JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.158.140

104.28.158.140 was found in our database!

This IP was reported 58 times. Confidence of Abuse is 30%: ?

30%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇫🇷 France
City	Aulnay-sous-Bois, Ile-de-France

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.158.140

Whois 104.28.158.140

IP Abuse Reports for 104.28.158.140:

This IP address has been reported a total of 58 times from 38 distinct sources. 104.28.158.140 was first reported on March 21st 2023, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 billfor	2026-06-29 07:03:30 (1 day ago)	104.28.158.140 - - [29/Jun/2026:03:03:21 -0400] "GET /.env.production HTTP/2.0" 404 0 "-" "Mozilla/5 ... show more 104.28.158.140 - - [29/Jun/2026:03:03:21 -0400] "GET /.env.production HTTP/2.0" 404 0 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" show less	Web App Attack
🇺🇸 wteiken	2026-06-29 06:56:56 (1 day ago)	2026-06-29T02:56:54.664461-04:00 nostromo.teiken.net kernel: [94301.262635] syn_limit:IN=en-wan OUT= ... show more 2026-06-29T02:56:54.664461-04:00 nostromo.teiken.net kernel: [94301.262635] syn_limit:IN=en-wan OUT= MAC=00:50:43:37:c2:00:88:a2:5e:1c:98:0c:08:00 SRC=104.28.158.140 DST=173.52.106.128 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=19633 DF PROTO=TCP SPT=45290 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 2026-06-29T02:56:54.664901-04:00 nostromo.teiken.net kernel: [94301.262950] syn_limit:IN=en-wan OUT= MAC=00:50:43:37:c2:00:88:a2:5e:1c:98:0c:08:00 SRC=104.28.158.140 DST=173.52.106.128 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=2937 DF PROTO=TCP SPT=45272 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 2026-06-29T02:56:54.670281-04:00 nostromo.teiken.net kernel: [94301.263972] syn_limit:IN=en-wan OUT= MAC=00:50:43:37:c2:00:88:a2:5e:1c:98:0c:08:00 SRC=104.28.158.140 DST=173.52.106.128 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=10897 DF PROTO=TCP SPT=45298 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 2026-06-29T02:56:54.672453-04:00 nostromo.teiken.net kernel: [94301.264158] syn_limit:IN=en-wan OUT= MAC=00:50:43:37:c2:00:88 ... show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-25 13:05:16 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 104.28.158.140 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.158.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 09:05:12.944843 2026] [security2:error] [pid 5809:tid 5809] [client 104.28.158.140:41836] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "wildlifetaxidermy.com"] [uri "/.env.production"] [unique_id "aj0niI-5ZpX5XZrbUiigTAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇿 Honzas	2026-05-25 13:41:07 (1 month ago)	Brute Force SMTP AUTH Attack	Brute-Force
🇮🇹 Inartis	2026-05-22 04:18:52 (1 month ago)	2026-05-22T06:18:51.314216mail1.inartis.it postfix/smtpd[1743359]: warning: unknown[104.28.158.140]: ... show more 2026-05-22T06:18:51.314216mail1.inartis.it postfix/smtpd[1743359]: warning: unknown[104.28.158.140]: SASL PLAIN authentication failed: authentication failure, [email protected] ... show less	Port Scan Brute-Force
Anonymous	2026-05-03 16:30:31 (1 month ago)	Failed login attempt detected by Fail2Ban in plesk-postfix jail	Brute-Force
