JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.161.246

104.28.161.246 was found in our database!

This IP was reported 28 times. Confidence of Abuse is 41%: ?

41%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇺🇸 United States of America
City	Reston, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.161.246

Whois 104.28.161.246

IP Abuse Reports for 104.28.161.246:

This IP address has been reported a total of 28 times from 15 distinct sources. 104.28.161.246 was first reported on September 30th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Holger	2026-06-06 00:46:30 (1 week ago)	Bruteforce WebAttack	Brute-Force Web App Attack
🇩🇪 Holger	2026-06-04 11:12:59 (1 week ago)	Bruteforce WebAttack	Brute-Force Web App Attack
🇨🇦 lakered	2026-06-03 16:24:44 (2 weeks ago)	Detectors: [NGINX] \| Reasons: Targeting a decommissioned/expired domain name (historical data recon) ... show more Detectors: [NGINX] \| Reasons: Targeting a decommissioned/expired domain name (historical data recon) \| Nginx: Default server trap hit \| Tech Evidence: Incomplete-Browser-Profile (Missing: Accept, Accept-Language), Fake-Chrome-Desktop (No-CH), TLS-JA4-Spoofing-Detected (UA claims Browser but JA4 reports No-HTTP/2: t13d141000), JA4: t13d141000 \| UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/131.0.0.0 Safari/537.36 show less	Port Scan Exploited Host Bad Web Bot Web App Attack
🇩🇪 Holger	2026-06-02 15:39:48 (2 weeks ago)	Bruteforce WebAttack	Brute-Force Web App Attack
🇪🇸 pipeline.es	2026-06-01 11:37:00 (2 weeks ago)	Port scanning / recon \| Evidence: date=2026-06-01 time=13:36:15 devname="[redacted]" devid="[redacte ... show more Port scanning / recon \| Evidence: date=2026-06-01 time=13:36:15 devname="[redacted]" devid="[redacted]" eventtime=1780313775927943810 tz=\"+0200\" logid=\"0000000013\" type=\"traffic\" subtype=\"forward\" level=\"notice\" vd="[redacted]" srcip=104.28.161.246 srcport=38534 srcintf="[redacted]" srcintfrole=\"wan\" dstip=[redacted] dstport=443 dstintf="[redacted]" dstintfrole=\"lan\" srccountry=\"United States\" dstcountry=\"Spain\" \| ASN: CLOUDFLARENET \| Country: US show less	Port Scan Web App Attack
🇱🇻 garmtech.com	2026-05-31 15:07:04 (2 weeks ago)	Attempted access to sensitive endpoint (/.env.old) detected. Automated scan or unauthorized probing.	Web App Attack
🇳🇱 homeshowdomain.nl	2026-05-29 22:02:48 (2 weeks ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-28. show less	Web App Attack SSH Hacking
🇳🇱 ParaBug	2026-05-24 13:28:19 (3 weeks ago)	104.28.161.246 - - [24/May/2026:15:28:19 +0200] "GET /.env.dev HTTP/1.1" 401 3278 "-" "Mozilla/5.0 ( ... show more 104.28.161.246 - - [24/May/2026:15:28:19 +0200] "GET /.env.dev HTTP/1.1" 401 3278 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/131.0.0.0 Safari/537.36" ... show less	Phishing Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-24 03:41:10 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 104.28.161.246 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.161.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 23 23:41:06.462490 2026] [security2:error] [pid 6467:tid 6467] [client 104.28.161.246:39825] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "teguer.com"] [uri "/.env.sample"] [unique_id "ahJzUuDGNVet9_xyx3_sdgAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-23 23:49:53 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 104.28.161.246 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.161.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 23 19:49:45.832815 2026] [security2:error] [pid 11090:tid 11238] [client 104.28.161.246:38497] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tbdesigned.com"] [uri "/.env"] [unique_id "ahI9GZcrQpKW4dRzLyV7XwAAAlU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 David Ferneding	2026-05-21 20:37:15 (3 weeks ago)	Blocked by UFW (TCP on 80) Source port: 38911 TTL: 57 Packet length: 60 TOS: 0x00 This report (for ... show more Blocked by UFW (TCP on 80) Source port: 38911 TTL: 57 Packet length: 60 TOS: 0x00 This report (for 104.28.161.246) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Web App Attack
🇺🇸 TPI-Abuse	2026-05-19 22:15:56 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 104.28.161.246 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.161.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 19 18:15:52.741775 2026] [security2:error] [pid 27326:tid 27326] [client 104.28.161.246:38473] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.houston-church-of-god.org"] [uri "/.env.old"] [unique_id "agzhGPBROHcsKyYCUIp3BQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-19 10:14:32 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 104.28.161.246 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.161.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 19 06:14:28.200075 2026] [security2:error] [pid 18866:tid 18866] [client 104.28.161.246:38263] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.amurtel.org"] [uri "/.env.save"] [unique_id "agw4BI2i_ueFwqvJILEf7QAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-19 04:39:48 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 104.28.161.246 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.161.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 19 00:39:40.880143 2026] [security2:error] [pid 4275:tid 4275] [client 104.28.161.246:38525] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.allisonstiles.org"] [uri "/.env.bak"] [unique_id "agvpjJqnXDmUVoKAZXzteQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Ba-Yu	2026-05-18 09:40:27 (4 weeks ago)	General hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack

Showing 1 to 15 of 28 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 195.184.76.134

🇺🇸 179.61.232.244

🇮🇩 160.187.174.22

🇦🇹 152.53.0.56

🇲🇾 115.135.234.221

🇩🇪 213.209.159.231

🇳🇱 185.224.128.16

🇮🇳 182.95.150.186

🇳🇱 176.65.148.215

🇮🇩 103.154.231.122

🇩🇪 69.5.169.165

🇩🇿 41.110.4.106

🇰🇷 175.207.205.249

🇸🇦 144.24.209.174

🇭🇰 125.215.199.37

🇺🇸 104.23.203.148

🇳🇱 91.92.42.86

🇳🇱 91.92.40.52

🇨🇳 61.146.235.54

🇳🇱 51.15.81.150