JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.252.41.254

104.252.41.254 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 0%: ?

ISP	Subnet Digital LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	subnetdigital.com
Country	🇨🇦 Canada
City	Montreal, Quebec

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.252.41.254

Whois 104.252.41.254

IP Abuse Reports for 104.252.41.254:

This IP address has been reported a total of 10 times from 5 distinct sources. 104.252.41.254 was first reported on January 24th 2025, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-01-27 02:58:07 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.252.41.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.252.41.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 26 21:58:00.888919 2026] [security2:error] [pid 16656:tid 16673] [client 104.252.41.254:60457] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kettlehill.kettlehill.com"] [uri "/.env.dev"] [unique_id "aXgpuD4D1upuVdMC6K4MBQAAAE4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-13 10:03:29 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.252.41.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.252.41.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 05:03:26.419860 2025] [security2:error] [pid 12107:tid 12107] [client 104.252.41.254:57169] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.nbcnewsradio.com"] [uri "/.env.development.local"] [unique_id "aRWs7vRG6vVG-cPTvDyQ-AAAACM"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 10dencehispahard SL	2025-08-18 09:38:13 (9 months ago)	WP probing for vulnerabilities	Hacking Exploited Host
🇺🇸 TPI-Abuse	2025-07-03 13:47:13 (11 months ago)	(mod_security) mod_security (id:210492) triggered by 104.252.41.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.252.41.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 03 09:45:14.562782 2025] [security2:error] [pid 13360:tid 13386] [client 104.252.41.254:54405] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whm.kettlehill.net"] [uri "/js../.git/config"] [unique_id "aGaJaqUco3AoK6nd7NE8fQAAAIw"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-06-24 01:45:33 (11 months ago)	Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
🇺🇸 TPI-Abuse	2025-05-29 16:53:23 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 104.252.41.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.252.41.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 12:53:14.924159 2025] [security2:error] [pid 3015463:tid 3015463] [client 104.252.41.254:50401] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.farmers123.com"] [uri "/.env.live"] [unique_id "aDiQ-t__G4lpYJrEmy7yuwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Vincent Helmus	2025-05-16 17:40:19 (1 year ago)	ALL	DNS Compromise DNS Poisoning Fraud Orders DDoS Attack FTP Brute-Force Ping of Death Phishing Fraud VoIP Open Proxy Web Spam Email Spam Blog Spam VPN IP Port Scan Hacking SQL Injection Spoofing Brute-Force Bad Web Bot Exploited Host Web App Attack SSH IoT Targeted
🇺🇸 TPI-Abuse	2025-04-19 05:24:19 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 104.252.41.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.252.41.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 19 01:23:35.140213 2025] [security2:error] [pid 22650:tid 22664] [client 104.252.41.254:42403] [client 104.252.41.254] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "blog.spinningdesigns.com"] [uri "/.env.stage"] [unique_id "aAMzV8LYwl69KqC_78iZYgAAAEs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-02-27 14:14:28 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 104.252.41.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:211190) triggered by 104.252.41.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 27 09:13:18.173676 2025] [security2:error] [pid 21741:tid 21902] [client 104.252.41.254:42979] [client 104.252.41.254] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|staging.kettlehill.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "staging.kettlehill.com"] [uri "/wp-content/plugins/localize-my-post/ajax/include.php"] [unique_id "Z8By_h7OxeypPZlZDbO8agAAAMo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-01-24 18:40:03 (1 year ago)	\| PHPMyAdmin scans (looking for setup.php).	Hacking SQL Injection Web App Attack

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 2a00:1450:4009:c02::128

🇰🇷 221.156.126.1

🇱🇹 62.60.130.241

🇴🇲 37.40.224.180

🇵🇰 223.123.72.2

🇹🇼 192.178.36.149

🇲🇽 186.96.145.241

🇳🇱 185.156.73.233

🇺🇸 172.172.205.219

🇮🇳 152.56.134.73

🇺🇸 144.172.96.139

🇻🇳 42.118.134.249

🇫🇮 34.88.82.94

🇬🇧 194.50.235.136

🇷🇺 176.109.97.11

🇻🇳 171.233.69.119

🇩🇪 165.245.241.104

🇮🇷 164.215.187.123

🇻🇳 160.191.244.158

🇮🇳 117.203.104.74