JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.157.199

104.28.157.199 was found in our database!

This IP was reported 135 times. Confidence of Abuse is 68%: ?

68%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇭🇰 Hong Kong
City	Hong Kong

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.157.199

Whois 104.28.157.199

IP Abuse Reports for 104.28.157.199:

This IP address has been reported a total of 135 times from 63 distinct sources. 104.28.157.199 was first reported on August 8th 2023, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-04-02 20:53:18 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 104.28.157.199 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.157.199 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 02 16:53:11.560716 2026] [security2:error] [pid 19218:tid 19218] [client 104.28.157.199:21425] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dixieaire.com"] [uri "/sftp-config.json"] [unique_id "ac7XN9RZZH5b-7MfFM86PwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-04-02 16:14:32 (2 months ago)	Web attack/malicious scanning detected	Web App Attack
🇩🇪 conseilgouz	2026-04-02 13:59:29 (2 months ago)	ave-17 : Block hidden directories=>/.vscode/sftp.json(/)	Hacking
🇺🇸 TPI-Abuse	2026-04-01 19:12:25 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 104.28.157.199 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.157.199 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 01 15:12:19.557293 2026] [security2:error] [pid 25534:tid 25548] [client 104.28.157.199:19789] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tamarkummel.com"] [uri "/sftp-config.json"] [unique_id "ac1uE_FTRYMrnpNfiAk11gAAAQw"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 cmbplf	2026-04-01 14:47:48 (2 months ago)	110 requests with url.path *config.json	Brute-Force Bad Web Bot
Anonymous	2026-04-01 12:41:15 (2 months ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2026-03-29 14:34:37 (2 months ago)	Aggressive web scan	Web App Attack
🇬🇧 OptimusGO	2026-03-29 13:54:42 (2 months ago)	Malicious activity detected: web_attack Server: commstackbc (185.127.18.66) Attack: web_attack Time ... show more Malicious activity detected: web_attack Server: commstackbc (185.127.18.66) Attack: web_attack Timestamp: 2026-03-29 14:54:32 UTC Log evidence: 03/29/2026-14:54:31.259060 [] [1:1000101:2] SECURITY Port Scan Detected - Multiple Unauthorized Ports [] [Classification: Attempted Information Leak] [Priority: 1] {TCP} 104.28.157.199:54694 -> 185.127.18.66:3003 03/29/2026-14:54:32.282063 [] [1:1000101:2] SECURITY Port Scan Detected - Multiple Unauthorized Ports [] [Classification: Attempted Information Leak] [Priority: 1] {TCP} 104.28.157.199:54694 -> 185.127.18.66:3003 show less	Port Scan Brute-Force
🇮🇩 xveil	2026-03-29 03:16:14 (2 months ago)	2026-03-29T10:16:12.543443 mail-honeypot postfix/submission/smtpd[10887]: warning: unknown[104.28.15 ... show more 2026-03-29T10:16:12.543443 mail-honeypot postfix/submission/smtpd[10887]: warning: unknown[104.28.157.199]: SASL LOGIN authentication failed: authentication failure ... show less	Brute-Force
🇺🇸 xmission.com	2026-03-26 12:22:08 (2 months ago)	Blocked by UFW (TCP on 6610) Source port: 33008 TTL: 49 Packet length: 60 TOS: 0x08 This report (fo ... show more Blocked by UFW (TCP on 6610) Source port: 33008 TTL: 49 Packet length: 60 TOS: 0x08 This report (for 104.28.157.199) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 Rayulcifer	2026-03-25 05:28:57 (2 months ago)	104.28.157.199 - - [25/Mar/2026:00:22:51 -0500] "GET http://httpbin.org/ip HTTP/1.1" 200 855 "-" "Py ... show more 104.28.157.199 - - [25/Mar/2026:00:22:51 -0500] "GET http://httpbin.org/ip HTTP/1.1" 200 855 "-" "Python/3.8 aiohttp/3.10.11" 104.28.157.199 - - [25/Mar/2026:00:28:56 -0500] "GET http://httpbin.org/ip HTTP/1.1" 200 855 "-" "Python/3.8 aiohttp/3.10.11" ... show less	Open Proxy Port Scan Hacking Web App Attack SSH
🇱🇻 garmtech.com	2026-03-19 17:58:45 (2 months ago)	IM360 WAF: RCE via prototype pollution in React Server Components < 19.0.1/19.1.2/19.2.1 or Next.js ... show more IM360 WAF: RCE via prototype pollution in React Server Components < 19.0.1/19.1.2/19.2.1 or Next.js < 15.0.5/16.0.7 (CVE-2025-55182, CVE-2025-66478) show less	Hacking
🇺🇸 Rayulcifer	2026-03-18 12:19:25 (2 months ago)	104.28.157.199 - - [18/Mar/2026:07:12:58 -0500] "GET http://httpbin.org/ip HTTP/1.1" 200 855 "-" "Py ... show more 104.28.157.199 - - [18/Mar/2026:07:12:58 -0500] "GET http://httpbin.org/ip HTTP/1.1" 200 855 "-" "Python/3.8 aiohttp/3.10.11" 104.28.157.199 - - [18/Mar/2026:07:19:25 -0500] "GET http://httpbin.org/ip HTTP/1.1" 200 855 "-" "Python/3.8 aiohttp/3.10.11" ... show less	Open Proxy Port Scan Hacking Web App Attack SSH
🇺🇸 Rayulcifer	2026-03-17 12:08:14 (2 months ago)	104.28.157.199 - - [17/Mar/2026:07:01:56 -0500] "GET http://httpbin.org/ip HTTP/1.1" 200 855 "-" "Py ... show more 104.28.157.199 - - [17/Mar/2026:07:01:56 -0500] "GET http://httpbin.org/ip HTTP/1.1" 200 855 "-" "Python/3.8 aiohttp/3.10.11" 104.28.157.199 - - [17/Mar/2026:07:08:03 -0500] "CONNECT api.locketcamera.com:443 HTTP/1.0" 502 507 "-" "-" ... show less	Open Proxy Port Scan Hacking Web App Attack SSH
🇮🇳 liveaspankaj	2026-02-26 23:19:05 (3 months ago)	DDoS attack: 132 requests in 5m (GET / or repair.php).	DDoS Attack

Showing 31 to 45 of 135 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 178.104.107.91

🇭🇰 152.32.168.34

🇸🇬 150.109.6.173

🇨🇳 115.190.52.176

🇮🇩 103.191.171.49

🇫🇷 91.231.89.68

🇺🇸 74.192.139.7

🇩🇪 69.5.169.135

🇲🇾 47.250.128.73

🇨🇳 223.151.76.245

🇩🇪 193.124.20.243

🇧🇷 189.37.71.8

🇬🇧 172.236.30.18

🇳🇱 172.94.9.75

🇺🇸 147.185.132.162

🇺🇸 147.182.247.10

🇵🇰 119.156.28.157

🇰🇷 118.33.113.91

🇫🇷 91.196.152.214

🇩🇪 69.5.169.240