JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.165.101

104.28.165.101 was found in our database!

This IP was reported 72 times. Confidence of Abuse is 85%: ?

85%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇵🇱 Poland
City	Pruszkow, Mazovia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.165.101

Whois 104.28.165.101

IP Abuse Reports for 104.28.165.101:

This IP address has been reported a total of 72 times from 55 distinct sources. 104.28.165.101 was first reported on November 18th 2025, and the most recent report was 7 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇪 Jim Keir	2026-04-22 05:50:06 (1 month ago)	2026-04-22 05:50:06 104.28.165.101 File scanning, blocking 104.28.165.101 for 5 minutes	Web App Attack
🇩🇪 FeG Deutschland	2026-04-22 05:05:25 (1 month ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
Anonymous	2026-04-22 04:18:53 (1 month ago)	Fuzzing/Looking for credentials files.	Brute-Force Web App Attack
Anonymous	2026-04-22 04:14:03 (1 month ago)	Bot / scanning and/or hacking attempts: HEAD /.env HTTP/1.1	Hacking Web App Attack
🇺🇸 octageeks.com	2026-04-22 04:08:16 (1 month ago)	Wordpress malicious attack:[octablocked]	Web App Attack
🇺🇸 TPI-Abuse	2026-04-22 03:47:33 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 104.28.165.101 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.165.101 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 21 23:47:28.510230 2026] [security2:error] [pid 168693:tid 168693] [client 104.28.165.101:28834] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "turtlehill.org"] [uri "/.env"] [unique_id "aehE0GnnbdMiroNLe4ZLOwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 ALPHANET	2026-04-22 03:32:04 (1 month ago)	web exploits	Hacking Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-04-22 03:16:25 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 104.28.165.101 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.165.101 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 21 23:16:19.052274 2026] [security2:error] [pid 124833:tid 124973] [client 104.28.165.101:28336] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "juantrece.com"] [uri "/.env"] [unique_id "aeg9g51qbPyc-g-CDcNijwAAAYI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-22 02:46:44 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 104.28.165.101 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.165.101 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 21 22:46:39.225697 2026] [security2:error] [pid 16500:tid 16500] [client 104.28.165.101:27222] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.instituteofscience.com"] [uri "/.env"] [unique_id "aeg2j2mlFWv6d0gNhzdS1QAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-22 02:00:16 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 104.28.165.101 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.165.101 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 21 22:00:10.288305 2026] [security2:error] [pid 844413:tid 844438] [client 104.28.165.101:27803] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.ethicmark.org"] [uri "/.env"] [unique_id "aegrqsfvib54evGIjTW_LAAAAJc"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Oakley	2026-04-22 01:42:28 (1 month ago)	(confirmed_bot_sig) Confirmed bot	Hacking
🇧🇪 voormedia	2026-04-22 01:40:05 (1 month ago)	Accessed trap at '/.env'	Web App Attack
🇩🇪 nyt	2026-04-22 01:13:16 (1 month ago)	Sensitive File Probe, Sensitive File Probe, Empty UA + 404	Web App Attack
🇱🇻 garmtech.com	2026-04-22 00:41:47 (1 month ago)	IM360 WAF: Laravel .env file access	Web App Attack
🇦🇺 afleventoffice.com.au	2026-04-21 19:21:20 (1 month ago)	HEAD /.env HTTP/1.1	Web App Attack

Showing 31 to 45 of 72 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 192.3.196.157

🇨🇦 144.217.74.127

🇻🇳 116.118.44.131

🇨🇳 106.12.241.195

🇷🇴 92.118.39.62

🇺🇸 71.6.199.65

🇳🇱 45.156.87.204

🇫🇷 91.196.152.29

🇺🇸 66.228.38.149

🇺🇸 66.132.172.109

🇬🇧 35.203.210.182

🇬🇧 35.203.210.57

🇺🇸 147.185.132.184

🇨🇳 106.12.74.119

🇱🇹 81.30.98.44

🇺🇸 50.116.72.139

🇬🇧 45.137.126.24

🇭🇰 152.32.172.177

🇳🇱 141.11.0.200

🇩🇪 116.203.204.171