JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.158.253

104.28.158.253 was found in our database!

This IP was reported 34 times. Confidence of Abuse is 62%: ?

62%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇺🇸 United States of America
City	Reston, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.158.253

Whois 104.28.158.253

IP Abuse Reports for 104.28.158.253:

This IP address has been reported a total of 34 times from 15 distinct sources. 104.28.158.253 was first reported on January 19th 2024, and the most recent report was 5 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇦 lakered	2026-06-04 10:10:54 (5 hours ago)	Detectors: [NGINX] \| Reasons: Nginx: Default server trap hit \| Automated scan targeting an unauthori ... show more Detectors: [NGINX] \| Reasons: Nginx: Default server trap hit \| Automated scan targeting an unauthorized host or default server sinkhole \| Tech Evidence: Incomplete-Browser-Profile (Missing: Accept, Accept-Language), Fake-Chrome-Desktop (No-CH), TLS-JA4-Spoofing-Detected (UA claims Browser but JA4 reports No-HTTP/2: t13d141000), JA4: t13d141000 \| UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/131.0.0.0 Safari/537.36 show less	Port Scan Bad Web Bot Exploited Host
🇳🇱 wlt-blocker	2026-06-03 11:04:39 (1 day ago)	Unauthorized access to webpage admin	Web App Attack
🇺🇸 Major Hostility	2026-06-02 14:17:22 (2 days ago)	"GET /.env.prod HTTP/1.1" 404 "GET /.env.backup HTTP/1.1" 404	Web App Attack
🇩🇪 IVski	2026-06-01 14:08:08 (3 days ago)	IVski WAF \| Sensitive file probe detected - looking for .env	Port Scan Brute-Force Web App Attack
🇺🇸 Rip	2026-05-30 15:51:05 (4 days ago)	Restricted File Access Attempts	Port Scan Web App Attack
Anonymous	2026-05-29 16:33:21 (5 days ago)	Failed login attempt detected by Fail2Ban in plesk-modsecurity jail	Exploited Host
🇫🇷 masterguru	2026-05-29 11:05:20 (6 days ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 104.28.158.253 (CA/Canada/-): 2 in th ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 104.28.158.253 (CA/Canada/-): 2 in the last 3600 secs (0-193) show less	Hacking
🇨🇴 adalbertoreyes.org	2026-05-28 15:51:45 (6 days ago)	CategoryPortScan	Port Scan
🇫🇷 masterguru	2026-05-28 07:32:02 (1 week ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 104.28.158.253 (CA/Canada/-): 1 in th ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 104.28.158.253 (CA/Canada/-): 1 in the last 3600 secs (0-197) show less	Hacking
🇵🇱 Kitki30.com	2026-05-28 06:19:25 (1 week ago)	HTTP Probing. Log: 104.28.158.253 - - [28/May/2026:08:19:24 +0200] "GET /server/.env HTTP/1.1" 301 1 ... show more HTTP Probing. Log: 104.28.158.253 - - [28/May/2026:08:19:24 +0200] "GET /server/.env HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/131.0.0.0 Safari/537.36" show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 IVski	2026-05-28 02:56:07 (1 week ago)	IVski WAF \| Sensitive file probe detected - looking for .env	Port Scan Brute-Force Web App Attack
🇳🇱 BlueWire Hosting	2026-05-27 21:24:42 (1 week ago)	Probing websites for vulnerabilities	Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 22:27:36 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 104.28.158.253 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.158.253 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 18:27:32.922223 2026] [security2:error] [pid 17220:tid 17220] [client 104.28.158.253:29374] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.be4ventures.com"] [uri "/admin/.env"] [unique_id "ahYeVMWsjGzYKzjtLT2aXQAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 13:13:32 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 104.28.158.253 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.158.253 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 09:13:28.457642 2026] [security2:error] [pid 18998:tid 18998] [client 104.28.158.253:28615] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.1954topresent.com"] [uri "/.env.development"] [unique_id "ahWceCaj3ks5fGNOtmEcugAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 04:13:34 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 104.28.158.253 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.158.253 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 00:13:29.204559 2026] [security2:error] [pid 27365:tid 27365] [client 104.28.158.253:27884] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "luxurymicrobikinis.com"] [uri "/api/.env"] [unique_id "ahUd6ZiEqIKtiewMmUmmDAAAACI"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 34 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 167.94.146.36

🇺🇸 20.96.179.87

🇰🇪 196.216.85.237

🇺🇸 195.184.76.162

🇳🇱 192.142.24.39

🇺🇸 185.152.66.173

🇭🇰 152.32.129.110

🇵🇰 139.135.40.194

🇨🇳 110.40.200.115

🇺🇸 108.165.20.123

🇷🇺 81.177.101.45

🇩🇪 64.89.163.235

🇭🇰 43.128.60.40

🇨🇦 37.120.237.223

🇺🇸 18.119.209.50

🇺🇸 165.154.173.35

🇺🇸 162.216.150.234

🇧🇬 78.128.112.6

🇳🇱 45.198.224.5

🇬🇧 35.203.210.100