JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.162.11

104.28.162.11 was found in our database!

This IP was reported 396 times. Confidence of Abuse is 95%: ?

95%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.162.11

Whois 104.28.162.11

IP Abuse Reports for 104.28.162.11:

This IP address has been reported a total of 396 times from 199 distinct sources. 104.28.162.11 was first reported on August 7th 2024, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-09 17:26:29 (1 hour ago)	104.28.162.11 - - [09/Jun/2026:19:26:25 +0200] "POST /wp-login.php HTTP/1.1" 200 2523 "https://www.g ... show more 104.28.162.11 - - [09/Jun/2026:19:26:25 +0200] "POST /wp-login.php HTTP/1.1" 200 2523 "https://www.google.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" 104.28.162.11 - - [09/Jun/2026:19:26:25 +0200] "POST /wp-login.php HTTP/1.1" 200 2016 "https://www.google.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" 104.28.162.11 - - [09/Jun/2026:19:26:25 +0200] "POST /wp-login.php HTTP/1.1" 200 2657 "https://www.learningladderzm.com/wp-admin/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" 104.28.162.11 - - [09/Jun/2026:19:26:26 +0200] "POST /wp-login.php HTTP/1.1" 200 2150 "https://www.learningladderzm.com/wp-admin/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" 104.28.162.11 - - [09/Jun/2026:19:26:28 +020 ... show less	Brute-Force Web App Attack
Anonymous	2026-06-07 21:21:45 (1 day ago)	104.28.162.11 - - [07/Jun/2026:23:10:37 +0200] "POST /wp-login.php HTTP/1.1" 200 2940 "-" "Mozilla/5 ... show more 104.28.162.11 - - [07/Jun/2026:23:10:37 +0200] "POST /wp-login.php HTTP/1.1" 200 2940 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; rv:143.0) Gecko/20100101 Firefox/143.0" 104.28.162.11 - - [07/Jun/2026:23:10:38 +0200] "POST /wp-login.php HTTP/1.1" 200 2421 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; rv:143.0) Gecko/20100101 Firefox/143.0" 104.28.162.11 - - [07/Jun/2026:23:15:55 +0200] "POST /wp-login.php HTTP/1.1" 200 2940 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/129.0.0.0 Safari/537.36" 104.28.162.11 - - [07/Jun/2026:23:15:56 +0200] "POST /wp-login.php HTTP/1.1" 200 2421 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/129.0.0.0 Safari/537.36" 104.28.162.11 - - [07/Jun/2026:23:21:44 +0200] "POST /wp-login.php HTTP/1.1" 200 2940 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 Version/17.0 Safari/605.1.15" ... show less	Brute-Force Web App Attack
🇫🇷 masterguru	2026-06-04 11:10:26 (5 days ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 104.28.162.11 (CA/Canada/-): 1 in the last 360 ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 104.28.162.11 (CA/Canada/-): 1 in the last 3600 secs (0-195) show less	Hacking
🇮🇩 sockominfo	2026-06-03 14:00:38 (6 days ago)	User login to application from malicious IP 104.28.162.11.. Threat Score: 3.7/10 (LOW). Confidence: ... show more User login to application from malicious IP 104.28.162.11.. Threat Score: 3.7/10 (LOW). Confidence: 30%. CVSS v3.1: 0/10 (None). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N. Bayesian Probability: 40%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-06-03 13:00:38 (6 days ago)	User login to application from malicious IP 104.28.162.11.. Threat Score: 3.8/10 (LOW). Confidence: ... show more User login to application from malicious IP 104.28.162.11.. Threat Score: 3.8/10 (LOW). Confidence: 30%. CVSS v3.1: 0/10 (None). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N. Bayesian Probability: 40%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-06-03 12:00:11 (6 days ago)	User login to application from malicious IP 104.28.162.11.. Threat Score: 0/10 (INFORMATIONAL). Repo ... show more User login to application from malicious IP 104.28.162.11.. Threat Score: 0/10 (INFORMATIONAL). Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
Anonymous	2026-06-03 09:00:58 (6 days ago)	wordpress authentication brute force	Brute-Force Web App Attack
🇩🇪 FeG Deutschland	2026-06-01 17:50:41 (1 week ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
Anonymous	2026-06-01 13:05:38 (1 week ago)	Try to connect to Port_Scan_15000_stealth	Port Scan
🇲🇾 Rizzy	2026-06-01 12:39:02 (1 week ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇩🇪 R.G.	2026-06-01 10:12:43 (1 week ago)	(XMLRPCorWHATEVER) Get lost please 104.28.162.11 (SG/Singapore/-): 3 in the last 900 secs; Ports: ; ... show more (XMLRPCorWHATEVER) Get lost please 104.28.162.11 (SG/Singapore/-): 3 in the last 900 secs; Ports: ; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
🇮🇩 sockominfo	2026-05-29 10:00:43 (1 week ago)	User login to application from malicious IP 104.28.162.11.. Threat Score: 3.8/10 (LOW). Confidence: ... show more User login to application from malicious IP 104.28.162.11.. Threat Score: 3.8/10 (LOW). Confidence: 30%. CVSS v3.1: 0/10 (None). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N. Bayesian Probability: 35%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Very Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇺🇸 heyzg	2026-05-28 17:58:10 (1 week ago)	API honeypot \| LLMjacking (Ollama) \| 3 HTTP, 2s \| tactics: outbound scan, cryptomining \| Ollama: /ap ... show more API honeypot \| LLMjacking (Ollama) \| 3 HTTP, 2s \| tactics: outbound scan, cryptomining \| Ollama: /api/tags,/api/generate show less	Hacking Web App Attack
🇩🇪 abdubhai	2026-05-25 10:37:19 (2 weeks ago)	104.28.162.11 - - [25/May/2026:1 ...	Brute-Force
🇺🇸 nyt	2026-05-25 02:57:52 (2 weeks ago)	Brute-Force, Web App Attack, Repeated login attempts detected	Brute-Force Web App Attack

Showing 1 to 15 of 396 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇻🇳 123.30.50.154

🇹🇷 212.87.199.64

🇨🇳 157.18.14.15

🇧🇩 103.143.0.35

🇨🇳 101.126.85.58

🇺🇸 69.175.92.29

🇺🇸 66.132.172.189

🇺🇸 64.225.126.190

🇭🇰 43.132.227.251

🇧🇷 205.210.31.246

🇺🇸 205.210.31.35

🇹🇼 198.235.24.79

🇳🇱 185.223.235.48

🇨🇳 183.197.177.149

🇸🇬 172.253.211.25

🇩🇪 167.94.146.54

🇨🇱 148.227.115.175

🇩🇪 102.220.160.160

🇸🇬 101.47.158.137

🇫🇷 91.231.89.169