JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.251.194

104.28.251.194 was found in our database!

This IP was reported 235 times. Confidence of Abuse is 100%: ?

100%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇺🇸 United States of America
City	Kansas City, Missouri

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.251.194

Whois 104.28.251.194

IP Abuse Reports for 104.28.251.194:

This IP address has been reported a total of 235 times from 139 distinct sources. 104.28.251.194 was first reported on May 7th 2025, and the most recent report was 57 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 Francisco Vallejo	2026-06-28 16:31:36 (57 minutes ago)	[Sun Jun 28 18:31:35.774613 2026] [authz_core:error] [pid 3472340:tid 138951801169600] [client 104.2 ... show more [Sun Jun 28 18:31:35.774613 2026] [authz_core:error] [pid 3472340:tid 138951801169600] [client 104.28.251.194:19660] AH01630: client denied by server configuration: proxy:https://localhost:3000/ [Sun Jun 28 18:31:35.958721 2026] [authz_core:error] [pid 3472340:tid 138951713089216] [client 104.28.251.194:19660] AH01630: client denied by server configuration: proxy:https://localhost:3000/flowise/api/v1/credentials [Sun Jun 28 18:31:36.104140 2026] [authz_core:error] [pid 3472340:tid 138951721481920] [client 104.28.251.194:19660] AH01630: client denied by server configuration: proxy:https://localhost:3000/.env [Sun Jun 28 18:31:36.246219 2026] [authz_core:error] [pid 3472340:tid 138951704696512] [client 104.28.251.194:19660] AH01630: client denied by server configuration: proxy:https://localhost:3000/credentials.json [Sun Jun 28 18:31:36.255513 2026] [authz_core:error] [pid 3472341:tid 138951721481920] [client 104.28.251.194:30375] AH01630: client denied by server configuration: proxy:htt ... show less	Brute-Force SSH
🇫🇷 masterguru	2026-06-28 13:44:26 (3 hours ago)	BAD BOT - Detected and Blocked.. Matched phrase "bytespider" at REQUEST_HEADERS:User-Agent. (1100000 ... show more BAD BOT - Detected and Blocked.. Matched phrase "bytespider" at REQUEST_HEADERS:User-Agent. (1100000-201) show less	Bad Web Bot
🇳🇱 Site.eu	2026-06-28 13:44:00 (3 hours ago)	Excessive multi-domain requests	Brute-Force
🇩🇪 Hary74656	2026-06-28 13:41:45 (3 hours ago)	[Sun Jun 28 15:41:22.314849 2026] [security2:error] [pid 180648:tid 180700] [remote 104.28.251.194:2 ... show more [Sun Jun 28 15:41:22.314849 2026] [security2:error] [pid 180648:tid 180700] [remote 104.28.251.194:20182] [client 104.28.251.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "Search Engine" at TX:httpbl_msg. [file "/usr/share/modsecurity-crs/rules/REQUEST-910-IP-REPUTATION.conf"] [line "199"] [id "910150"] [msg "HTTP Blacklist match for search engine IP"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-ip"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [hostname "aschi.at"] [uri "/"] [unique_id "akEkgQ2DbuBl-Dg8BhrAQAADWAQ"] [Sun Jun 28 15:41:22.483134 2026] [security2:error] [pid 180648:tid 180703] [remote 104.28.251.194:20182] [client 104.28.251.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "Search Engine" at TX:httpbl_msg. [file "/usr/share/modsecurity-crs/rules/REQUEST-910-IP-REPUTATION.conf"] [line "199"] [id "910150"] [msg "HTTP Blacklist match ... show less	Web App Attack
