JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.159.48

104.28.159.48 was found in our database!

This IP was reported 134 times. Confidence of Abuse is 93%: ?

93%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.159.48

Whois 104.28.159.48

IP Abuse Reports for 104.28.159.48:

This IP address has been reported a total of 134 times from 78 distinct sources. 104.28.159.48 was first reported on April 5th 2025, and the most recent report was 21 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇵🇱 strefapi_com	2026-06-09 15:22:16 (21 hours ago)	Brute-force, web ...	Hacking Brute-Force Web App Attack
🇩🇪 ger-stg-sifi1	2026-06-07 18:25:17 (2 days ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇮🇩 sockominfo	2026-06-07 12:00:39 (3 days ago)	User login to application from malicious IP 104.28.159.48.. Threat Score: 3.5/10 (LOW). Confidence: ... show more User login to application from malicious IP 104.28.159.48.. Threat Score: 3.5/10 (LOW). Confidence: 30%. CVSS v3.1: 0/10 (None). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N. Bayesian Probability: 40%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Moderate. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-06-07 11:00:39 (3 days ago)	User login to application from malicious IP 104.28.159.48.. Threat Score: 3.6/10 (LOW). Confidence: ... show more User login to application from malicious IP 104.28.159.48.. Threat Score: 3.6/10 (LOW). Confidence: 30%. CVSS v3.1: 0/10 (None). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N. Bayesian Probability: 40%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-06-07 10:00:39 (3 days ago)	User login to application from malicious IP 104.28.159.48.. Threat Score: 3.7/10 (LOW). Confidence: ... show more User login to application from malicious IP 104.28.159.48.. Threat Score: 3.7/10 (LOW). Confidence: 30%. CVSS v3.1: 0/10 (None). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N. Bayesian Probability: 40%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-06-07 08:00:17 (3 days ago)	User login to application from malicious IP 104.28.159.48.. Threat Score: 0/10 (INFORMATIONAL). Repo ... show more User login to application from malicious IP 104.28.159.48.. Threat Score: 0/10 (INFORMATIONAL). Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇪🇸 masterguru	2026-06-05 19:04:05 (4 days ago)	(xmlrpc) Failed xmlrpc access from 104.28.159.48 (US/United States/-): 5 in the last 3600 secs (0-12 ... show more (xmlrpc) Failed xmlrpc access from 104.28.159.48 (US/United States/-): 5 in the last 3600 secs (0-122) show less	Hacking
🇫🇷 masterguru	2026-06-05 17:33:49 (4 days ago)	(xmlrpc) Apache: Failed xmlrpc access from 104.28.159.48 (US/United States/-): 10 in the last 3600 s ... show more (xmlrpc) Apache: Failed xmlrpc access from 104.28.159.48 (US/United States/-): 10 in the last 3600 secs (0-197) show less	Hacking
🇺🇸 TPI-Abuse	2026-06-05 14:17:48 (4 days ago)	(mod_security) mod_security (id:240335) triggered by 104.28.159.48 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 104.28.159.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 10:17:41.440963 2026] [security2:error] [pid 21936:tid 21936] [client 104.28.159.48:39018] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 104.28.159.48 (+1 hits since last alert)\|altoshp.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "altoshp.com"] [uri "/xmlrpc.php"] [unique_id "aiLaheEPZJQ0jtbNerLg3wAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇲🇾 Rizzy	2026-06-05 07:27:00 (5 days ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇩🇪 LRob.fr	2026-06-04 05:15:07 (6 days ago)	Repeated 403 errors, blocked by Fail2ban in custom-403 jail	Bad Web Bot
Anonymous	2026-06-03 05:54:21 (1 week ago)	IP banned by Fail2Ban due to multiple malicious requests on Nginx	Brute-Force SSH Web App Attack
🇧🇪 cmbplf	2026-06-01 19:36:34 (1 week ago)	392 requests with url.path *.env	Brute-Force Bad Web Bot
🇩🇪 LRob.fr	2026-05-27 02:15:03 (2 weeks ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇨🇳 pengpeng	2026-05-24 15:00:39 (2 weeks ago)	monitor: on VM-0-7-ubuntu \| port: 49123 \| ttl: 251 script: github.com/sefinek/UFW-AbuseIPDB-Reporte ... show more monitor: on VM-0-7-ubuntu \| port: 49123 \| ttl: 251 script: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan

Showing 1 to 15 of 134 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 201.182.127.16

🇨🇱 200.89.69.247

🇧🇼 168.167.23.49

🇮🇶 130.193.236.83

🇮🇳 128.185.226.14

🇳🇱 128.90.141.3

🇧🇷 45.205.1.76

🇹🇷 37.130.70.25

🇩🇪 34.32.97.3

🇮🇶 5.62.151.111

🇧🇷 138.84.59.77

🇷🇺 128.1.43.38

🇮🇳 122.161.172.110

🇹🇼 110.25.110.136

🇳🇱 104.23.172.94

🇷🇺 87.250.224.240

🇧🇬 79.124.62.230

🇫🇮 46.62.225.25

🇻🇪 38.51.239.237

🇨🇦 24.89.200.88