JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.156.137

104.28.156.137 was found in our database!

This IP was reported 201 times. Confidence of Abuse is 46%: ?

46%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.156.137

Whois 104.28.156.137

IP Abuse Reports for 104.28.156.137:

This IP address has been reported a total of 201 times from 90 distinct sources. 104.28.156.137 was first reported on January 30th 2023, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇺 screwlooseit.com.au	2026-06-20 12:22:55 (1 week ago)	Blocked by CSF 13 firewall - Rule: XMLRPC US/United States/-	Web App Attack
🇫🇷 dynamix	2026-06-20 11:40:29 (1 week ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇷🇴 clauss	2026-06-18 17:04:09 (1 week ago)	IP reached maximum auth failures for a one day block	Brute-Force
🇮🇩 sockominfo	2026-06-16 14:00:55 (1 week ago)	User login to application from malicious IP 104.28.156.137.. Threat Score: 3.6/10 (LOW). Confidence: ... show more User login to application from malicious IP 104.28.156.137.. Threat Score: 3.6/10 (LOW). Confidence: 30%. CVSS v3.1: 0/10 (None). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N. Bayesian Probability: 40%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Moderate. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-06-16 13:00:57 (1 week ago)	User login to application from malicious IP 104.28.156.137.. Threat Score: 3.7/10 (LOW). Confidence: ... show more User login to application from malicious IP 104.28.156.137.. Threat Score: 3.7/10 (LOW). Confidence: 30%. CVSS v3.1: 0/10 (None). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N. Bayesian Probability: 40%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-06-16 12:00:57 (1 week ago)	User login to application from malicious IP 104.28.156.137.. Threat Score: 3.8/10 (LOW). Confidence: ... show more User login to application from malicious IP 104.28.156.137.. Threat Score: 3.8/10 (LOW). Confidence: 30%. CVSS v3.1: 0/10 (None). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N. Bayesian Probability: 40%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-06-16 11:00:09 (1 week ago)	User login to application from malicious IP 104.28.156.137.. Threat Score: 0/10 (INFORMATIONAL). Rep ... show more User login to application from malicious IP 104.28.156.137.. Threat Score: 0/10 (INFORMATIONAL). Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 00:29:33 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 104.28.156.137 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 104.28.156.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 20:29:27.783215 2026] [security2:error] [pid 31319:tid 31358] [client 104.28.156.137:61049] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 104.28.156.137 (+1 hits since last alert)\|totheendsoftheearth.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "totheendsoftheearth.com"] [uri "/xmlrpc.php"] [unique_id "aioBZ1Yun5H_lksRc5dvdgAAAQ8"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇩 sockominfo	2026-06-10 05:00:55 (2 weeks ago)	User login to application from malicious IP 104.28.156.137.. Threat Score: 4.2/10 (MEDIUM). Confiden ... show more User login to application from malicious IP 104.28.156.137.. Threat Score: 4.2/10 (MEDIUM). Confidence: 40%. CVSS v3.1: 0/10 (None). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N. Bayesian Probability: 68%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-06-10 04:01:05 (2 weeks ago)	User login to application from malicious IP 104.28.156.137.. Threat Score: 4.3/10 (MEDIUM). Confiden ... show more User login to application from malicious IP 104.28.156.137.. Threat Score: 4.3/10 (MEDIUM). Confidence: 40%. CVSS v3.1: 0/10 (None). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N. Bayesian Probability: 68%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-06-10 03:00:11 (2 weeks ago)	User login to application from malicious IP 104.28.156.137.. Threat Score: 0/10 (INFORMATIONAL). Rep ... show more User login to application from malicious IP 104.28.156.137.. Threat Score: 0/10 (INFORMATIONAL). Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇫🇷 dynamix	2026-06-03 04:01:23 (3 weeks ago)	WordPress wp-login.php Brute Force Attack	Brute-Force Web App Attack
🇮🇩 sockominfo	2026-06-02 17:00:48 (3 weeks ago)	Reported by TangerangKota-CSIRT. Status: MALICIOUS	Hacking Web App Attack
Anonymous	2026-06-01 10:52:14 (4 weeks ago)	Try to connect to Port_Scan_15000_stealth	Port Scan
🇩🇪 LRob.fr	2026-05-27 06:45:07 (1 month ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack

Showing 1 to 15 of 201 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.108

🇩🇪 194.88.98.108

🇷🇴 193.46.255.86

🇻🇪 186.91.207.203

🇷🇺 176.193.239.34

🇳🇱 176.65.149.55

🇮🇳 106.192.108.231

🇩🇪 69.5.169.18

🇸🇬 47.84.134.69

🇺🇸 13.86.105.19

🇨🇳 183.191.191.110

🇺🇸 143.42.1.84

🇮🇳 117.247.48.117

🇺🇸 20.118.248.174

🇷🇴 2a01:9580:8409:2:9999::199

🇺🇸 209.141.34.121

🇮🇳 202.53.94.246

🇧🇷 189.15.10.179

🇫🇮 178.20.210.208

🇦🇲 176.32.193.16