JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.216.170

104.28.216.170 was found in our database!

This IP was reported 49 times. Confidence of Abuse is 100%: ?

100%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇺🇸 United States of America
City	Detroit, Michigan

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.216.170

Whois 104.28.216.170

IP Abuse Reports for 104.28.216.170:

This IP address has been reported a total of 49 times from 27 distinct sources. 104.28.216.170 was first reported on October 4th 2025, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 masterguru	2026-06-07 20:34:09 (4 hours ago)	Restricted File Access Attempt. Matched phrase ".git/" at REQUEST_FILENAME. (930130-197)	Hacking Web App Attack
Anonymous	2026-06-07 15:38:00 (9 hours ago)	M360 WAF: Direct access to sensitive file or dotfile	Hacking
🇯🇵 beon	2026-06-07 14:41:35 (10 hours ago)	[DateTime=>2026-06-07T14:41:35Z to 2026-06-07T14:41:36Z (UTC)] , [HoneyPot_Hits=>twice] , [HoneyPots ... show more [DateTime=>2026-06-07T14:41:35Z to 2026-06-07T14:41:36Z (UTC)] , [HoneyPot_Hits=>twice] , [HoneyPots=>/.git/HEAD, /.git/config] , [total_Hits=>3 times] show less	Bad Web Bot Web App Attack Hacking
🇩🇪 big-cloud.nl	2026-06-07 13:46:00 (11 hours ago)	Try to access /arrangementen/.git/config	Web App Attack
🇦🇺 2000cn.com.au	2026-06-07 07:53:57 (17 hours ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
🇩🇪 raph	2026-06-07 07:21:53 (17 hours ago)	[DOT FILES] crawler .env, .git, .config, etc.	Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-07 06:06:11 (18 hours ago)	Abuse Detected (2)	Brute-Force Web App Attack
🇯🇵 Valhalla	2026-06-07 05:50:39 (19 hours ago)	/.git/config	Hacking Web App Attack
🇺🇸 WellSpring	2026-06-07 05:23:24 (19 hours ago)	git exposure on naturologie.com/.git/HEAD — WellSpr.ing/NetSentinel civic-AI security layer	Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 07:04:32 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 104.28.216.170 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.216.170 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 03:04:25.152588 2026] [security2:error] [pid 13078:tid 13078] [client 104.28.216.170:38021] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "xcarsubscription.com"] [uri "/.git/HEAD"] [unique_id "ahfo-WoxLCp_z9bZpWLB9gAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 octageeks.com	2026-05-28 04:07:40 (1 week ago)	Wordpress malicious attack:[octablocked]	Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 03:33:33 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 104.28.216.170 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.216.170 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 23:33:28.282263 2026] [security2:error] [pid 1514:tid 1514] [client 104.28.216.170:20698] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ww-bbs.com"] [uri "/.git/HEAD"] [unique_id "ahe3iFJfOZp7ZfM59aCKJQAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 03:01:16 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 104.28.216.170 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.216.170 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 23:01:09.551593 2026] [security2:error] [pid 22483:tid 22483] [client 104.28.216.170:41040] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "wuijster.com"] [uri "/.git/config"] [unique_id "ahev9W6-TGCMGK9TrvVUyQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 02:39:09 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 104.28.216.170 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.216.170 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 22:39:02.532965 2026] [security2:error] [pid 9085:tid 9085] [client 104.28.216.170:29726] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "writebetweenthelines.com"] [uri "/.git/config"] [unique_id "aheqxgD26JCIj_Yk8PzulgAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Progetto1	2026-05-27 16:54:02 (1 week ago)	Detected via HAProxyScanner at 2026-05-27 16:54:01 UTC on destination port WEB (80/443). Repeated sc ... show more Detected via HAProxyScanner at 2026-05-27 16:54:01 UTC on destination port WEB (80/443). Repeated scan / connection. show less	Port Scan Hacking Brute-Force

Showing 1 to 15 of 49 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.218.206.69

🇮🇹 206.232.43.78

🇹🇼 198.235.24.82

🇩🇿 197.205.5.100

🇳🇱 195.178.110.30

🇺🇸 162.216.150.42

🇺🇸 137.184.95.216

🇧🇬 79.124.40.174

🇺🇸 64.62.197.107

🇳🇱 45.148.10.157

🇦🇺 34.40.129.47

🇧🇪 34.38.204.209

🇺🇸 20.169.107.49

🇬🇧 195.206.182.215

🇬🇧 195.140.214.30

🇬🇧 188.240.59.38

🇬🇧 188.240.59.32

🇳🇱 185.156.73.233

🇩🇪 167.94.146.63

🇰🇷 118.37.214.187