Anonymous	2026-06-28 12:22:23 (5 hours ago)	Excessive 404 errors - web scanning/probing	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-28 08:40:07 (8 hours ago)	(mod_security) mod_security (id:210492) triggered by 104.28.251.194 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.251.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 04:39:58.028778 2026] [security2:error] [pid 15917:tid 15917] [client 104.28.251.194:51648] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "michaeltravis.com"] [uri "/.env.production"] [unique_id "akDd3u5Z43TaAGRyTLqfQwAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-28 04:26:13 (13 hours ago)	Too much 404 requests in 1 minute. Operator GE matched 10 at IP:block_script. (46020-195)	Hacking
Anonymous	2026-06-27 23:33:28 (17 hours ago)	(caddyscan) Scanner path probe from 104.28.251.194 (HN/Honduras/-): 5 in the last 3600 secs; Ports: ... show more (caddyscan) Scanner path probe from 104.28.251.194 (HN/Honduras/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 104.28.251.194 - - [27/Jun/2026:23:33:25 +0000] "GET /.aws/credentials HTTP/1.1" [REDACTED] 200 2627 104.28.251.194 - - [27/Jun/2026:23:33:25 +0000] "GET /.env.production HTTP/1.1" [REDACTED] 200 2627 104.28.251.194 - - [27/Jun/2026:23:33:25 +0000] "GET /api/.env HTTP/1.1" [REDACTED] 200 2627 104.28.251.194 - - [27/Jun/2026:23:33:25 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 104.28.251.194 - - [27/Jun/2026:23:33:25 +0000] "GET /.env.example HTTP/1.1" show less	Port Scan
🇩🇪 LRob.fr	2026-06-27 22:15:10 (19 hours ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
Anonymous	2026-06-27 20:19:37 (21 hours ago)	Aggressive web scan	Web App Attack
🇺🇸 brightenfield	2026-06-27 18:50:29 (22 hours ago)	Web App Attack	Web App Attack
🇧🇪 cmbplf	2026-06-27 18:40:08 (22 hours ago)	165 requests with url.path credentials.json 147 requests with url.path config.json 134 requests ... show more 165 requests with url.path credentials.json 147 requests with url.path config.json 134 requests with url.path .aws/ 104 requests with url.path *secrets.yml show less	Brute-Force Bad Web Bot
🇺🇸 technojoe99	2026-06-27 15:41:58 (1 day ago)	Exploit scan from 104.28.251.194. GET /.env.production.save HTTP/1.1.	Web App Attack
🇳🇱 Site.eu	2026-06-27 13:14:10 (1 day ago)	Excessive multi-domain requests	Brute-Force
🇩🇪 Nightreaver	2026-06-27 12:33:51 (1 day ago)	104.28.251.194 - - [27/Jun/2026:14:33:51 0200] "GET /.env.production.copy HTTP/1.1" 404 4180 "-" "M ... show more 104.28.251.194 - - [27/Jun/2026:14:33:51 0200] "GET /.env.production.copy HTTP/1.1" 404 4180 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:149.0) Gecko/20100101 Firefox/149.0" 104.28.251.194 - - [27/Jun/2026:14:33:51 0200] "GET /.env.local.old HTTP/1.1" 404 4180 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36 Edg/146.0.0.0" 104.28.251.194 - - [27/Jun/2026:14:33:51 0200] "GET /.env.save HTTP/1.1" 404 4180 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36" 104.28.251.194 - - [27/Jun/2026:14:33:51 0200] "GET /.env~ HTTP/1.1" 404 4180 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36" 104.28.251.194 - - [27/Jun/2026:14:33:51 0200] "GET /.env.local.save HTTP/1.1" 404 4180 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36"[...] show less	Bad Web Bot Web App Attack

Showing 1 to 15 of 235 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 64.62.156.204

🇺🇸 35.245.165.234

🇺🇸 207.90.244.26

🇹🇭 159.192.132.36

🇫🇷 146.70.194.222

🇺🇸 104.243.35.104

🇿🇦 102.213.26.189

🇧🇬 95.87.213.16

🇺🇸 66.132.195.114

🇧🇷 45.233.207.175

🇨🇳 218.78.46.81

🇩🇪 185.220.101.21

🇺🇸 45.56.174.85

🇺🇸 167.99.148.102

🇧🇷 149.19.175.65

🇺🇸 135.237.125.137

🇨🇦 104.239.40.203

🇬🇧 104.143.232.143

🇮🇳 103.38.219.22

🇬🇪 2.57.217.229