JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.234.178

104.28.234.178 was found in our database!

This IP was reported 1,212 times. Confidence of Abuse is 33%: ?

33%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇺🇸 United States of America
City	New York City, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.234.178

Whois 104.28.234.178

IP Abuse Reports for 104.28.234.178:

This IP address has been reported a total of 1,212 times from 477 distinct sources. 104.28.234.178 was first reported on August 3rd 2022, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇳 evicky2002	2026-05-30 08:05:12 (3 weeks ago)	Confirmed malicious by STILWaters CTI platform (score=100, sources=1)	Hacking Brute-Force SSH
Anonymous	2026-05-14 16:19:37 (1 month ago)	Aggressive web scan	Web App Attack
Anonymous	2026-05-06 03:29:54 (1 month ago)	"GET /.env HTTP/1.1"	Hacking Web App Attack
🇦🇺 clapper	2026-05-05 15:19:56 (1 month ago)	(mod_security) mod_security (id:949110) triggered by 104.28.234.178 (US/United States/-): 5 in the l ... show more (mod_security) mod_security (id:949110) triggered by 104.28.234.178 (US/United States/-): 5 in the last 600 secs; ID: rub show less	Brute-Force Bad Web Bot
🇩🇪 4server	2026-05-05 09:33:30 (1 month ago)	[TueMay0511:33:27.1863992026][security2:error][pid1534984:tid1535114][client104.28.234.178:0]ModSecu ... show more [TueMay0511:33:27.1863992026][security2:error][pid1534984:tid1535114][client104.28.234.178:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"www.assistenza-pc-mac-ticino.artisteer-italia.org\"][uri\"/admin/.env\"][unique_id\"afm5Z3r-CR5F0xRw_PYjgAAAARA\"] show less	Port Scan Brute-Force Web App Attack
Anonymous	2026-05-05 06:05:05 (1 month ago)	WAF repeated trigger detected by Fail2Ban	Web App Attack
🇦🇺 aranguren.org	2026-05-05 05:09:51 (1 month ago)	104.28.234.178 - - [05/May/2026:15:09:48 +1000] "GET /backend/.env HTTP/1.1" 404 989 "-" "Mozilla/5. ... show more 104.28.234.178 - - [05/May/2026:15:09:48 +1000] "GET /backend/.env HTTP/1.1" 404 989 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/131.0.0.0 Safari/537.36" 104.28.234.178 - - [05/May/2026:15:09:48 +1000] "GET /aws_credentials.json HTTP/1.1" 404 989 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/131.0.0.0 Safari/537.36" 104.28.234.178 - - [05/May/2026:15:09:48 +1000] "GET /admin/.env HTTP/1.1" 404 989 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/131.0.0.0 Safari/537.36" 104.28.234.178 - - [05/May/2026:15:09:49 +1000] "GET /api/.env HTTP/1.1" 404 989 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/131.0.0.0 Safari/537.36" 104.28.234.178 - - [05/May/2026:15:09:49 +1000] "GET /app/.env HTTP/1.1" 404 989 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/131.0.0.0 Safari/537.36" 104.28.234.178 - - [05/May/2026:15:09:50 +1000] "GET /.env.test HTTP/1.1" 404 989 "-" " ... show less	Bad Web Bot
🇬🇧 consul.to	2026-05-05 04:59:00 (1 month ago)	Web attack/malicious scanning detected	Web App Attack
