JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.213.40

104.28.213.40 was found in our database!

This IP was reported 1,355 times. Confidence of Abuse is 100%: ?

100%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇺🇸 United States of America
City	Buffalo, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.213.40

Whois 104.28.213.40

IP Abuse Reports for 104.28.213.40:

This IP address has been reported a total of 1,355 times from 532 distinct sources. 104.28.213.40 was first reported on February 21st 2024, and the most recent report was 48 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2025-01-19 16:39:03 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 104.28.213.40 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 104.28.213.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 19 11:38:55.434024 2025] [security2:error] [pid 31358:tid 31358] [client 104.28.213.40:26951] [client 104.28.213.40] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 104.28.213.40 (+1 hits since last alert)\|www.mounthoodhistory.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.mounthoodhistory.com"] [uri "/xmlrpc.php"] [unique_id "Z40qnx2FJ7cg1IpMZkYyMgAAAAw"], referer: https://www.mounthoodhistory.com/xmlrpc.php show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Kenshin869	2025-01-19 16:00:34 (1 year ago)	Wordpress unauthorized access attempt	Brute-Force
🇺🇸 TPI-Abuse	2025-01-19 14:26:26 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 104.28.213.40 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 104.28.213.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 19 09:26:21.886602 2025] [security2:error] [pid 4359:tid 4359] [client 104.28.213.40:26869] [client 104.28.213.40] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 104.28.213.40 (+1 hits since last alert)\|www.goldcountrygermanamericanclub.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.goldcountrygermanamericanclub.org"] [uri "/xmlrpc.php"] [unique_id "Z40LjYlcevZc5jOGj2JUjAAAAAk"], referer: https://www.goldcountrygermanamericanclub.org/xmlrpc.php show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-01-19 14:09:52 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 104.28.213.40 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 104.28.213.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 19 09:09:46.011159 2025] [security2:error] [pid 19208:tid 19208] [client 104.28.213.40:26768] [client 104.28.213.40] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 104.28.213.40 (+1 hits since last alert)\|salernospizza.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "salernospizza.com"] [uri "/xmlrpc.php"] [unique_id "Z40Hqr3JI5jI_Gbj8CyHkgAAABI"], referer: http://salernospizza.com/xmlrpc.php show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-01-19 13:35:14 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 104.28.213.40 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 104.28.213.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 19 08:35:07.978863 2025] [security2:error] [pid 16846:tid 16846] [client 104.28.213.40:27031] [client 104.28.213.40] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 104.28.213.40 (+1 hits since last alert)\|www.quickasawink.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.quickasawink.org"] [uri "/xmlrpc.php"] [unique_id "Z4z_i2xeW8jYrZDxHyDVxgAAAAk"], referer: https://www.quickasawink.org/xmlrpc.php show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Dadelinux	2025-01-19 13:21:03 (1 year ago)	104.28.213.40 - - [19/Jan/2025:14:20:59 +0100] "GET /xmlrpc.php HTTP/1.1" 405 4789 "-" "Mozilla/5.0 ... show more 104.28.213.40 - - [19/Jan/2025:14:20:59 +0100] "GET /xmlrpc.php HTTP/1.1" 405 4789 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" 104.28.213.40 - - [19/Jan/2025:14:21:00 +0100] "GET /wp-login.php HTTP/1.1" 200 3693 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" 104.28.213.40 - - [19/Jan/2025:14:21:02 +0100] "POST /xmlrpc.php HTTP/1.1" 200 4950 "https://www.tiraca.it/xmlrpc.php" "python-requests/2.21.0" show less	SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2025-01-19 12:45:33 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 104.28.213.40 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 104.28.213.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 19 07:45:27.210488 2025] [security2:error] [pid 25211:tid 25211] [client 104.28.213.40:26806] [client 104.28.213.40] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 104.28.213.40 (+1 hits since last alert)\|www.naturalacu.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.naturalacu.com"] [uri "/xmlrpc.php"] [unique_id "Z4zz5z9LiIEc1Q7THgK-TAAAABM"], referer: http://www.naturalacu.com/xmlrpc.php show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-01-19 12:28:54 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 104.28.213.40 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 104.28.213.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 19 07:28:50.961661 2025] [security2:error] [pid 5370:tid 5370] [client 104.28.213.40:26994] [client 104.28.213.40] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 104.28.213.40 (+1 hits since last alert)\|jerielster.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "jerielster.com"] [uri "/xmlrpc.php"] [unique_id "Z4zwAmKO0amCrFSXXSjUOgAAABI"], referer: http://jerielster.com/xmlrpc.php show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-01-19 12:06:31 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 104.28.213.40 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 104.28.213.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 19 07:06:25.706542 2025] [security2:error] [pid 12329:tid 12329] [client 104.28.213.40:26688] [client 104.28.213.40] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 104.28.213.40 (+1 hits since last alert)\|www.jennyfiore.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.jennyfiore.com"] [uri "/xmlrpc.php"] [unique_id "Z4zqwQuzWRK0qdwQkbixGgAAAAY"], referer: http://www.jennyfiore.com/xmlrpc.php show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-01-19 10:17:11 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 104.28.213.40 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 104.28.213.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 19 05:17:04.197643 2025] [security2:error] [pid 20216:tid 20216] [client 104.28.213.40:26780] [client 104.28.213.40] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 104.28.213.40 (+1 hits since last alert)\|theavgroup.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "theavgroup.com"] [uri "/xmlrpc.php"] [unique_id "Z4zRIGXQ7yNzgLOLSXEYFQAAAAI"], referer: http://theavgroup.com/xmlrpc.php show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Bedios GmbH	2025-01-19 09:43:42 (1 year ago)	Wordpress hacking attempt	Web App Attack
🇮🇩 BPS-StatisticsIndonesia	2025-01-19 09:38:10 (1 year ago)	XML RPC Scan Activities	Brute-Force Web App Attack
🇦🇺 afleventoffice.com.au	2025-01-18 23:19:41 (1 year ago)	GET /xmlrpc.php HTTP/1.1	Web App Attack
🇳🇱 Study Bitcoin 🤗	2025-01-15 17:40:21 (1 year ago)	2 port probes: 2x tcp/8 (unassigned) [srv127]	Port Scan
🇳🇱 Study Bitcoin 🤗	2024-12-31 08:20:17 (1 year ago)	Port probe to tcp/8 (unassigned) [srv127]	Port Scan

Showing 1231 to 1245 of 1355 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 203.163.237.173

🇺🇸 203.161.38.233

🇨🇭 186.190.215.90

🇩🇪 167.94.145.17

🇺🇸 147.185.132.13

🇨🇦 142.93.158.38

🇰🇷 106.243.155.71

🇨🇳 106.13.70.73

🇮🇹 93.92.74.159

🇦🇪 86.97.139.91

🇸🇪 85.225.26.221

🇺🇸 47.253.234.209

🇺🇸 205.210.31.104

🇵🇱 194.180.49.145

🇲🇩 176.123.2.115

🇨🇳 106.13.69.159

🇨🇳 106.13.46.38

🇺🇸 104.28.195.186

🇬🇧 104.28.164.135

🇮🇳 103.93.37.178