JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.217.138

104.28.217.138 was found in our database!

This IP was reported 110 times. Confidence of Abuse is 100%: ?

100%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇳🇱 Netherlands
City	Utrecht, Utrecht

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.217.138

Whois 104.28.217.138

IP Abuse Reports for 104.28.217.138:

This IP address has been reported a total of 110 times from 77 distinct sources. 104.28.217.138 was first reported on October 7th 2022, and the most recent report was 58 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 masterguru	2026-06-27 18:26:19 (58 minutes ago)	Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-193)	Hacking Web App Attack
🇫🇷 Felisse	2026-06-27 17:43:02 (1 hour ago)	CrowdSec ban: crowdsecurity/http-crawl-non_statics (duration: 23h59m28s)	Web App Attack
🇳🇱 lometje	2026-06-27 17:35:00 (1 hour ago)	Login attempt or request with invalid authentication from 104.28.217.138 (104.28.217.138). Requested ... show more Login attempt or request with invalid authentication from 104.28.217.138 (104.28.217.138). Requested URL: '/api/config'. (Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; OAI-SearchBot/1.0; +https://openai.com/searchbot) Login attempt or request with invalid authentication from 104.28.217.138 (104.28.217.138). Requested URL: '/api/config'. (Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)) show less	Brute-Force Bad Web Bot Web App Attack Hacking
🇪🇸 alferez	2026-06-27 16:56:22 (2 hours ago)	Searching .(env\|sql\|zip\|tar\|rar) files	Hacking Exploited Host Web App Attack
🇷🇴 iulianh	2026-06-27 16:02:43 (3 hours ago)	80,443	Brute-Force SSH
🇫🇷 Entalpi.net	2026-06-27 15:46:41 (3 hours ago)	Repeated scrapping attempts on unallowed content and/or repeated tarpit hits	Bad Web Bot
🇫🇷 masterguru	2026-06-27 14:17:14 (5 hours ago)	URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .backup/ ... show more URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .compositefont/ .config/ .conf/ .crt/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dist/ .dll/ .dos/ .dpkg-dist/ .drv/ .gadget/ .hta/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .inf/ .ini/ .jse/ .key/ .licx/ .lnk/ .log/ .mdb/ .msc/ .ocx/ .old/ .pass/ .pdb/ .pfx/ .pif/ .pem/ .pol/ .prf/ .printer/ .pwd/ .rdb/ .rdp/ .reg/ .resources/ .resx/ .scr/ .sct/ .shs/ .sql/ .swp/ .sys/ .tlb/ .tmp/ .url/ .vb/ .vbe/ .vbs/ .vbproj/ .vsdisco/ .vxd/ .webinfo/ .ws/ .wsc/ .wsf/ .wsh/ .xsd/ .xsx/" at TX:extension. (920440-196) show less	Hacking
🇩🇪 Dominik Lysiak	2026-06-27 13:51:54 (5 hours ago)	104.28.217.138 - - [27/Jun/2026:15:51:53 +0200] "GET /.aws/credentials HTTP/2.0" 301 162 "-" "Mozill ... show more 104.28.217.138 - - [27/Jun/2026:15:51:53 +0200] "GET /.aws/credentials HTTP/2.0" 301 162 "-" "Mozilla/5.0 (compatible; cohere-ai/1.0; +https://cohere.com)" 104.28.217.138 - - [27/Jun/2026:15:51:54 +0200] "GET /.git/config HTTP/2.0" 301 162 "-" "Mozilla/5.0 (compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot)" 104.28.217.138 - - [27/Jun/2026:15:51:54 +0200] "GET /.env HTTP/2.0" 301 162 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; Perplexity-User/1.0; +https://perplexity.ai/perplexity-user" ... show less	Web App Attack
