JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.216.27

104.28.216.27 was found in our database!

This IP was reported 13 times. Confidence of Abuse is 27%: ?

27%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇫🇷 France
City	Rouen, Normandy

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.216.27

Whois 104.28.216.27

IP Abuse Reports for 104.28.216.27:

This IP address has been reported a total of 13 times from 9 distinct sources. 104.28.216.27 was first reported on May 24th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇹 VHosting	2026-06-12 18:08:27 (1 week ago)	Detected mail brute force attack from 4 different servers	Brute-Force
🇷🇴 Fn4ticHz	2026-06-05 17:52:53 (2 weeks ago)	DDoS blocked via ZeroGuard.ID	DDoS Attack Exploited Host
🇫🇷 MatStef132	2026-05-23 15:48:43 (3 weeks ago)	MatShield L7: blocked on mathost.eu (ua-quarantined)	Bad Web Bot
🇫🇷 MatStef132	2026-05-21 15:51:14 (4 weeks ago)	MatShield L7: blocked on mathost.eu (ua-quarantined)	Bad Web Bot
🇫🇷 MatStef132	2026-05-17 18:03:49 (1 month ago)	MatShield L7: blocked on mathost.eu (ua-quarantined)	Bad Web Bot
🇸🇬 volcaryx	2026-05-17 05:19:25 (1 month ago)	Cloudflare detected an L7 DDoS attack (l7ddos) from FR. Action: BLOCK \| Protocol: HTTP/2 (GET) \| End ... show more Cloudflare detected an L7 DDoS attack (l7ddos) from FR. Action: BLOCK \| Protocol: HTTP/2 (GET) \| Endpoint: / \| UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 • Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	DDoS Attack Bad Web Bot
🇷🇴 PhishDestroy	2026-05-16 23:39:54 (1 month ago)	L7 DDoS attack on phishdestroy.io (anti-phishing platform). This IP sent 773,300 HTTP GET flood requ ... show more L7 DDoS attack on phishdestroy.io (anti-phishing platform). This IP sent 773,300 HTTP GET flood requests to /domain/satellitestress.st/ and /domain/terrastress.st/ on 2026-05-15. Total attack: 1.67B requests from 197K IPs. Source: Cloudflare L7 DDoS mitigation logs. show less	DDoS Attack
🇦🇹 AustrianSimon	2026-05-04 21:31:49 (1 month ago)	04 May 2026 21:31:49UTC:Distributed Brute Force Password Attack (smtp, ftp, imap, pop, ssh) includin ... show more 04 May 2026 21:31:49UTC:Distributed Brute Force Password Attack (smtp, ftp, imap, pop, ssh) including ip address 104.28.216.27 show less	Brute-Force
🇺🇸 TPI-Abuse	2025-07-28 12:10:44 (10 months ago)	(mod_security) mod_security (id:225170) triggered by 104.28.216.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 104.28.216.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 28 08:10:40.912652 2025] [security2:error] [pid 1770:tid 1770] [client 104.28.216.27:52113] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|primacomm.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "primacomm.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aIdowIl-78VFUtY06WkBvwAAAAo"], referer: https://primacomm.com/wp-json/wp/v2/users/ show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2024-12-11 12:38:08 (1 year ago)	Ports: *; Direction: 0; Trigger: LF_DISTSMTP	Brute-Force SSH
Anonymous	2024-12-04 18:40:40 (1 year ago)	Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
🇩🇪 Hessfr	2024-05-24 12:02:02 (2 years ago)	2024-05-24T13:56:40.886243+02:00 de kernel: [1649931.834333] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=90:1b ... show more 2024-05-24T13:56:40.886243+02:00 de kernel: [1649931.834333] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=90:1b:0e:e1:82:93:84:c1:c1:78:9a:ea:08:00 SRC=104.28.216.27 DST=94.130.206.219 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=35257 DF PROTO=TCP SPT=11959 DPT=42924 WINDOW=65535 RES=0x00 SYN URGP=0 2024-05-24T13:58:00.102915+02:00 de kernel: [1650011.051075] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=90:1b:0e:e1:82:93:84:c1:c1:78:9a:ea:08:00 SRC=104.28.216.27 DST=94.130.206.219 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=31151 DF PROTO=TCP SPT=11425 DPT=42924 WINDOW=65535 RES=0x00 SYN URGP=0 2024-05-24T13:59:20.272263+02:00 de kernel: [1650091.219644] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=90:1b:0e:e1:82:93:84:c1:c1:78:9a:ea:08:00 SRC=104.28.216.27 DST=94.130.206.219 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=49958 DF PROTO=TCP SPT=52566 DPT=42924 WINDOW=65535 RES=0x00 SYN URGP=0 2024-05-24T14:00:41.125252+02:00 de kernel: [1650172.070896] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=90:1b:0e:e1:82:93:84:c1:c1:78:9a:ea:08:00 SRC=104.28.216 ... show less	Port Scan
🇩🇪 Hessfr	2024-05-24 10:45:42 (2 years ago)	2024-05-24T12:41:52.772287+02:00 de kernel: [1645443.763567] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=90:1b ... show more 2024-05-24T12:41:52.772287+02:00 de kernel: [1645443.763567] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=90:1b:0e:e1:82:93:84:c1:c1:78:9a:ea:08:00 SRC=104.28.216.27 DST=94.130.206.219 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=62434 DF PROTO=TCP SPT=21054 DPT=42924 WINDOW=65535 RES=0x00 SYN URGP=0 2024-05-24T12:43:12.524219+02:00 de kernel: [1645523.513768] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=90:1b:0e:e1:82:93:84:c1:c1:78:9a:ea:08:00 SRC=104.28.216.27 DST=94.130.206.219 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=30506 DF PROTO=TCP SPT=14840 DPT=42924 WINDOW=65535 RES=0x00 SYN URGP=0 2024-05-24T12:45:38.878733+02:00 de kernel: [1645669.867901] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=90:1b:0e:e1:82:93:84:c1:c1:78:9a:ea:08:00 SRC=104.28.216.27 DST=94.130.206.219 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=65245 DF PROTO=TCP SPT=42831 DPT=42924 WINDOW=65535 RES=0x00 SYN URGP=0 2024-05-24T12:45:39.911677+02:00 de kernel: [1645670.900797] [UFW BLOCK] IN=enp0s31f6 OUT= MAC=90:1b:0e:e1:82:93:84:c1:c1:78:9a:ea:08:00 SRC=104.28.216 ... show less	Port Scan

Showing 1 to 13 of 13 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 220.197.85.203

🇳🇱 217.60.195.150

🇳🇱 185.223.235.7

🇺🇸 174.169.131.55

🇩🇪 167.94.146.41

🇻🇳 160.191.89.47

🇫🇮 147.185.133.54

🇨🇳 117.28.119.246

🇺🇸 73.237.252.214

🇺🇸 71.13.250.141

🇧🇷 45.227.249.232

🇺🇸 23.234.95.43

🇨🇳 220.250.11.141

🇩🇪 213.209.159.11

🇧🇷 190.115.84.25

🇺🇸 159.89.225.201

🇺🇸 136.144.33.114

🇬🇧 86.138.26.164

🇱🇹 81.30.98.62

🇧🇬 78.128.112.74