Anonymous	2026-05-04 19:22:50 (1 month ago)	104.28.234.178 - - [05/May/2026:04:22:49 +0900] "GET /.s3cfg HTTP/1.1" 403 3817 "-" "Mozilla/5.0 (Wi ... show more 104.28.234.178 - - [05/May/2026:04:22:49 +0900] "GET /.s3cfg HTTP/1.1" 403 3817 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/131.0.0.0 Safari/537.36" 104.28.234.178 - - [05/May/2026:04:22:49 +0900] "GET /api/.env HTTP/1.1" 403 3817 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/131.0.0.0 Safari/537.36" 104.28.234.178 - - [05/May/2026:04:22:49 +0900] "GET /server/.env HTTP/1.1" 403 3817 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/131.0.0.0 Safari/537.36" 104.28.234.178 - - [05/May/2026:04:22:49 +0900] "GET /admin/.env HTTP/1.1" 403 3817 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/131.0.0.0 Safari/537.36" 104.28.234.178 - - [05/May/2026:04:22:49 +0900] "GET /.aws/credentials HTTP/1.1" 403 3817 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/131.0.0.0 Safari/537.36" ... show less	Brute-Force
🇸🇮 administrator	2026-05-04 17:08:35 (1 month ago)	2026-04-18 17:55:45,337 fail2ban.actions [1195]: NOTICE [error] Ban 104.28.234.178 2026-04-1 ... show more 2026-04-18 17:55:45,337 fail2ban.actions [1195]: NOTICE [error] Ban 104.28.234.178 2026-04-18 17:55:45,337 fail2ban.actions [1195]: NOTICE [error] Ban 104.28.234.178 2026-04-18 17:55:45,337 fail2ban.actions [1195]: NOTICE [error] Ban 104.28.234.178 ... show less	Bad Web Bot Web Spam Email Spam Blog Spam Port Scan Brute-Force Web App Attack
🇬🇧 consul.to	2026-05-04 04:21:45 (1 month ago)	Web attack/malicious scanning detected	Web App Attack
🇯🇵 VXG-NET	2026-05-02 16:09:10 (1 month ago)	port=80, indicator_type=info-leak	Hacking
🇯🇵 Short-legs-Spider	2026-05-02 06:46:26 (1 month ago)	Test on existence -- [02/May/2026:15:46:26 +0900] "GET /admin/.env HTTP/1.1" 403 76 "-" "Mozilla/5 ... show more Test on existence -- [02/May/2026:15:46:26 +0900] "GET /admin/.env HTTP/1.1" 403 76 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/131.0.0.0 Safari/537.36" [02/May/2026:15:46:26 +0900] "GET /api/.env HTTP/1.1" 403 76 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/131.0.0.0 Safari/537.36" show less	Web App Attack
🇩🇪 MBombeck	2026-05-01 18:24:43 (1 month ago)	Fail2Ban/traefik-botsearch on apps-01: banned after 5 failures	Web App Attack
🇫🇮 sw0ok	2026-04-30 11:39:24 (1 month ago)	time="2026-04-30T11:39:23Z" level=info msg="Access to https://portainer.sw0ok.dev/.env.backup (metho ... show more time="2026-04-30T11:39:23Z" level=info msg="Access to https://portainer.sw0ok.dev/.env.backup (method GET) is not authorized to user <anonymous>, responding with status code 401 with location redirect to https://auth.sw0ok.dev/?rd=https%3A%2F%2Fportainer.sw0ok.dev%2F.env.backup&rm=GET" method=GET path=/api/authz/forward-auth remote_ip=104.28.234.178 time="2026-04-30T11:39:23Z" level=info msg="Access to https://portainer.sw0ok.dev/.env.save (method GET) is not authorized to user <anonymous>, responding with status code 401 with location redirect to https://auth.sw0ok.dev/?rd=https%3A%2F%2Fportainer.sw0ok.dev%2F.env.save&rm=GET" method=GET path=/api/authz/forward-auth remote_ip=104.28.234.178 time="2026-04-30T11:39:24Z" level=info msg="Access to https://portainer.sw0ok.dev/.env.dist (method GET) is not authorized to user <anonymous>, responding with status code 401 with location redirect to https://auth.sw0ok.dev/?rd=https%3A%2F%2Fportainer.sw0ok.dev%2F.env.dist&rm=GET" method=GET path=/ ... show less	Brute-Force

Showing 1 to 15 of 1212 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇻🇳 171.231.180.249

🇨🇳 116.228.233.93

🇨🇳 116.171.245.252

🇺🇸 2604:a880:400:d1:0:4:9e8f:d001

🇩🇪 216.26.247.177

🇨🇷 190.112.222.28

🇹🇼 114.42.143.186

🇱🇻 91.105.57.241

🇪🇸 80.102.218.187

🇵🇱 57.128.225.99

🇺🇬 41.210.131.212

🇺🇸 20.98.153.37

🇹🇿 197.186.9.173

🇷🇴 193.46.255.86

🇯🇵 139.162.113.212

🇨🇳 123.145.27.142

🇩🇪 78.94.166.221

🇨🇳 122.97.209.177

🇻🇳 116.98.104.138

🇮🇷 5.53.35.1