🇺🇸 Rocky Mountain Bioengineering Symposium	2026-06-27 13:20:38 (6 hours ago)	104.28.217.138 - - [27/Jun/2026:07:20:38 -0600] "GET /.git/config HTTP/2.0" 403 4224 "-" "Mozilla/5. ... show more 104.28.217.138 - - [27/Jun/2026:07:20:38 -0600] "GET /.git/config HTTP/2.0" 403 4224 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; OAI-SearchBot/1.0; +https://openai.com/searchbot" ... show less	Web App Attack
🇩🇪 FeG Deutschland	2026-06-27 12:31:22 (6 hours ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 1247	Exploited Host Web App Attack
🇫🇷 pm33	2026-06-27 11:42:33 (7 hours ago)	Unauthorized connections HTTP 403	Web App Attack
🇬🇧 Smish	2026-06-27 11:14:58 (8 hours ago)	HONEYPOT HIT --> Fail2ban time=1782558897 log=2026-06-27T12:14:57+01:00 ip=104.28.217.138 host=as210 ... show more HONEYPOT HIT --> Fail2ban time=1782558897 log=2026-06-27T12:14:57+01:00 ip=104.28.217.138 host=as210667.net method=GET uri="/vault.env" status=404 ua="CCBot/2.0 (https://commoncrawl.org/faq/)" ref="-" rid=c729bbc5e35a73976fc1d873fdf3e990 show less	Web App Attack
🇺🇸 Operator873	2026-06-27 10:54:36 (8 hours ago)	2026/06/27 05:54:31 [error] 230114#0: 815998 access forbidden by rule, client: 104.28.217.138, serv ... show more 2026/06/27 05:54:31 [error] 230114#0: 815998 access forbidden by rule, client: 104.28.217.138, server: [OBFUSCATED], request: "GET / HTTP/2.0", host: "[OBFUSCATED]" 2026/06/27 05:54:31 [error] 230114#0: 815998 access forbidden by rule, client: 104.28.217.138, server: [OBFUSCATED], request: "GET / HTTP/2.0", host: "[OBFUSCATED]" 2026/06/27 05:54:32 [error] 230114#0: 815998 access forbidden by rule, client: 104.28.217.138, server: [OBFUSCATED], request: "GET /config/secrets.yml HTTP/2.0", host: "[OBFUSCATED]" 2026/06/27 05:54:32 [error] 230114#0: 815998 access forbidden by rule, client: 104.28.217.138, server: [OBFUSCATED], request: "GET /config/secrets.yml HTTP/2.0", host: "[OBFUSCATED]" 2026/06/27 05:54:32 [error] 230114#0: 815998 access forbidden by rule, client: 104.28.217.138, server: [OBFUSCATED], request: "GET /v1/graphql HTTP/2.0", host: "[OBFUSCATED]" ... show less	Brute-Force Web App Attack
Anonymous	2026-06-27 09:24:38 (9 hours ago)	Aggressive web scan	Web App Attack
🇳🇱 tpjg	2026-06-27 09:13:42 (10 hours ago)	Automated: 15 requests with error status in 120s window from 104.28.217.138. Evidence: /.env.example ... show more Automated: 15 requests with error status in 120s window from 104.28.217.138. Evidence: /.env.example:404,/.env:404,/.env.development:404,/.env.old:404,/application.properties:404,/v1/graphql:404,/.git/config:404,/storage/logs/laravel.log:404,/.aws/credentials:404,/application.yml:404,/sitemap.xml:404,/secrets.yml:404,/vault.env:404,/config/application.properties:404,/secrets.json:404 show less	Web App Attack

Showing 1 to 15 of 110 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇮 147.185.133.236

🇫🇮 147.185.133.213

🇭🇰 131.143.243.44

🇰🇷 220.88.220.59

🇺🇸 207.90.244.20

🇬🇧 198.244.226.197

🇹🇼 198.235.24.37

🇰🇷 121.129.75.178

🇫🇷 109.11.96.213

🇳🇱 89.21.67.145

🇱🇹 45.227.254.170

🇺🇸 20.163.63.247

🇺🇸 20.163.38.129

🇨🇳 8.138.201.117

🇧🇷 201.71.192.108

🇨🇳 114.105.182.120

🇧🇫 41.138.98.167

🇬🇧 35.203.211.31

🇺🇸 216.25.89.113

🇧🇷 191.5.31.61