JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.165.101

104.28.165.101 was found in our database!

This IP was reported 72 times. Confidence of Abuse is 85%: ?

85%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇵🇱 Poland
City	Pruszkow, Mazovia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.165.101

Whois 104.28.165.101

IP Abuse Reports for 104.28.165.101:

This IP address has been reported a total of 72 times from 55 distinct sources. 104.28.165.101 was first reported on November 18th 2025, and the most recent report was 6 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇹 Progetto1	2026-04-30 01:04:09 (1 month ago)	Mail - Multiple failed login attempts	Brute-Force Exploited Host
Anonymous	2026-04-26 16:30:07 (1 month ago)	Failed login attempt detected by Fail2Ban in plesk-postfix jail	Brute-Force
🇩🇪 abdubhai	2026-04-26 10:27:33 (1 month ago)	104.28.165.101 - - [26/Apr/2026: ...	Brute-Force
🇩🇪 Vegascosmetics	2026-04-23 21:50:41 (1 month ago)	Kingcopy(AI-IDS): IP is wandering around the site and acting suspiciously.	Bad Web Bot
🇺🇸 jcbriar	2026-04-22 16:04:11 (1 month ago)	Searching for vulnerable scripts	Hacking Web App Attack
🇨🇦 zXero	2026-04-22 15:38:17 (1 month ago)	Fail2Ban automatic report - jail: geoip-ssh	Brute-Force SSH DDoS Attack
🇳🇱 DrLex0	2026-04-22 13:55:56 (1 month ago)	Poking for env files. You won't escape detection by only doing a HEAD, dipwad. 104.28.165.101 80 - ... show more Poking for env files. You won't escape detection by only doing a HEAD, dipwad. 104.28.165.101 80 - [22/Apr/2026:13:55:56 +0000] "HEAD /.env HTTP/1.1" 404 308 "-" "-" show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-22 10:29:13 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 104.28.165.101 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.165.101 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 22 06:29:08.811990 2026] [security2:error] [pid 3242694:tid 3242694] [client 104.28.165.101:28024] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dadlounge.com"] [uri "/.env"] [unique_id "aeii9NVvSmDRSiSDjraqXwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-04-22 10:06:49 (1 month ago)	Scanning/Probing (15)	Brute-Force Web App Attack
🇬🇧 pinguin	2026-04-22 09:49:32 (1 month ago)	Triggered Cloudflare WAF (firewallManaged) from PL. Action taken: BLOCK Protocol: HTTP/1.1 (HEAD met ... show more Triggered Cloudflare WAF (firewallManaged) from PL. Action taken: BLOCK Protocol: HTTP/1.1 (HEAD method) Endpoint: /.env UA: Empty string This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 kosada.com	2026-04-22 09:12:05 (1 month ago)	Web vulnerability probing: /.env	Web App Attack
🇩🇪 big-cloud.nl	2026-04-22 08:00:19 (1 month ago)	Try to access /.env	Web App Attack
🇺🇸 TPI-Abuse	2026-04-22 07:16:17 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 104.28.165.101 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.165.101 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 22 03:16:12.279207 2026] [security2:error] [pid 2079587:tid 2079587] [client 104.28.165.101:28245] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "magnoliahillproductions.com"] [uri "/.env"] [unique_id "aeh1vLbztiAVuO67i-QZ4gAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-22 06:39:13 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 104.28.165.101 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.165.101 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 22 02:39:06.490117 2026] [security2:error] [pid 2305637:tid 2305637] [client 104.28.165.101:29261] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jeffjastro.com"] [uri "/.env"] [unique_id "aehtCs0YY3-bC6vCYLKK4AAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇯🇵 VXG-NET	2026-04-22 06:22:34 (1 month ago)	port=80, indicator_type=info-leak	Hacking

Showing 16 to 30 of 72 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 162.216.150.91

🇮🇩 103.98.176.164

🇪🇸 92.191.96.70

🇨🇦 192.53.122.28

🇭🇰 152.32.133.95

🇮🇳 122.252.241.175

🇩🇪 118.193.59.4

🇻🇳 103.172.236.241

🇵🇰 103.134.2.139

🇳🇱 93.174.95.106

🇫🇷 91.231.89.139

🇫🇷 91.231.89.137

🇨🇳 58.222.141.114

🇲🇽 189.152.101.153

🇭🇰 118.26.39.178

🇵🇹 109.50.185.153

🇫🇷 92.205.107.87

🇺🇸 91.230.168.238

🇺🇸 91.230.168.128

🇷🇴 89.47.53.19