JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.157.243

104.28.157.243 was found in our database!

This IP was reported 60 times. Confidence of Abuse is 16%: ?

16%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇺🇸 United States of America
City	Reston, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.157.243

Whois 104.28.157.243

IP Abuse Reports for 104.28.157.243:

This IP address has been reported a total of 60 times from 46 distinct sources. 104.28.157.243 was first reported on November 5th 2024, and the most recent report was 10 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-07 14:21:35 (10 minutes ago)	(mod_security) mod_security (id:210492) triggered by 104.28.157.243 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.157.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 10:21:28.376616 2026] [security2:error] [pid 16420:tid 16420] [client 104.28.157.243:34294] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.actionplanner.xyz"] [uri "/.env.bak"] [unique_id "aiV-aNqlPUOE2FMVtcJ9kwAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 12:10:56 (2 hours ago)	(mod_security) mod_security (id:210492) triggered by 104.28.157.243 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.157.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 08:10:48.664753 2026] [security2:error] [pid 16385:tid 16385] [client 104.28.157.243:33398] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.forwardfusion.co"] [uri "/config/.env"] [unique_id "aiVfyDjjMfiwGtEKYp_V2QAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 09:32:00 (4 hours ago)	(mod_security) mod_security (id:210492) triggered by 104.28.157.243 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.157.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 05:31:53.423501 2026] [security2:error] [pid 7704:tid 7704] [client 104.28.157.243:34688] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "genesis7.co"] [uri "/web/.env"] [unique_id "aiU6ienaExSV7jz4mxh9fwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 08:55:34 (5 hours ago)	(mod_security) mod_security (id:210492) triggered by 104.28.157.243 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.157.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 04:55:27.984184 2026] [security2:error] [pid 28987:tid 28987] [client 104.28.157.243:32267] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.garanta.co"] [uri "/.env.backup"] [unique_id "aiUx_7I6E-Khqk_Q6X-cSwAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 VHosting	2026-04-26 09:50:46 (1 month ago)	Detected attack and reported by a human	Brute-Force Web App Attack SSH DDoS Attack Exploited Host Bad Web Bot
🇨🇭 backslash	2026-04-20 20:54:24 (1 month ago)		DDoS Attack
🇫🇷 smtp.com.es	2026-03-11 03:38:50 (2 months ago)	Brute force attempt.	Brute-Force Email Spam
🇨🇿 lp	2026-01-07 19:21:56 (4 months ago)	Email account brute force: 1 attempts were recorded from 104.28.157.243 2026-01-07T19:01:50+01:00 wa ... show more Email account brute force: 1 attempts were recorded from 104.28.157.243 2026-01-07T19:01:50+01:00 warning: unknown[104.28.157.243]: SASL LOGIN authentication failed: authentication failure, [email protected] show less	Brute-Force
🇩🇪 Packets-Decreaser.NET	2025-06-18 10:56:13 (11 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇩🇪 Packets-Decreaser.NET	2025-05-25 12:34:25 (1 year ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇹🇷 rtbh.com.tr	2025-01-14 20:50:48 (1 year ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
🇧🇬 OHOST.BG	2025-01-14 00:27:00 (1 year ago)	2025-01-14T02:26:30.562414+02:00 DreamLife sshd[105030]: Failed password for root from 104.28.157.24 ... show more 2025-01-14T02:26:30.562414+02:00 DreamLife sshd[105030]: Failed password for root from 104.28.157.243 port 20257 ssh2 2025-01-14T02:26:43.516675+02:00 DreamLife sshd[105042]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.28.157.243 user=root 2025-01-14T02:26:45.190168+02:00 DreamLife sshd[105042]: Failed password for root from 104.28.157.243 port 21703 ssh2 2025-01-14T02:26:58.012627+02:00 DreamLife sshd[105053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.28.157.243 user=root 2025-01-14T02:27:00.077577+02:00 DreamLife sshd[105053]: Failed password for root from 104.28.157.243 port 21834 ssh2 ... show less	Brute-Force SSH
🇿🇦 pip4pip.com	2025-01-13 22:55:42 (1 year ago)	Pip4Pip:IT-Team Reports :: Pip4Pip Welcome Home Visits :: Better Than	Hacking SSH
🇺🇸 dj-packet	2025-01-13 22:00:21 (1 year ago)	Jan 13 14:52:10 web2 sshd\[10415\]: Failed password for root from 104.28.157.243 port 20633 ssh2Jan ... show more Jan 13 14:52:10 web2 sshd\[10415\]: Failed password for root from 104.28.157.243 port 20633 ssh2Jan 13 14:53:32 web2 sshd\[10423\]: Failed password for root from 104.28.157.243 port 21540 ssh2Jan 13 14:54:06 web2 sshd\[10425\]: Failed password for root from 104.28.157.243 port 19654 ssh2Jan 13 14:54:39 web2 sshd\[10430\]: Failed password for root from 104.28.157.243 port 21414 ssh2Jan 13 14:55:11 web2 sshd\[10434\]: Failed password for root from 104.28.157.243 port 19702 ssh2Jan 13 14:56:00 web2 sshd\[10445\]: Failed password for root from 104.28.157.243 port 20326 ssh2 ... show less	Brute-Force SSH
🇹🇷 rtbh.com.tr	2025-01-13 20:50:51 (1 year ago)	list.rtbh.com.tr report: tcp/0	Brute-Force

Showing 1 to 15 of 60 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 193.176.31.151

🇭🇰 152.32.171.213

🇳🇱 91.92.42.10

🇸🇪 81.170.248.221

🇱🇹 81.30.98.44

🇺🇸 74.235.126.65

🇺🇸 71.6.233.181

🇸🇬 172.253.211.16

🇳🇱 131.153.158.213

🇺🇬 129.205.24.199

🇨🇳 112.46.214.53

🇱🇹 81.30.98.142

🇳🇱 45.153.34.114

🇧🇷 45.65.167.113

🇯🇵 8.216.8.179

🇮🇹 2.57.170.76

🇰🇷 211.223.107.86

🇬🇧 193.163.125.109

🇮🇳 161.248.163.85

🇲🇽 158.23.60.168