JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.193.27

104.28.193.27 was found in our database!

This IP was reported 37 times. Confidence of Abuse is 74%: ?

74%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇺🇸 United States of America
City	Las Vegas, Nevada

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.193.27

Whois 104.28.193.27

IP Abuse Reports for 104.28.193.27:

This IP address has been reported a total of 37 times from 27 distinct sources. 104.28.193.27 was first reported on November 26th 2024, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-18 10:20:44 (4 hours ago)	(mod_security) mod_security (id:210492) triggered by 104.28.193.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.28.193.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 06:20:37.581308 2026] [security2:error] [pid 30695:tid 30695] [client 104.28.193.27:50046] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.book-arts-press.com.jpastorphotographics.com"] [uri "/.git/HEAD"] [unique_id "ajPGddUCrn1vAkiqXjwUIwAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 FireGuard Server	2026-06-18 10:05:05 (4 hours ago)	Blocked by OPNsense firewall; 8 hits, proto=tcp, ports=443	Port Scan Hacking
🇺🇸 TPI-Abuse	2026-06-11 09:58:52 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 104.28.193.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.28.193.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 05:58:48.744768 2026] [security2:error] [pid 7228:tid 7228] [client 104.28.193.27:20015] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "devinfrymire.com"] [uri "/.git/HEAD"] [unique_id "aiqG2KqXezd-6aN-0gjhTAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 Progetto1	2026-06-10 08:15:02 (1 week ago)	Mail - Multiple failed login attempts	Brute-Force Exploited Host
🇺🇸 mnsf	2026-05-30 15:05:52 (2 weeks ago)	Abuse Detected (2)	Brute-Force Web App Attack
🇨🇭 TheCoon	2026-05-28 22:45:01 (2 weeks ago)	Automated: Credential theft attempt - JSON bomb served	Web App Attack Hacking
🇩🇪 Kreapptivo	2026-05-28 01:03:14 (3 weeks ago)	[28/May/2026:03:03:10 +0200] Web-Request: "GET /.git/config", User-Agent: "Mozilla/5.0 (Macintosh; I ... show more [28/May/2026:03:03:10 +0200] Web-Request: "GET /.git/config", User-Agent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36" show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 00:54:29 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 104.28.193.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.28.193.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 20:54:24.979947 2026] [security2:error] [pid 8836:tid 8836] [client 104.28.193.27:27966] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.97films.media"] [uri "/.git/HEAD"] [unique_id "aheSQF9xWZGBZxJF9hWvlQAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2026-05-27 22:01:30 (3 weeks ago)	Auto-ban: >3000 req/min op 2026-05-27	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-05-27 21:58:35 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 104.28.193.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.28.193.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 17:58:31.646611 2026] [security2:error] [pid 29034:tid 29142] [client 104.28.193.27:27214] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.condo.management"] [uri "/.git/HEAD"] [unique_id "ahdpB1HctnKzDPv28w2_3QAAAkI"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-05-27 20:36:00 (3 weeks ago)	Web attack/malicious scanning detected	Web App Attack
🇫🇮 YF	2026-05-27 18:04:36 (3 weeks ago)	WordPress directory enumeration	Web App Attack
🇧🇪 voormedia	2026-05-27 17:39:07 (3 weeks ago)	Accessed trap at '/.git/HEAD'	Web App Attack
Anonymous	2026-05-27 16:43:58 (3 weeks ago)	104.28.193.27 - - [27/May/2026:18:43:58 +0200] "GET /.git/HEAD HTTP/1.1" 402 3390 "-" "Mozilla/5.0 ( ... show more 104.28.193.27 - - [27/May/2026:18:43:58 +0200] "GET /.git/HEAD HTTP/1.1" 402 3390 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36" ... show less	Web App Attack
🇩🇪 tentwentyfour	2026-05-27 15:48:49 (3 weeks ago)	Blocked for probing for sensitive web application components	Brute-Force Web App Attack

Showing 1 to 15 of 37 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 104.239.80.209

🇵🇰 223.123.107.68

🇩🇪 178.105.200.202

🇨🇳 106.13.182.13

🇫🇷 91.196.152.189

🇫🇷 91.171.97.78

🇮🇳 49.207.243.13

🇳🇱 45.148.10.151

🇳🇱 45.148.10.121

🇷🇴 2.57.122.238

🇹🇳 197.2.156.19

🇭🇺 195.199.210.194

🇬🇧 193.163.125.173

🇨🇳 182.244.0.150

🇺🇸 162.216.150.196

🇺🇸 104.238.50.180

🇷🇸 82.27.247.247

🇸🇬 68.178.167.214

🇰🇷 58.78.114.135

🇳🇱 45.148.10.240