JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.159.127

104.28.159.127 was found in our database!

This IP was reported 174 times. Confidence of Abuse is 87%: ?

87%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.159.127

Whois 104.28.159.127

IP Abuse Reports for 104.28.159.127:

This IP address has been reported a total of 174 times from 83 distinct sources. 104.28.159.127 was first reported on May 16th 2023, and the most recent report was 9 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇩 sockominfo	2026-06-04 11:00:47 (9 hours ago)	User login to application from malicious IP 104.28.159.127.. Threat Score: 3.7/10 (LOW). Confidence: ... show more User login to application from malicious IP 104.28.159.127.. Threat Score: 3.7/10 (LOW). Confidence: 30%. CVSS v3.1: 0/10 (None). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N. Bayesian Probability: 40%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-06-04 10:00:40 (10 hours ago)	User login to application from malicious IP 104.28.159.127.. Threat Score: 3.9/10 (LOW). Confidence: ... show more User login to application from malicious IP 104.28.159.127.. Threat Score: 3.9/10 (LOW). Confidence: 30%. CVSS v3.1: 0/10 (None). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N. Bayesian Probability: 40%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Very Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇺🇸 TAY	2026-06-03 23:17:19 (21 hours ago)	104.28.159.127 - - [04/Jun/2026:07:08:33 +0800] "POST /wp-login.php HTTP/1.1" 200 10934 "-" "Mozilla ... show more 104.28.159.127 - - [04/Jun/2026:07:08:33 +0800] "POST /wp-login.php HTTP/1.1" 200 10934 "-" "Mozilla/5.0" 104.28.159.127 - - [04/Jun/2026:07:08:33 +0800] "POST /wp-login.php HTTP/1.1" 200 10928 "-" "Mozilla/5.0" 104.28.159.127 - - [04/Jun/2026:07:17:18 +0800] "POST /wp-login.php HTTP/1.1" 200 10934 "-" "Mozilla/5.0" ... show less	Brute-Force
🇺🇸 TAY	2026-06-03 22:07:26 (22 hours ago)	104.28.159.127 - - [04/Jun/2026:05:58:36 +0800] "POST /wp-login.php HTTP/1.1" 200 10928 "-" "Mozilla ... show more 104.28.159.127 - - [04/Jun/2026:05:58:36 +0800] "POST /wp-login.php HTTP/1.1" 200 10928 "-" "Mozilla/5.0" 104.28.159.127 - - [04/Jun/2026:05:58:36 +0800] "POST /wp-login.php HTTP/1.1" 200 10934 "-" "Mozilla/5.0" 104.28.159.127 - - [04/Jun/2026:06:07:25 +0800] "POST /wp-login.php HTTP/1.1" 200 10934 "-" "Mozilla/5.0" ... show less	Brute-Force
🇺🇸 TAY	2026-06-03 20:48:46 (23 hours ago)	104.28.159.127 - - [04/Jun/2026:04:40:25 +0800] "POST /wp-login.php HTTP/1.1" 200 10934 "-" "Mozilla ... show more 104.28.159.127 - - [04/Jun/2026:04:40:25 +0800] "POST /wp-login.php HTTP/1.1" 200 10934 "-" "Mozilla/5.0" 104.28.159.127 - - [04/Jun/2026:04:48:42 +0800] "POST /wp-login.php HTTP/1.1" 200 10928 "-" "Mozilla/5.0" 104.28.159.127 - - [04/Jun/2026:04:48:46 +0800] "POST /wp-login.php HTTP/1.1" 200 5747 "-" "Mozilla/5.0" ... show less	Brute-Force
🇺🇸 TAY	2026-06-03 19:38:59 (1 day ago)	104.28.159.127 - - [04/Jun/2026:03:30:15 +0800] "POST /wp-login.php HTTP/1.1" 200 10934 "-" "Mozilla ... show more 104.28.159.127 - - [04/Jun/2026:03:30:15 +0800] "POST /wp-login.php HTTP/1.1" 200 10934 "-" "Mozilla/5.0" 104.28.159.127 - - [04/Jun/2026:03:30:15 +0800] "POST /wp-login.php HTTP/1.1" 200 10928 "-" "Mozilla/5.0" 104.28.159.127 - - [04/Jun/2026:03:38:58 +0800] "POST /wp-login.php HTTP/1.1" 200 10934 "-" "Mozilla/5.0" ... show less	Brute-Force
