JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.197.7

104.28.197.7 was found in our database!

This IP was reported 343 times. Confidence of Abuse is 68%: ?

68%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.197.7

Whois 104.28.197.7

IP Abuse Reports for 104.28.197.7:

This IP address has been reported a total of 343 times from 97 distinct sources. 104.28.197.7 was first reported on October 18th 2022, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇦 leithzz	2026-06-04 14:36:14 (4 hours ago)	Report by Cloudflare.Time: 2026-06-04T14:35:48Z	DDoS Attack
🇺🇸 Starburst SysOp Team	2026-05-31 18:53:35 (4 days ago)	URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .b ... show more URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .backup/ .bak/ .bck/ .bk/ .bkp/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .cnf/ .com/ .compositefont/ .config/ .conf/ .copy/ .crt/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dist/ .dll/ .dos/ .dpkg-dist/ .drv/ .gadget/ .hta/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .inf/ .ini/ .jks/ .jse/ .key/ .licx/ .lnk/ .log/ .mdb/ .msc/ .ocx/ .old/ .pass/ .pdb/ .pfx/ .pif/ .pem/ .pol/ .prf/ .printer/ .pwd/ .rdb/ .rdp/ .reg/ .resources/ .resx/ .sav/ .save/ .scr/ .sct/ .sh/ .shs/ .sql/ .sqlite/ .sqlite3/ .swap/ .swo/ .swp/ .sys/ .temp/ .tfstate/ .tlb/ .tmp/ .vb/ .vbe/ .vbs/ .vbproj/ .vsdisco/ .vxd/ .webinfo/ .ws/ .wsc/ .wsf/ .wsh/ .xsd/ .xsx/" at TX:extension. (920440-iad5-2) show less	Hacking
🇺🇸 TPI-Abuse	2026-05-31 12:16:57 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 104.28.197.7 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.28.197.7 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 08:16:52.449987 2026] [security2:error] [pid 8009:tid 8009] [client 104.28.197.7:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "inspiraciongaleria.com"] [uri "/.env.production"] [unique_id "ahwmtPhIvTeHqrv9NnCRqAAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 10:50:09 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 104.28.197.7 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.28.197.7 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 06:50:03.333957 2026] [security2:error] [pid 9138:tid 9269] [client 104.28.197.7:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "beckmon.com"] [uri "/.env.production"] [unique_id "ahwSW2tkgjlLy1dMNsjMGAAAARA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 04:53:04 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 104.28.197.7 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.28.197.7 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 00:52:58.658625 2026] [security2:error] [pid 14235:tid 14292] [client 104.28.197.7:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jefftappan.com"] [uri "/.env.local"] [unique_id "ahu-qim2GwchYAHNaM7FOQAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 4server	2026-05-31 03:12:51 (4 days ago)	[SunMay3105:12:45.8554042026][security2:error][pid524142:tid524221][client104.28.197.7:0]ModSecurity ... show more [SunMay3105:12:45.8554042026][security2:error][pid524142:tid524221][client104.28.197.7:0]ModSecurity:Accessdeniedwithcode403$phase1$.Patternmatch\"$\?i$$\?:/\(\?:\^\\|/$\\\\\\\\.$env\\|git\\|svn\\|hg\\|DS_Store$\\|/$\?:wp-config\\|\\\\\\\\.htaccess\\|\\\\\\\\.htpasswd$\\|\\\\\\\\.$\?:sql\\|bak\\|old\\|log$\$\)\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"156\"][id\"960720\"][msg\"Forbiddenfileaccessattempt\"][severity\"CRITICAL\"][hostname\"gm-swiss.ch.136-243-54-122.cpanel.site\"][uri\"/.env.old\"][unique_id\"ahunLc4enokY4A1O33yXFwAAAI8\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 00:16:39 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 104.28.197.7 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.28.197.7 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 30 20:16:35.418065 2026] [security2:error] [pid 2782:tid 2782] [client 104.28.197.7:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lookatpriscoolwebsite.click"] [uri "/.env.old"] [unique_id "aht940WCt6k8xJ6US14bgQAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Sylvyon	2026-05-30 20:45:33 (4 days ago)	Triggered Cloudflare WAF (firewallCustom) from DE. Action: BLOCK \| Protocol: HTTP/1.1 (GET) \| Endpoi ... show more Triggered Cloudflare WAF (firewallCustom) from DE. Action: BLOCK \| Protocol: HTTP/1.1 (GET) \| Endpoint: /.aws/credentials \| UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_6_6; de) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.2 Safari/605.1.15 • Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇨🇦 leithzz	2026-05-30 19:13:11 (5 days ago)	Report by Cloudflare.Time: 2026-05-30T19:12:39Z	DDoS Attack
🇫🇷 masterguru	2026-05-30 10:25:30 (5 days ago)	Blocked Cloudflare Worker request. Pattern match "." at REQUEST_HEADERS:Cf-Worker. (5025-196)	Hacking
🇫🇷 masterguru	2026-05-30 07:07:45 (5 days ago)	Blocked Cloudflare Worker request. Pattern match "." at REQUEST_HEADERS:Cf-Worker. (5025-195)	Hacking
🇺🇸 TPI-Abuse	2026-05-30 06:59:47 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 104.28.197.7 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.28.197.7 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 30 02:59:39.061166 2026] [security2:error] [pid 27620:tid 27620] [client 104.28.197.7:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "anthonyanimalclinic.net"] [uri "/.env.local"] [unique_id "ahqK21VQpCJx3GrSVNXvigAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 MatStef132	2026-05-24 20:58:23 (1 week ago)	MatShield L7: blocked on mathost.eu (ua-quarantined)	Bad Web Bot
🇫🇷 MatStef132	2026-05-23 15:48:43 (1 week ago)	MatShield L7: blocked on mathost.eu (ua-quarantined)	Bad Web Bot
🇫🇷 MatStef132	2026-05-21 15:51:12 (2 weeks ago)	MatShield L7: blocked on mathost.eu (ua-quarantined)	Bad Web Bot

Showing 1 to 15 of 343 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇬 2a09:bac5:55f8:15f::23:480

🇺🇸 2607:f8b0:4001:c0c::12b

🇧🇷 187.109.172.158

🇩🇪 167.94.146.54

🇮🇳 152.52.192.138

🇨🇳 123.145.1.209

🇨🇳 117.62.22.127

🇨🇳 115.190.173.110

🇮🇳 103.224.185.54

🇳🇬 102.88.137.80

🇮🇹 93.92.77.161

🇬🇧 35.203.211.221

🇧🇪 34.78.102.237

🇨🇦 34.19.206.204

🇻🇳 14.225.217.138

🇸🇬 8.222.225.103

🇺🇸 2607:f8b0:400c:c00::12c

🇮🇩 202.51.214.99

🇺🇸 185.191.171.7

🇯🇵 103.125.146.111