JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.152.40

104.28.152.40 was found in our database!

This IP was reported 61 times. Confidence of Abuse is 40%: ?

40%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇧🇷 Brazil
City	Sao Paulo, Sao Paulo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.152.40

Whois 104.28.152.40

IP Abuse Reports for 104.28.152.40:

This IP address has been reported a total of 61 times from 36 distinct sources. 104.28.152.40 was first reported on June 1st 2023, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-13 17:16:43 (2 days ago)	Fail2ban filtered ...	Web App Attack
🇫🇷 masterguru	2026-06-11 02:54:02 (4 days ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)	Hacking
🇧🇷 chronos	2026-06-04 18:38:50 (1 week ago)	Generic malicious activity: Tentativa de varredura de porta TCP... \| Port: 59601 \| Proto: TCP \| Loca ... show more Generic malicious activity: Tentativa de varredura de porta TCP... \| Port: 59601 \| Proto: TCP \| Location: Brazil, São Paulo show less	Port Scan Hacking
🇧🇷 chronos	2026-05-29 21:07:27 (2 weeks ago)	Generic malicious activity: Tentativa de varredura de porta TCP... \| Port: 59601 \| Proto: TCP \| Loca ... show more Generic malicious activity: Tentativa de varredura de porta TCP... \| Port: 59601 \| Proto: TCP \| Location: Brazil, São Paulo show less	Port Scan Hacking
🇪🇸 pipeline.es	2026-05-26 09:09:16 (2 weeks ago)	SQL injection against web application	SQL Injection Web App Attack
🇪🇸 pipeline.es	2026-05-25 17:13:48 (3 weeks ago)	SQL injection against web application \| Evidence: WARNING: SQL Injection Fecha: 25-05-2026 19:12:28 ... show more SQL injection against web application \| Evidence: WARNING: SQL Injection Fecha: 25-05-2026 19:12:28 IP: 104.28.152.40 Cadena: [pattern: '/\bselect\b.{0,80}\bfrom\b/i', field: 'zonas', val: '\|\|(select//rddz//from//dual//where//8307=8307//and/**/8724=7719)\|\|'] Contexto: {\"method\":\"GET\",\"host\":\"anetours.geaweb.pt\",\"uri\":\"\/pt\/servicos\/hotel\/buscar.htm?&categoria=1&ciudad=555-666-0606&ciudad_autocompleter=Testing&edad_maxima \| ASN: CLOUDFLARENET \| Country: BR show less	SQL Injection Web App Attack
🇨🇳 pengpeng	2026-05-17 08:34:55 (4 weeks ago)	monitor: on VM-0-7-ubuntu \| port: 45706 \| ttl: 251 script: github.com/sefinek/UFW-AbuseIPDB-Reporte ... show more monitor: on VM-0-7-ubuntu \| port: 45706 \| ttl: 251 script: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇧🇷 chronos	2026-05-17 02:15:12 (4 weeks ago)	Generic malicious activity: Tentativa de varredura de porta TCP... \| Port: 59601 \| Proto: TCP \| Loca ... show more Generic malicious activity: Tentativa de varredura de porta TCP... \| Port: 59601 \| Proto: TCP \| Location: Brazil, São Paulo show less	Port Scan Hacking
🇨🇿 unhfree.net	2026-05-14 23:13:29 (1 month ago)	May 15 01:12:52 canopus postfix/smtpd[683936]: NOQUEUE: reject: RCPT from unknown[104.28.152.40]: 55 ... show more May 15 01:12:52 canopus postfix/smtpd[683936]: NOQUEUE: reject: RCPT from unknown[104.28.152.40]: 554 5.7.1 <[email protected]>: Sender address rejected: Access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[172.16.0.2]> May 15 01:13:01 canopus postfix/smtpd[683936]: NOQUEUE: reject: RCPT from unknown[104.28.152.40]: 554 5.7.1 <[email protected]>: Sender address rejected: Access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[172.16.0.2]> May 15 01:13:10 canopus postfix/smtpd[683936]: NOQUEUE: reject: RCPT from unknown[104.28.152.40]: 554 5.7.1 <[email protected]>: Sender address rejected: Access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[172.16.0.2]> May 15 01:13:19 canopus postfix/smtpd[683936]: NOQUEUE: reject: RCPT from unknown[104.28.152.40]: 554 5.7.1 <[email protected]>: Sender address rejected: Access denied; from=<[email protected]> to=<henriltda2022 ... show less	Brute-Force Exploited Host
🇨🇳 pengpeng	2026-05-11 22:21:23 (1 month ago)	monitor: on VM-0-7-ubuntu \| port: 45706 \| ttl: 251 script: github.com/sefinek/UFW-AbuseIPDB-Reporte ... show more monitor: on VM-0-7-ubuntu \| port: 45706 \| ttl: 251 script: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
Anonymous	2026-05-04 14:58:47 (1 month ago)	(smtpauth) Failed SMTP AUTH login from 104.28.152.40 (BR/Brazil/São Paulo/São Paulo/-/[redacted])	Brute-Force
🇩🇪 Séfora Srl	2026-05-02 05:01:58 (1 month ago)	Failed attempt detected by Fail2Ban in plesk-modsecurity jail	Web App Attack
🇸🇪 vaia.cloud	2026-05-01 22:59:01 (1 month ago)	trying wp-login.php/xmlrpc.php 91 times in 1 minutes	Brute-Force Web App Attack
🇳🇱 wlt-blocker	2026-04-27 16:34:31 (1 month ago)	Unauthorized access to webpage admin	Web App Attack
🇬🇧 consul.to	2026-04-22 06:20:10 (1 month ago)	Web attack/malicious scanning detected	Web App Attack

Showing 1 to 15 of 61 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2607:f8b0:400e:c1e::12e

🇻🇪 201.238.35.140

🇧🇷 177.153.38.157

🇺🇸 173.194.97.19

🇺🇸 162.216.150.221

🇮🇳 154.84.242.115

🇹🇭 203.154.158.195

🇪🇬 197.199.224.52

🇧🇷 187.8.64.94

🇸🇦 151.254.85.121

🇹🇼 111.70.23.231

🇵🇰 103.79.16.159

🇷🇺 95.165.25.233

🇳🇱 89.248.163.200

🇰🇷 59.21.37.60

🇳🇱 45.156.128.157

🇺🇸 165.154.173.226

🇺🇸 162.216.149.103

🇳🇪 154.127.86.8

🇺🇸 129.121.72.50