JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.196.58

104.28.196.58 was found in our database!

This IP was reported 82 times. Confidence of Abuse is 100%: ?

100%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇫🇷 France
City	Strasbourg, Grand Est

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.196.58

Whois 104.28.196.58

IP Abuse Reports for 104.28.196.58:

This IP address has been reported a total of 82 times from 57 distinct sources. 104.28.196.58 was first reported on October 21st 2025, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 vaddilyin	2026-06-05 23:03:03 (1 hour ago)	{"ClientAddr":"104.28.196.58:21802","ClientHost":"104.28.196.58","ClientPort":"21802","ClientUsernam ... show more {"ClientAddr":"104.28.196.58:21802","ClientHost":"104.28.196.58","ClientPort":"21802","ClientUsername":"-","DownstreamContentSize":19,"DownstreamStatus":404,"Duration":26408,"GzipRatio":0,"OriginContentSize":0,"OriginDuration":0,"OriginStatus":0,"Overhead":26408,"RequestAddr":"meta.vdkln.com","RequestContentSize":0,"RequestCount":79476,"RequestHost":"meta.vdkln.com","RequestMethod":"GET","RequestPath":"/ms-themes.php","RequestPort":"-","RequestProtocol":"HTTP/2.0","RequestScheme":"https","RetryAttempts":0,"StartLocal":"2026-06-05T23:03:02.622267786Z","StartUTC":"2026-06-05T23:03:02.622267786Z","TLSCipher":"TLS_AES_128_GCM_SHA256","TLSVersion":"1.3","entryPointName":"websecure","level":"info","msg":"","time":"2026-06-05T23:03:02Z"} {"ClientAddr":"104.28.196.58:21802","ClientHost":"104.28.196.58","ClientPort":"21802","ClientUsername":"-","DownstreamContentSize":19,"DownstreamStatus":404,"Duration":45486,"GzipRatio":0,"OriginContentSize":0,"OriginDuration":0,"OriginStatus":0,"Overhead":45 ... show less	Web App Attack
🇺🇸 masterguru	2026-06-05 20:15:24 (4 hours ago)	BAD BOT - Detected and Blocked.. Matched phrase "go-http-client" at REQUEST_HEADERS:User-Agent. (110 ... show more BAD BOT - Detected and Blocked.. Matched phrase "go-http-client" at REQUEST_HEADERS:User-Agent. (1100000-164) show less	Bad Web Bot
Anonymous	2026-06-05 19:49:43 (5 hours ago)	"GET /wp-admin/admin-ajax.php HTTP/1.1"	Hacking Web App Attack
🇩🇪 Dennis	2026-06-05 17:50:37 (7 hours ago)	104.28.196.58 has been banned for triggering http-probing (11 events over 332.836808ms).	Brute-Force Web App Attack
🇩🇪 Hagen Schoebel	2026-06-05 15:44:32 (9 hours ago)	Blocked by CrowdSec - crowdsecurity/http-probing (FR)	Port Scan Brute-Force Web App Attack SSH
🇫🇷 Octopuce	2026-06-05 12:22:30 (12 hours ago)	Aggressive web search of vulnerable pages: /ms-themes.php /chosen.php?p= /file.php /flower.php /gifc ... show more Aggressive web search of vulnerable pages: /ms-themes.php /chosen.php?p= /file.php /flower.php /gifclass.php /bless.php /class-t.api.php /blurb ... show less	Web App Attack
🇫🇷 masterguru	2026-06-05 09:18:52 (15 hours ago)	BAD BOT - Detected and Blocked.. Matched phrase "go-http-client" at REQUEST_HEADERS:User-Agent. (110 ... show more BAD BOT - Detected and Blocked.. Matched phrase "go-http-client" at REQUEST_HEADERS:User-Agent. (1100000-193) show less	Bad Web Bot
🇺🇸 etu brutus	2026-06-05 08:41:35 (16 hours ago)	104.28.196.58 Blocked by [Attack Vector List] ...	Hacking Brute-Force Exploited Host
🇺🇦 URAN Publishing Service	2026-06-03 14:22:55 (2 days ago)	104.28.196.58 - - [03/Jun/2026:17:22:54 +0300] "GET /wp-admin/admin-ajax.php HTTP/1.1" 404 708 "-" " ... show more 104.28.196.58 - - [03/Jun/2026:17:22:54 +0300] "GET /wp-admin/admin-ajax.php HTTP/1.1" 404 708 "-" "Go-http-client/1.1" 104.28.196.58 - - [03/Jun/2026:17:22:54 +0300] "GET /wp-content/plugins/hellopress/wp_mna.php HTTP/1.1" 404 708 "-" "Go-http-client/1.1" ... show less	Web App Attack
🇩🇪 ghostwarriors	2026-06-02 14:50:12 (3 days ago)	Webpage scraping	Brute-Force Bad Web Bot Web App Attack
🇺🇸 revslowmo	2026-06-02 12:24:17 (3 days ago)	Bot attempt ssh bruteforce	Brute-Force SSH
🇩🇪 on-com	2026-06-02 03:57:10 (3 days ago)	URL scan	Brute-Force Web App Attack
🇩🇪 IVski	2026-06-02 02:33:11 (3 days ago)	IVski WAF \| Webshell probe detected - requesting common script extensions	Port Scan Brute-Force Web App Attack
🇮🇩 Burayot	2026-06-02 01:58:11 (3 days ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 104.28.196.58 (FR/France/-): 1 in t ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 104.28.196.58 (FR/France/-): 1 in the last 3600 secs show less	Web App Attack
🇬🇧 myintarweb	2026-06-01 23:23:53 (4 days ago)	104.28.196.58 - - [02/Jun/2026:00:23:52 +0100] 80 "GET /wp-admin/admin-ajax.php HTTP/1.1" 301 1613 " ... show more 104.28.196.58 - - [02/Jun/2026:00:23:52 +0100] 80 "GET /wp-admin/admin-ajax.php HTTP/1.1" 301 1613 "-" "Go-http-client/1.1" ... show less	Hacking Bad Web Bot Web App Attack

Showing 1 to 15 of 82 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 180.71.9.31

🇰🇷 175.195.231.106

🇫🇮 147.185.133.41

🇨🇳 116.179.32.234

🇸🇪 93.158.91.33

🇳🇱 89.125.154.188

🇸🇪 82.196.106.164

🇺🇸 64.62.156.200

🇮🇳 49.248.223.6

🇬🇧 31.14.254.31

🇹🇼 198.235.24.100

🇺🇾 167.61.141.62

🇬🇧 87.74.80.204

🇸🇪 77.53.193.47

🇺🇸 72.167.50.103

🇺🇸 64.62.156.24

🇭🇰 47.86.232.51

🇷🇺 46.160.165.239

🇳🇱 45.148.10.141

🇸🇬 43.106.90.118