JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.219.192

104.28.219.192 was found in our database!

This IP was reported 102 times. Confidence of Abuse is 100%: ?

100%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇺🇸 United States of America
City	Kansas City, Missouri

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.219.192

Whois 104.28.219.192

IP Abuse Reports for 104.28.219.192:

This IP address has been reported a total of 102 times from 47 distinct sources. 104.28.219.192 was first reported on May 23rd 2025, and the most recent report was 5 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 kosada.com	2026-06-26 12:51:02 (5 hours ago)	Web vulnerability probing: /.vite/manifest.json	Web App Attack
🇩🇪 big-cloud.nl	2026-06-26 12:44:07 (5 hours ago)	Try to access /.aws/credentials	Web App Attack
🇬🇧 Celtic	2026-06-26 12:23:44 (6 hours ago)	Blocked by Fail2Ban with Jail (plesk-modsecurity)	Brute-Force SSH
🇳🇱 Site.eu	2026-06-26 11:45:40 (6 hours ago)	Excessive multi-domain requests	Brute-Force
🇩🇪 maxpower	2026-06-26 10:40:50 (7 hours ago)	(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 104.28.219.192 (US/United States/-): 2 i ... show more (exploit_critical) REGOLA 2 - Critical File Exploit Attempt 104.28.219.192 (US/United States/-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 104.28.219.192 - - [26/Jun/2026:12:40:47 +0200] "GET /config.env HTTP/2.0" 404 33940 "-" "Mozilla/5.0 (compatible; Google-Extended/1.0; +http://www.google.com/bot.html)" "-" host=circuitografico.it 104.28.219.192 - - [26/Jun/2026:12:40:47 +0200] "GET /.aws/credentials HTTP/2.0" 404 33940 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; ClaudeBot/1.0; +mailto:[email protected]" "-" host=circuitografico.it show less	Port Scan
🇩🇪 LRob.fr	2026-06-26 10:30:03 (7 hours ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
Anonymous	2026-06-26 08:34:37 (9 hours ago)	Aggressive web scan	Web App Attack
🇧🇪 cmbplf	2026-06-26 08:24:20 (10 hours ago)	114 requests with url.path credentials.json 105 requests with url.path .aws/*	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-26 08:03:48 (10 hours ago)	(mod_security) mod_security (id:210730) triggered by 104.28.219.192 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 104.28.219.192 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 04:03:40.014628 2026] [security2:error] [pid 1402:tid 1402] [client 104.28.219.192:57629] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.templeantiques.org\|F\|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.templeantiques.org"] [uri "/build/master.key"] [unique_id "aj4yXF0VtRS09F9Igz3PjwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 07:22:32 (11 hours ago)	(mod_security) mod_security (id:210492) triggered by 104.28.219.192 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.219.192 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 03:22:28.255090 2026] [security2:error] [pid 7274:tid 7311] [client 104.28.219.192:29142] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.dermatologybriargate.com"] [uri "/web/wp-config.php"] [unique_id "aj4otLkMBPThOuHZwPZH2wAAAgE"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇴 jad-abuse	2026-06-26 07:14:08 (11 hours ago)	ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: server_st ... show more ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: server_status, aws_creds, env_probe. Observed by 1 sensor(s); 160 hits. show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 06:51:35 (11 hours ago)	(mod_security) mod_security (id:210492) triggered by 104.28.219.192 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.219.192 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 02:51:31.850981 2026] [security2:error] [pid 11374:tid 11374] [client 104.28.219.192:55115] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.wedeliverstrippers.com"] [uri "/v1/.env.js"] [unique_id "aj4hc-r7931IYnXBR-VfhwAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-26 00:57:22 (17 hours ago)	[Drupal AbuseIPDB module] Request path is blacklisted. /wp-content/debug.log	Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 00:26:49 (18 hours ago)	(mod_security) mod_security (id:210730) triggered by 104.28.219.192 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 104.28.219.192 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 20:26:45.060222 2026] [security2:error] [pid 13125:tid 13125] [client 104.28.219.192:40672] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|jambmaster.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "jambmaster.com"] [uri "/wp-content/debug.log"] [unique_id "aj3HRWo6VGYQ8laQfmYIHAAAAB8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇦 URAN Publishing Service	2026-06-25 22:13:16 (20 hours ago)	104.28.219.192 - - [26/Jun/2026:01:13:14 +0300] "GET /api/.env HTTP/1.1" 404 680 "-" "Mozilla/5.0 (c ... show more 104.28.219.192 - - [26/Jun/2026:01:13:14 +0300] "GET /api/.env HTTP/1.1" 404 680 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" 104.28.219.192 - - [26/Jun/2026:01:13:16 +0300] "GET /backend/.env HTTP/1.1" 404 628 "-" "Mozilla/5.0 (compatible; Claude-Web/1.0; +https://www.anthropic.com)" ... show less	Web App Attack

Showing 1 to 15 of 102 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 221.228.203.3

🇧🇪 198.235.24.192

🇳🇱 195.178.110.228

🇻🇳 171.231.187.100

🇰🇷 158.180.79.132

🇷🇴 141.98.83.240

🇺🇸 66.132.186.197

🇸🇨 45.194.67.146

🇳🇱 20.71.254.235

🇷🇺 188.225.58.133

🇩🇪 185.65.202.199

🇺🇦 128.0.104.44

🇿🇦 20.87.219.67

🇳🇱 203.55.131.3

🇺🇸 195.184.76.107

🇬🇧 193.32.209.227

🇷🇺 178.178.194.136

🇱🇾 154.127.69.9

🇨🇳 112.51.215.187

🇳🇱 91.92.40.204