JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.217.212

104.28.217.212 was found in our database!

This IP was reported 211 times. Confidence of Abuse is 31%: ?

31%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇰🇷 Korea (the Republic of)
City	Incheon, Incheon

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.217.212

Whois 104.28.217.212

IP Abuse Reports for 104.28.217.212:

This IP address has been reported a total of 211 times from 90 distinct sources. 104.28.217.212 was first reported on July 23rd 2022, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇺 Powston	2026-05-29 20:21:50 (5 days ago)	Cowrie Honeypot: 10 unauthorised SSH/Telnet login attempts between 2026-05-29T20:06:46Z and 2026-05- ... show more Cowrie Honeypot: 10 unauthorised SSH/Telnet login attempts between 2026-05-29T20:06:46Z and 2026-05-29T20:21:50Z show less	Brute-Force SSH
🇧🇪 Saec	2026-05-24 11:15:07 (1 week ago)	Jarvis auto-ban: CF honeypot path /wp-login.php (1× on saec.me)	Port Scan Web App Attack
🇳🇱 ByeByte API	2026-05-16 15:55:37 (2 weeks ago)	byebyte.space auth: Rate-limit escalation at 2026-05-16T15:55:37Z: 8 rejections in 300s. Firewall au ... show more byebyte.space auth: Rate-limit escalation at 2026-05-16T15:55:37Z: 8 rejections in 300s. Firewall auto-banned IP for 900s. UA: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.7180.88 Safari/537.36'. Accept-Language: 'en-GB,en;q=0.9,en-US;q=0.8'. Accept-Encoding: 'gzip, br'. Sec-Ch-Ua: '"Chromium";v="146", "Not-A.Brand";v="24", "Google Chrome";v="146"'. Platform: "macOS" (mobile=?0). Connection: Keep-Alive. Country (CF): KR. TLS info: {"scheme":"https"}. show less	Web App Attack DDoS Attack
🇮🇹 VHosting	2026-05-16 06:39:54 (2 weeks ago)	Detected mail brute force attack from 4 different servers	Brute-Force
🇺🇸 COMPLEX	2026-05-08 15:49:18 (3 weeks ago)	Triggered Cloudflare WAF (l7ddos) from KR. Action taken: MANAGED_CHALLENGE ASN: undefined (undefined ... show more Triggered Cloudflare WAF (l7ddos) from KR. Action taken: MANAGED_CHALLENGE ASN: undefined (undefined) Protocol: HTTP/2 (GET method) Endpoint: / UA: Mozilla/5.0 (Android 12; Mobile; rv:149.0) Gecko/149.0 Firefox/149.0 show less	DDoS Attack Bad Web Bot
🇹🇭 anurak.org	2026-04-29 04:50:00 (1 month ago)	HTTP DDOS attack of 3.29k requests	DDoS Attack
🇮🇹 VHosting	2026-04-14 22:19:31 (1 month ago)	Detected mail brute force attack from 4 different servers	Brute-Force
Anonymous	2026-04-07 20:24:14 (1 month ago)		Web App Attack
🇮🇳 liveaspankaj	2026-02-14 05:01:32 (3 months ago)	DDoS attack: 206 requests in 5m (GET / or repair.php).	DDoS Attack
🇮🇳 liveaspankaj	2026-02-12 12:27:31 (3 months ago)	DDoS attack on learngeeta.com: 85 requests of GET / HTTP/1.1 over plain HTTP with no referrer. Autom ... show more DDoS attack on learngeeta.com: 85 requests of GET / HTTP/1.1 over plain HTTP with no referrer. Automated bot attack with randomized User-Agents (outdated Chrome 127-129). show less	DDoS Attack
🇪🇸 el-brujo	2025-12-23 05:10:00 (5 months ago)	DDoS Attack Layer 7	DDoS Attack
🇨🇭 Zeprax	2025-12-17 19:55:13 (5 months ago)	Layer 7 Flood Detected	DDoS Attack
🇩🇪 Packets-Decreaser.NET	2025-12-07 22:33:47 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇬🇧 Audir8 \| RRHosting	2025-12-03 23:52:36 (6 months ago)	Triggered Cloudflare WAF (l7ddos) from KR. Action taken: BLOCK Protocol: HTTP/2 (GET method) Endpoin ... show more Triggered Cloudflare WAF (l7ddos) from KR. Action taken: BLOCK Protocol: HTTP/2 (GET method) Endpoint: /auth/login UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 This report is using Cloudflare-WAF-To-AbuseIPDB show less	DDoS Attack Bad Web Bot
🇮🇳 Mcshield.org	2025-12-01 05:54:06 (6 months ago)	Failed password for invalid user guest from 104.28.217.212 port 30498 ssh2	Brute-Force SSH

Showing 1 to 15 of 211 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 208.84.100.215

🇺🇸 165.22.34.238

🇳🇬 152.32.141.199

🇺🇸 91.230.168.243

🇺🇸 91.230.168.198

🇺🇸 66.132.195.89

🇳🇱 45.156.128.63

🇩🇪 43.228.157.250

🇹🇼 198.235.24.120

🇯🇴 176.29.231.112

🇭🇰 165.154.60.191

🇺🇸 147.185.132.169

🇺🇸 147.185.132.19

🇻🇳 116.110.6.184

🇺🇸 69.171.249.135

🇨🇳 61.178.24.146

🇯🇵 60.40.45.223

🇺🇸 45.43.58.58

🇺🇸 20.168.7.236

🇻🇳 14.235.252.78