JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.222.16

104.28.222.16 was found in our database!

This IP was reported 686 times. Confidence of Abuse is 100%: ?

100%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇫🇮 Finland
City	Helsinki, Uusimaa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.222.16

Whois 104.28.222.16

IP Abuse Reports for 104.28.222.16:

This IP address has been reported a total of 686 times from 292 distinct sources. 104.28.222.16 was first reported on April 18th 2023, and the most recent report was 14 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Duggy_Tuxy🧱	2026-06-19 22:19:31 (14 hours ago)	[HP02-SRV02-FR] Blocked by SysWarden Firewall (SSH Attack)	Brute-Force SSH Port Scan
🇧🇷 opastorello	2026-06-19 18:55:08 (17 hours ago)	T-Pot honeypot: 80 hits in 15min on port(s) 1028 (P0f/Honeytrap/Suricata). Port scan / unsolicited c ... show more T-Pot honeypot: 80 hits in 15min on port(s) 1028 (P0f/Honeytrap/Suricata). Port scan / unsolicited connection. Automated report. show less	Port Scan
🇫🇷 Duggy_Tuxy🧱	2026-06-18 10:40:44 (2 days ago)	[HP02-SRV02-FR] Blocked by SysWarden Firewall (Port Scan / Probing)	Port Scan
🇩🇪 paissangroup	2026-06-18 00:09:48 (2 days ago)	Multiple WAF Violations	Web App Attack
🇩🇪 todix	2026-06-17 22:56:08 (2 days ago)	Web App Attack Exploid from 104.28.222.16	Web App Attack
🇫🇷 bazter.pro	2026-06-17 22:08:25 (2 days ago)	Auto-Ban [2026-06-18 01:08:17]: CRITICAL: .env attack; DC: Cloudflare, Inc. [Paths: 17] \| Details: E ... show more Auto-Ban [2026-06-18 01:08:17]: CRITICAL: .env attack; DC: Cloudflare, Inc. [Paths: 17] \| Details: Exploit trap paths: /.env, /.env, /.env.local, /.env.local, /.git/config \| Sensitive files/paths: /.env, /.env, /.env.local, /.env.local, /.git/config \| 404 errors (12): /wp-config.php~, /.env, /phpinfo.php, /wp-config.txt, /wp-config.php.save, /.git/config, /wp-config.old, /.user.ini, /.env.local, /wp-content/debug.log (and 2 more) \| 403 errors (7): /wp-config.php~, /.env, /wp-config.php.save, /.git/config, /wp-config.old, /.env.local, /wp-config.php.bak \| Other paths: /wp-content/uploads/.htaccess, /wp-json/wp/v2/users, /wp-config.php, /xmlrpc.php, / show less	Web App Attack Hacking
🇩🇪 expandmade.com	2026-06-17 18:57:57 (2 days ago)	trolling for installation vulnerabilities [17/Jun/2026:18:57:57 "GET /.env"]	Web App Attack
🇫🇷 dynamix	2026-06-17 16:20:10 (2 days ago)	Multiple WAF Violations	Web App Attack
🇩🇪 Ba-Yu	2026-06-17 12:01:03 (3 days ago)	General hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack
🇩🇪 ger-stg-sifi1	2026-06-17 11:44:49 (3 days ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
Anonymous	2026-06-17 11:11:37 (3 days ago)	104.28.222.16 - - [17/Jun/2026:13:11:24 +0200] "GET /wp-config.php.bak HTTP/1.1" 404 135336 "-" "Moz ... show more 104.28.222.16 - - [17/Jun/2026:13:11:24 +0200] "GET /wp-config.php.bak HTTP/1.1" 404 135336 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36" 104.28.222.16 - - [17/Jun/2026:13:11:26 +0200] "GET /wp-config.php.bak HTTP/1.1" 404 134728 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36" 104.28.222.16 - - [17/Jun/2026:13:11:26 +0200] "GET /wp-config.php.save HTTP/1.1" 404 135345 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36" 104.28.222.16 - - [17/Jun/2026:13:11:29 +0200] "GET /wp-config.php.save HTTP/1.1" 404 134737 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36" 104.28.222.16 - - [17/Jun/2026:13:11:35 +0200] "GET /wp-config.php~ HTTP/1.1" 404 135309 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KH ... show less	Brute-Force Web App Attack
🇫🇷 masterguru	2026-06-17 10:40:29 (3 days ago)	Restricted File Access Attempt. Matched phrase "wp-config." at REQUEST_FILENAME. (930130-197)	Hacking Web App Attack
🇫🇷 masterguru	2026-06-17 09:34:52 (3 days ago)	Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-196)	Hacking Web App Attack
🇬🇧 consul.to	2026-06-17 09:22:04 (3 days ago)	Web attack/malicious scanning detected	Web App Attack
🇫🇷 Duggy_Tuxy🧱	2026-06-17 08:11:37 (3 days ago)	[HP02-SRV02-FR] Blocked by SysWarden Firewall (SSH Attack)	Brute-Force SSH Port Scan

Showing 1 to 15 of 686 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 162.216.150.146

🇻🇳 116.110.209.113

🇷🇴 80.94.92.184

🇬🇧 35.203.210.20

🇩🇪 31.57.76.25

🇺🇸 18.97.19.190

🇩🇪 167.94.146.61

🇻🇳 103.48.192.48

🇨🇳 101.71.69.17

🇺🇸 98.90.43.197

🇺🇸 69.85.230.206

🇧🇷 45.205.1.242

🇸🇬 43.134.51.147

🇷🇺 31.173.67.115

🇳🇱 31.14.32.8

🇭🇰 20.2.83.149

🇷🇴 2.57.122.238

🇭🇰 199.45.154.184

🇺🇸 172.236.228.227

🇭🇰 168.76.131.178