🇮🇩 sockominfo	2026-06-02 12:00:38 (2 days ago)	User login to application from malicious IP 104.28.159.127.. Threat Score: 3.6/10 (LOW). Confidence: ... show more User login to application from malicious IP 104.28.159.127.. Threat Score: 3.6/10 (LOW). Confidence: 30%. CVSS v3.1: 0/10 (None). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N. Bayesian Probability: 40%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-06-02 11:00:38 (2 days ago)	User login to application from malicious IP 104.28.159.127.. Threat Score: 4/10 (MEDIUM). Confidence ... show more User login to application from malicious IP 104.28.159.127.. Threat Score: 4/10 (MEDIUM). Confidence: 40%. CVSS v3.1: 0/10 (None). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N. Bayesian Probability: 57%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-06-02 10:00:39 (2 days ago)	User login to application from malicious IP 104.28.159.127.. Threat Score: 4.2/10 (MEDIUM). Confiden ... show more User login to application from malicious IP 104.28.159.127.. Threat Score: 4.2/10 (MEDIUM). Confidence: 40%. CVSS v3.1: 0/10 (None). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N. Bayesian Probability: 57%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Very Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-06-02 09:00:38 (2 days ago)	User login to application from malicious IP 104.28.159.127.. Threat Score: 3.8/10 (LOW). Confidence: ... show more User login to application from malicious IP 104.28.159.127.. Threat Score: 3.8/10 (LOW). Confidence: 30%. CVSS v3.1: 0/10 (None). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N. Bayesian Probability: 40%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-06-02 08:00:11 (2 days ago)	User login to application from malicious IP 104.28.159.127.. Threat Score: 0/10 (INFORMATIONAL). Rep ... show more User login to application from malicious IP 104.28.159.127.. Threat Score: 0/10 (INFORMATIONAL). Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
Anonymous	2026-06-01 13:17:11 (3 days ago)	Try to connect to Port_Scan_15000_stealth	Port Scan
🇫🇷 Kenshin869	2026-05-31 23:25:17 (3 days ago)	Wordpress unauthorized access attempt	Brute-Force
🇫🇷 Baking333	2026-05-31 13:53:32 (4 days ago)	[redacted] 104.28.159.127 - - [31/May/2026:14:53:28 +0100] "POST /[redacted] HTTP/1.1" 405 1148 0/80 ... show more [redacted] 104.28.159.127 - - [31/May/2026:14:53:28 +0100] "POST /[redacted] HTTP/1.1" 405 1148 0/80224 "https://[redacted]/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" [redacted] 104.28.159.127 - - [31/May/2026:14:53:30 +0100] "POST /[redacted] HTTP/1.1" 405 1148 0/95714 "https://[redacted]/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" show less	Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-05-31 08:42:49 (4 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH

Showing 1 to 15 of 174 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 104.248.9.183

🇨🇦 34.19.213.119

🇹🇼 198.235.24.50

🇧🇷 187.120.101.225

🇵🇱 138.124.20.112

🇺🇸 104.248.57.162

🇮🇳 103.89.136.111

🇫🇷 95.111.230.59

🇺🇸 50.62.22.47

🇯🇵 8.216.7.184

🇲🇿 197.219.228.242

🇺🇦 195.5.15.237

🇩🇪 193.124.20.232

🇵🇸 178.214.77.68

🇵🇸 178.214.77.67

🇵🇸 178.214.76.172

🇺🇸 143.42.164.182

🇨🇳 118.145.213.116

🇨🇳 115.212.55.44

🇺🇸 104.248.236.198