IP info including ISP, Usage Type, and Location provided
by IPInfo. Updated weekly.
Important Note: 104.23.217.118 is an IP address from within
our whitelist belonging to the subnet
104.16.0.0/13,
which we identify as: "Cloudflare Reverse Proxy".
Whitelisted netblocks are typically owned by trusted entities, such as Google
or Microsoft who may use them for search engine spiders. However, these same entities
sometimes also provide cloud servers and mail services which are easily abused. Pay special
attention when trusting or distrusting these IPs.
This IP address has been reported a total of
47
times from
21 distinct
sources.
104.23.217.118 was first reported on
, and the most recent report was
.
Old Reports:
The most recent abuse report for this IP address is from
. It is possible that this IP is no longer involved in abusive activities.
Automated WordPress exploit probe caught via honeydomain infrastructure. Bot used http://dispensight ...
show moreAutomated WordPress exploit probe caught via honeydomain infrastructure. Bot used http://dispensight.health / dispensight.info/wp-admin/install.php?step=1 as User-Agent β revealing itself by probing what it believed was a WordPress install. Honeydomain is operator-controlled bait; this IP is a confirmed malicious WordPress scanner. Cloudflare proxy. No legitimate traffic expected from this pattern.
show less
[Zorvexus edge-defense] Edge-block (probe URI / bad UA / hostile vhost)
Trigger: 1Γ edge-block in 10 ...
show more[Zorvexus edge-defense] Edge-block (probe URI / bad UA / hostile vhost)
Trigger: 1Γ edge-block in 10m window.
Origin: SE / AS13335 Cloudflare, Inc.
Active: 06:47:22 UTC
Volume: 1 HTTP req
Probed: /wp-admin/install.php?step=1
Status mix: 444Γ1
UA: "http://ztx-lab.com/wp-admin/install.php?step=1"
Auto-banned 30d. zorvexus-banner.
show less
Bad Web Bot
Web App Attack
Anonymous
Probing for known exploit paths (.env, .git, wp-admin, shell files, etc.). Single-strike ban policy ...
show moreProbing for known exploit paths (.env, .git, wp-admin, shell files, etc.). Single-strike ban policy β zero tolerance for exploit scanning. Banned May 13, 00:16 UTC. Origin: Sweden, Stockholm.
show less
Hacking
Bad Web Bot
Web App Attack
Anonymous
(caddyscan) Scanner path probe from 104.23.217.118 (SE/Sweden/-): 5 in the last 3600 secs; Ports: *; ...
show more(caddyscan) Scanner path probe from 104.23.217.118 (SE/Sweden/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 104.23.217.118 - - [12/May/2026:18:52:49 +0000] "GET /.git/config HTTP/1.1"
[REDACTED] 200 2627 104.23.217.118 - - [12/May/2026:18:58:06 +0000] "GET /.git/config HTTP/1.1"
[REDACTED] 200 2627 104.23.217.118 - - [12/May/2026:19:33:27 +0000] "GET /.git/config HTTP/1.1"
[REDACTED] 200 2627 104.23.217.118 - - [12/May/2026:19:34:00 +0000] "GET /.git/config HTTP/1.1"
[REDACTED] 200 2627 104.23.217.118 - - [12/May/2026:19:34:12 +0000] "GET /.git/config HTTP/1.1"
show less