JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.159.62

104.28.159.62 was found in our database!

This IP was reported 149 times. Confidence of Abuse is 63%: ?

63%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.159.62

Whois 104.28.159.62

IP Abuse Reports for 104.28.159.62:

This IP address has been reported a total of 149 times from 62 distinct sources. 104.28.159.62 was first reported on May 24th 2023, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 xmission.com	2026-06-01 02:06:30 (4 days ago)	Blocked by UFW (TCP on 123) Source port: 19178 TTL: 52 Packet length: 60 TOS: 0x08 This report (for ... show more Blocked by UFW (TCP on 123) Source port: 19178 TTL: 52 Packet length: 60 TOS: 0x08 This report (for 104.28.159.62) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇮🇩 sockominfo	2026-05-28 07:00:39 (1 week ago)	User login to application from malicious IP 104.28.159.62.. Threat Score: 3.4/10 (LOW). Confidence: ... show more User login to application from malicious IP 104.28.159.62.. Threat Score: 3.4/10 (LOW). Confidence: 30%. CVSS v3.1: 0/10 (None). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N. Bayesian Probability: 40%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Moderate. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-05-28 06:00:38 (1 week ago)	User login to application from malicious IP 104.28.159.62.. Threat Score: 3.5/10 (LOW). Confidence: ... show more User login to application from malicious IP 104.28.159.62.. Threat Score: 3.5/10 (LOW). Confidence: 30%. CVSS v3.1: 0/10 (None). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N. Bayesian Probability: 40%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Moderate. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-05-28 05:00:39 (1 week ago)	User login to application from malicious IP 104.28.159.62.. Threat Score: 3.6/10 (LOW). Confidence: ... show more User login to application from malicious IP 104.28.159.62.. Threat Score: 3.6/10 (LOW). Confidence: 30%. CVSS v3.1: 0/10 (None). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N. Bayesian Probability: 40%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-05-28 04:00:39 (1 week ago)	User login to application from malicious IP 104.28.159.62.. Threat Score: 3.7/10 (LOW). Confidence: ... show more User login to application from malicious IP 104.28.159.62.. Threat Score: 3.7/10 (LOW). Confidence: 30%. CVSS v3.1: 0/10 (None). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N. Bayesian Probability: 40%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-05-28 03:00:41 (1 week ago)	User login to application from malicious IP 104.28.159.62.. Threat Score: 3.9/10 (LOW). Confidence: ... show more User login to application from malicious IP 104.28.159.62.. Threat Score: 3.9/10 (LOW). Confidence: 30%. CVSS v3.1: 0/10 (None). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N. Bayesian Probability: 40%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Very Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇳🇱 COMPLEX	2026-05-28 02:05:20 (1 week ago)	Unsolicited TCP traffic \| Action: DROP \| Port 11110	Brute-Force
🇮🇩 sockominfo	2026-05-28 02:00:11 (1 week ago)	User login to application from malicious IP 104.28.159.62.. Threat Score: 0/10 (INFORMATIONAL). Repo ... show more User login to application from malicious IP 104.28.159.62.. Threat Score: 0/10 (INFORMATIONAL). Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇩🇪 grassau.com	2026-05-26 05:02:20 (1 week ago)	(wordpress) Failed wordpress login from 104.28.159.62 (SG/Singapore/-/Singapore/-)	Brute-Force
🇩🇪 pscriptos	2026-05-25 19:05:19 (1 week ago)	DNS flooding on our DNS server: 153x cnn.com in 60s. Banned by Adguard Shield 🔗 https://git.technive ... show more DNS flooding on our DNS server: 153x cnn.com in 60s. Banned by Adguard Shield 🔗 https://git.techniverse.net/scriptos/adguard-shield.git show less	DDoS Attack
🇲🇽 octageeks.com	2026-05-25 04:08:50 (1 week ago)	Wordpress malicious attack:[octawpauthor]	Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 07:59:24 (3 weeks ago)	(mod_security) mod_security (id:240335) triggered by 104.28.159.62 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 104.28.159.62 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 03:59:21.187092 2026] [security2:error] [pid 25741:tid 25741] [client 104.28.159.62:36804] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 104.28.159.62 (+1 hits since last alert)\|capriexpress.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "capriexpress.com"] [uri "/xmlrpc.php"] [unique_id "agbSWaxaKQCtzRKAavrqQwAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 cmbplf	2026-05-12 21:40:36 (3 weeks ago)	1.248 POST requests with url.path */wp-login.php	Brute-Force Bad Web Bot
🇩🇪 FeG Deutschland	2026-05-12 19:22:46 (3 weeks ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇫🇷 dynamix	2026-05-11 17:22:34 (3 weeks ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack

Showing 1 to 15 of 149 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 59.97.52.95

🇮🇳 2409:4085:8e15:6b89:8d40:3eaf:b051:112c

🇺🇸 162.216.149.159

🇨🇳 140.246.137.102

🇺🇸 77.91.118.50

🇸🇬 34.126.186.37

🇺🇸 20.14.83.88

🇨🇳 223.64.222.115

🇰🇷 220.126.215.120

🇬🇧 195.96.139.76

🇧🇷 179.104.168.191

🇸🇪 171.25.158.68

🇺🇸 162.216.149.86

🇰🇷 121.179.93.147

🇩🇪 91.217.249.202

🇳🇱 81.19.216.94

🇭🇰 47.86.3.155

🇧🇪 34.78.141.72

🇧🇪 34.76.107.251

🇫🇷 5.39.49.245