🇪🇸 Francisco Vallejo	2026-04-30 03:09:32 (2 months ago)	[Thu Apr 30 05:09:30.115188 2026] [core:info] [pid 2212689:tid 133294737827520] [client 104.28.158.1 ... show more [Thu Apr 30 05:09:30.115188 2026] [core:info] [pid 2212689:tid 133294737827520] [client 104.28.158.140:60254] AH00128: File does not exist: /var/www/barluna/style.php, referer: http://barluna.es/style.php [Thu Apr 30 05:09:31.505245 2026] [core:info] [pid 2212689:tid 133294217742016] [client 104.28.158.140:60254] AH00128: File does not exist: /var/www/barluna/wp-content/style.php, referer: http://barluna.es/wp-content/style.php [Thu Apr 30 05:09:31.574263 2026] [core:info] [pid 2212689:tid 133294209349312] [client 104.28.158.140:60254] AH00128: File does not exist: /var/www/barluna/wp-content/themes/style.php, referer: http://barluna.es/wp-content/themes/style.php [Thu Apr 30 05:09:31.655826 2026] [core:info] [pid 2212689:tid 133294192563904] [client 104.28.158.140:60254] AH00128: File does not exist: /var/www/barluna/wp-admin/style.php, referer: http://barluna.es/wp-admin/style.php [Thu Apr 30 05:09:31.740058 2026] [core:info] [pid 2212689:tid 133294779791040] [client 104.28.158.140:6 ... show less	Brute-Force SSH
🇨🇭 Origon	2026-04-29 03:23:12 (2 months ago)	postfix-non-smtp-command - IP: 104.28.158.140 - time="2026-04-29T05:23:11+02:00" level=info msg="(5 ... show more postfix-non-smtp-command - IP: 104.28.158.140 - time="2026-04-29T05:23:11+02:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/postfix-non-smtp-command by ip 104.28.158.140 (FR/13335) : 4h ban on Ip 104.28.158.140" module=db show less	Email Spam
🇷🇴 iulianh	2026-04-28 03:20:33 (2 months ago)	25,465,587	Brute-Force SSH
🇷🇴 gtheo99	2026-04-26 05:43:03 (2 months ago)	(smtpauth) Failed SMTP AUTH login from 104.28.158.140 (CA/Canada/-): 2 in the last 900 secs	Brute-Force Email Spam
🇨🇭 Origon	2026-04-26 01:24:17 (2 months ago)	postfix-non-smtp-command - IP: 104.28.158.140 - time="2026-04-26T03:24:17+02:00" level=info msg="(5 ... show more postfix-non-smtp-command - IP: 104.28.158.140 - time="2026-04-26T03:24:17+02:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/postfix-non-smtp-command by ip 104.28.158.140 (FR/13335) : 4h ban on Ip 104.28.158.140" module=db show less	Email Spam
🇮🇹 Progetto1	2026-04-24 21:45:02 (2 months ago)	Mail - Multiple failed login attempts	Brute-Force Exploited Host
Anonymous	2026-04-24 06:09:40 (2 months ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇨🇭 dimitar Penkov	2026-04-17 13:28:54 (2 months ago)	DDOS flood attempts	Brute-Force Exploited Host
🇩🇪 SamJUK	2026-04-11 11:24:45 (2 months ago)	2026-04-11T11:25:03.882445+00:00 hostname sshd[2759271]: Failed password for root from 104.28.158.14 ... show more 2026-04-11T11:25:03.882445+00:00 hostname sshd[2759271]: Failed password for root from 104.28.158.140 port 63730 ssh2 2026-04-11T11:25:11.947628+00:00 hostname sshd[2759361]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.28.158.140 user=root 2026-04-11T11:25:13.982797+00:00 hostname sshd[2759361]: Failed password for root from 104.28.158.140 port 63149 ssh2 2026-04-11T11:25:20.988656+00:00 hostname sshd[2759485]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.28.158.140 user=root 2026-04-11T11:25:22.593283+00:00 hostname sshd[2759485]: Failed password for root from 104.28.158.140 port 65514 ssh2 ... show less	Brute-Force SSH

Showing 1 to 15 of 58 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 211.46.177.174

🇳🇱 147.45.50.96

🇮🇩 103.166.10.244

🇺🇸 91.230.168.10

🇳🇱 91.92.40.233

🇳🇱 85.11.167.118

🇮🇱 46.210.95.5

🇧🇷 45.165.238.2

🇺🇸 20.163.15.220

🇺🇸 213.108.3.171

🇫🇮 194.124.210.127

🇺🇸 172.233.222.87

🇭🇰 112.119.21.245

🇬🇧 87.236.176.50

🇫🇷 85.217.140.4

🇩🇪 64.89.163.152

🇸🇬 47.84.66.216

🇧🇷 45.239.212.191

🇯🇵 20.78.146.3

🇫🇷 5.196.78.175