇬🇧 185.216.145.182

🇮🇳 182.78.151.234

🇸🇬 168.138.188.55

🇺🇸 17.241.75.211

🇰🇷 211.37.174.62

🇳🇱 178.16.54.22

🇷🇺 176.109.97.11

🇳🇱 86.54.31.36

🇩🇪 51.75.64.35

🇮🇳 20.244.18.126

🇮🇩 182.253.156.173

🇰🇷 118.32.221.50

🇮🇱 109.67.163.132