JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 216.24.219.28

216.24.219.28 was found in our database!

This IP was reported 118 times. Confidence of Abuse is 22%: ?

22%

ISP	Rockion LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	rockionllc.com
Country	🇺🇸 United States of America
City	Miami, Florida

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 216.24.219.28

Whois 216.24.219.28

IP Abuse Reports for 216.24.219.28:

This IP address has been reported a total of 118 times from 63 distinct sources. 216.24.219.28 was first reported on May 26th 2023, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 FeG Deutschland	2026-06-27 03:43:56 (1 hour ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 1247	Exploited Host Web App Attack
🇺🇸 Equity Steward	2026-06-27 02:19:46 (2 hours ago)	Systematic automated scraping and endpoint enumeration against equitysteward.org. 1 offences recorde ... show more Systematic automated scraping and endpoint enumeration against equitysteward.org. 1 offences recorded. Trigger: Honeypot path accessed: /wp-login.php — deliberately ignored robots.txt Disallow directive.. Canary ref: eb2aab8b-c96. show less	Web App Attack Bad Web Bot
🇧🇪 Saec	2026-06-11 00:45:18 (2 weeks ago)	Jarvis auto-ban: CF honeypot path /wp-login.php (1× on saec.ovh)	Port Scan Web App Attack
🇫🇷 mrcrassi	2026-05-04 01:52:13 (1 month ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (POST meth ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (POST method) Endpoint: /wp-login.php UA: Mozilla/5.0 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇧🇪 voormedia	2026-04-26 23:11:05 (2 months ago)	Accessed trap at '/wp-login.php'	Web App Attack
🇳🇱 Site.eu	2026-04-25 09:59:14 (2 months ago)	Excessive 404/403 errors	Brute-Force
🇧🇪 voormedia	2026-04-22 13:55:52 (2 months ago)	Accessed trap at '/wp-login.php'	Web App Attack
🇫🇷 Octopuce	2026-03-15 21:02:25 (3 months ago)	Aggressive web search of vulnerable pages: /wp-blog.php /default.php /hehehehe.php /admin.php /click ... show more Aggressive web search of vulnerable pages: /wp-blog.php /default.php /hehehehe.php /admin.php /click.php /wp-links.php /wp-head.php /av.php /ex ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-02-25 12:38:16 (4 months ago)	(mod_security) mod_security (id:210350) triggered by 216.24.219.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 216.24.219.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 25 07:38:12.375617 2026] [security2:error] [pid 15082:tid 15082] [client 216.24.219.28:41913] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|flanagan.works\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "flanagan.works"] [uri "/wp-login.php"] [unique_id "aZ7tNPcBgYZRebFazgofkgAAAAY"], referer: https://flanagan.works/wp-login.php show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-25 01:41:46 (4 months ago)	(mod_security) mod_security (id:210350) triggered by 216.24.219.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 216.24.219.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 24 20:41:39.812681 2026] [security2:error] [pid 10994:tid 10994] [client 216.24.219.28:62777] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|dogarttoday.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "dogarttoday.com"] [uri "/wp-login.php"] [unique_id "aZ5TUy1d7kRY-fdpPp1OVgAAABQ"], referer: https://dogarttoday.com/wp-login.php show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 10dencehispahard SL	2026-02-11 06:42:27 (4 months ago)	Wordpress probing for vulnerabilities	Hacking Exploited Host
🇮🇩 BPS-StatisticsIndonesia	2026-02-06 23:33:33 (4 months ago)	WP Admin Scan Activities	Web App Attack
🇧🇪 voormedia	2026-02-06 04:00:08 (4 months ago)	Accessed trap at '/wp-login.php'	Web App Attack
🇺🇸 csp0829	2026-01-24 20:57:39 (5 months ago)	Asterisk/FreePBX Auth Failure for user: [UNKNOWN]	Brute-Force
🇺🇸 csp0829	2026-01-24 12:16:36 (5 months ago)	Asterisk/FreePBX Auth Failure for user: admin	Brute-Force

Showing 1 to 15 of 118 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇺 178.178.208.201

🇹🇷 176.235.123.20

🇺🇸 173.239.214.139

🇷🇴 141.98.83.240

🇺🇸 85.254.140.72

🇹🇼 60.250.246.239

🇰🇷 43.166.1.243

🇫🇷 217.71.127.125

🇧🇷 205.210.31.225

🇺🇬 196.0.120.6

🇬🇧 193.163.125.126

🇯🇴 176.29.2.135

🇺🇸 162.216.150.137

🇺🇸 143.42.1.213

🇦🇷 138.117.23.51

🇨🇳 101.96.225.252

🇳🇱 91.92.40.151

🇵🇱 87.251.64.146

🇧🇪 34.62.197.208

🇨🇳 14.103.102.130