JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.161.252

104.28.161.252 was found in our database!

This IP was reported 80 times. Confidence of Abuse is 69%: ?

69%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇪🇸 Spain
City	Chamartin, Castille and Leon

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.161.252

Whois 104.28.161.252

IP Abuse Reports for 104.28.161.252:

This IP address has been reported a total of 80 times from 47 distinct sources. 104.28.161.252 was first reported on August 3rd 2024, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-16 09:10:40 (1 hour ago)	104.28.161.252 - - [16/Jun/2026:11:06:57 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Mozilla/5.0 ... show more 104.28.161.252 - - [16/Jun/2026:11:06:57 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; x86) AppleWebKit/537.36 (KHTML, like Gecko) Edge/100.0.0.0 Safari/537.36" 104.28.161.252 - - [16/Jun/2026:11:06:58 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; x86) AppleWebKit/537.36 (KHTML, like Gecko) Edge/100.0.0.0 Safari/537.36" 104.28.161.252 - - [16/Jun/2026:11:10:21 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; x86) AppleWebKit/537.36 (KHTML, like Gecko) Opera/75.0.0.0 Safari/537.36" 104.28.161.252 - - [16/Jun/2026:11:10:21 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; x86) AppleWebKit/537.36 (KHTML, like Gecko) Opera/75.0.0.0 Safari/537.36" 104.28.161.252 - - [16/Jun/2026:11:10:39 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Mozilla/5.0 (Windows NT 10.0; x86) AppleWebKit/537.36 (KHTML, like ... show less	Brute-Force Web App Attack
🇺🇸 interbiznw.com	2026-06-16 09:00:22 (1 hour ago)	malicious-web-requests-vulnerability-scanning	Hacking Brute-Force Exploited Host Web App Attack
🇩🇪 big-cloud.nl	2026-06-16 07:35:57 (3 hours ago)	Try to access /xmlrpc.php	Web App Attack
🇺🇸 ctidrv	2026-06-16 07:26:38 (3 hours ago)	Honeypot detection. Threat score: 45/100. Collector: honeypot. \| Request: GET /xmlrpc.php \| UA: Mozi ... show more Honeypot detection. Threat score: 45/100. Collector: honeypot. \| Request: GET /xmlrpc.php \| UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; x86) AppleWebKit/537.36 (KHTML, like Gecko) Edge/80.0.0.0 Safari/537.36 \| Reasons: suspicious_path, no_sec_fetch, no_cookies, no_accept_encoding show less	Bad Web Bot
🇩🇪 Vegascosmetics	2026-06-11 00:31:32 (5 days ago)	(Kingcopy.org-AI-IDS-Report):IP automatically blocked after obfuscated redirect. Vegas Security	DDoS Attack Hacking Exploited Host
🇺🇸 TPI-Abuse	2026-06-07 20:03:04 (1 week ago)	(mod_security) mod_security (id:225170) triggered by 104.28.161.252 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 104.28.161.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 16:02:57.147276 2026] [security2:error] [pid 3340:tid 3340] [client 104.28.161.252:30689] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|rodzillacharters.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "rodzillacharters.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aiXOcUYIGahyA8c8_CCduQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 4server	2026-06-07 13:30:19 (1 week ago)	[SunJun0715:30:18.0463962026][security2:error][pid3892592:tid3892714][client104.28.161.252:0]ModSecu ... show more [SunJun0715:30:18.0463962026][security2:error][pid3892592:tid3892714][client104.28.161.252:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"kvsm-blackstone.com\"][uri\"/xmlrpc.php\"][unique_id\"aiVyapNv3walrAY7gJnhzAAAAQs\"] show less	Port Scan Brute-Force Web App Attack
Anonymous	2026-06-07 05:59:36 (1 week ago)	[ns31.kdns.gr] httpd-xmlrpc-post: sites=dimitrisanousis.com; logs=/var/log/httpd/domains/dimitrisano ... show more [ns31.kdns.gr] httpd-xmlrpc-post: sites=dimitrisanousis.com; logs=/var/log/httpd/domains/dimitrisanousis.com.log; samples=/xmlrpc.php show less	Brute-Force Web App Attack
🇩🇪 big-cloud.nl	2026-06-07 02:53:11 (1 week ago)	Try to access /xmlrpc.php	Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 02:47:59 (1 week ago)	(mod_security) mod_security (id:225170) triggered by 104.28.161.252 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 104.28.161.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 22:47:55.392076 2026] [security2:error] [pid 10620:tid 10620] [client 104.28.161.252:30165] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|cbrtome.cl\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "cbrtome.cl"] [uri "/wp-json/wp/v2/users"] [unique_id "aiTb2xnhUfFP1UNSYFZufQAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 MAGIC	2026-06-03 00:24:18 (1 week ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇵🇹 Information Security	2026-05-29 09:56:07 (2 weeks ago)	Web App Attack	Web App Attack
🇩🇪 SMARTNET	2026-05-27 06:03:53 (2 weeks ago)	Aisuru(Mirai variant) DDoS \| Incident ID: 6ed80dcf-192e-41b9-b3cf-8e7356812aa9	DDoS Attack
🇫🇷 masterguru	2026-05-20 16:10:48 (3 weeks ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 104.28.161.252 (GB/United Kingdom/-): 1 in the ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 104.28.161.252 (GB/United Kingdom/-): 1 in the last 3600 secs (0-196) show less	Hacking
🇫🇷 masterguru	2026-05-20 14:09:02 (3 weeks ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 104.28.161.252 (GB/United Kingdom/-): 1 in the ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 104.28.161.252 (GB/United Kingdom/-): 1 in the last 3600 secs (0-197) show less	Hacking

Showing 1 to 15 of 80 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 184.105.247.216

🇫🇷 91.231.89.192

🇰🇷 119.207.112.28

🇬🇪 91.239.206.123

🇷🇴 80.94.92.186

🇺🇸 65.49.1.232

🇳🇱 45.153.34.181

🇳🇱 45.148.10.152

🇸🇬 43.156.71.43

🇨🇳 8.152.193.140

🇬🇧 188.240.59.8

🇰🇷 112.219.151.50

🇩🇪 103.14.32.224

🇬🇧 81.19.219.197

🇩🇪 69.5.169.121

🇺🇸 45.156.129.163

🇸🇬 45.78.202.217

🇺🇸 20.65.192.207

🇺🇸 205.210.31.10

🇵🇱 195.3.220.7