JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.214.229

104.28.214.229 was found in our database!

This IP was reported 173 times. Confidence of Abuse is 87%: ?

87%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇷🇺 Russian Federation
City	Chelyabinsk, Chelyabinsk

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.214.229

Whois 104.28.214.229

IP Abuse Reports for 104.28.214.229:

This IP address has been reported a total of 173 times from 43 distinct sources. 104.28.214.229 was first reported on April 26th 2023, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 xmission.com	2026-06-11 12:40:19 (4 hours ago)	Blocked by UFW (TCP on 37603) Source port: 35066 TTL: 45 Packet length: 60 TOS: 0x08 This report (f ... show more Blocked by UFW (TCP on 37603) Source port: 35066 TTL: 45 Packet length: 60 TOS: 0x08 This report (for 104.28.214.229) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇷🇺 punctualsuspension968	2026-06-07 16:18:33 (4 days ago)	blocked by ufw on TCP 40165	Port Scan
🇨🇳 pengpeng	2026-06-06 15:13:20 (5 days ago)	monitor: on VM-0-7-ubuntu \| port: 56266 \| ttl: 251 script: github.com/sefinek/UFW-AbuseIPDB-Reporte ... show more monitor: on VM-0-7-ubuntu \| port: 56266 \| ttl: 251 script: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 xmission.com	2026-06-05 19:28:19 (5 days ago)	Blocked by UFW (TCP on 51413) Source port: 49909 TTL: 47 Packet length: 60 TOS: 0x08 This report (f ... show more Blocked by UFW (TCP on 51413) Source port: 49909 TTL: 47 Packet length: 60 TOS: 0x08 This report (for 104.28.214.229) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇨🇳 pengpeng	2026-06-05 14:22:59 (6 days ago)	monitor: on VM-0-7-ubuntu \| port: 56266 \| ttl: 251 script: github.com/sefinek/UFW-AbuseIPDB-Reporte ... show more monitor: on VM-0-7-ubuntu \| port: 56266 \| ttl: 251 script: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇳🇱 debestelapp	2026-06-05 09:40:06 (6 days ago)		Web App Attack
🇫🇷 bazter.pro	2026-06-05 06:48:17 (6 days ago)	Fail2Ban: plesk-bot-aggressive - 15 failures	Port Scan Bad Web Bot Web App Attack
🇫🇷 SpaceHost-Server	2026-06-04 22:25:36 (6 days ago)		Brute-Force Web App Attack
Anonymous	2026-06-04 21:04:38 (6 days ago)	Fail2ban filtered ...	Web App Attack
🇫🇷 masterguru	2026-06-04 19:09:22 (6 days ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)	Hacking
🇺🇸 xmission.com	2026-06-04 10:51:39 (1 week ago)	Blocked by UFW (TCP on 36836) Source port: 21079 TTL: 47 Packet length: 60 TOS: 0x08 This report (f ... show more Blocked by UFW (TCP on 36836) Source port: 21079 TTL: 47 Packet length: 60 TOS: 0x08 This report (for 104.28.214.229) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-04 07:19:55 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 104.28.214.229 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 104.28.214.229 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 03:19:48.195358 2026] [security2:error] [pid 2629:tid 2629] [client 104.28.214.229:59139] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 104.28.214.229 (+1 hits since last alert)\|therealseska.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "therealseska.com"] [uri "/xmlrpc.php"] [unique_id "aiEnFBwYRVA740rCw1CduwAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-04 06:00:31 (1 week ago)	[redacted] 104.28.214.229 - - [04/Jun/2026:07:59:37 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ... show more [redacted] 104.28.214.229 - - [04/Jun/2026:07:59:37 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/13.0; WordPress/6.2; http://site19051557.com" [redacted] 104.28.214.229 - - [04/Jun/2026:07:59:50 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.5; WordPress/6.4; http://site37397899.com" [redacted] 104.28.214.229 - - [04/Jun/2026:08:00:08 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 104.28.214.229 - - [04/Jun/2026:08:00:20 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 104.28.214.229 - - [04/Jun/2026:08:00:29 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" ... show less	Hacking Web App Attack
Anonymous	2026-06-02 20:37:14 (1 week ago)	[redacted] 104.28.214.229 - - [02/Jun/2026:22:36:10 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ... show more [redacted] 104.28.214.229 - - [02/Jun/2026:22:36:10 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 104.28.214.229 - - [02/Jun/2026:22:36:41 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 104.28.214.229 - - [02/Jun/2026:22:36:52 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.4)" [redacted] 104.28.214.229 - - [02/Jun/2026:22:37:05 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.0; WordPress/6.4; http://site96595652.com" [redacted] 104.28.214.229 - - [02/Jun/2026:22:37:13 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.5; WordPress/6.4; http://site95528562.com" ... show less	Hacking Web App Attack
Anonymous	2026-06-02 16:56:21 (1 week ago)	[ssd5.kdns.gr] httpd-xmlrpc-post: sites=weihnachtsbasar-athen.gr; logs=/var/log/httpd/domains/weihna ... show more [ssd5.kdns.gr] httpd-xmlrpc-post: sites=weihnachtsbasar-athen.gr; logs=/var/log/httpd/domains/weihnachtsbasar-athen.gr.log; samples=/xmlrpc.php show less	Brute-Force Web App Attack

Showing 1 to 15 of 173 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇪🇹 196.188.187.59

🇮🇪 107.175.59.137

🇫🇷 93.152.22.4

🇺🇸 20.55.2.225

🇩🇪 194.187.176.229

🇩🇪 185.242.3.129

🇮🇳 182.95.233.86

🇺🇸 162.216.149.222

🇵🇰 154.192.233.167

🇨🇳 139.159.181.204

🇺🇸 107.167.34.125

🇯🇵 103.163.220.139

🇫🇷 91.231.89.91

🇸🇪 89.253.90.113

🇳🇱 45.148.10.152

🇬🇧 193.176.29.26

🇨🇳 118.196.119.108

🇱🇹 45.227.254.170

🇳🇱 45.148.10.141

🇺🇸 40.112.183.29