JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.163.27

104.28.163.27 was found in our database!

This IP was reported 201 times. Confidence of Abuse is 100%: ?

100%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.163.27

Whois 104.28.163.27

IP Abuse Reports for 104.28.163.27:

This IP address has been reported a total of 201 times from 99 distinct sources. 104.28.163.27 was first reported on January 20th 2025, and the most recent report was 22 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇩 sockominfo	2026-05-08 09:00:14 (3 weeks ago)	User login to application from malicious IP 104.28.163.27.. Threat Score: 0/10 (INFORMATIONAL). Repo ... show more User login to application from malicious IP 104.28.163.27.. Threat Score: 0/10 (INFORMATIONAL). Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇲🇾 Rizzy	2026-05-08 08:44:55 (3 weeks ago)	Multiple WAF Violations	Brute-Force Web App Attack
Anonymous	2026-05-08 08:15:13 (3 weeks ago)	host-ipset-guard auto-report; server=server.osotir.org; rule=httpd-xmlrpc-post; count=28/9; duration ... show more host-ipset-guard auto-report; server=server.osotir.org; rule=httpd-xmlrpc-post; count=28/9; duration=72h; scope=server.osotir.org; country=SG; sites=drasimas.gr; samples=/xmlrpc.php show less	Hacking Web App Attack
🇩🇪 big-cloud.nl	2026-05-08 05:03:18 (3 weeks ago)	Try to access /xmlrpc.php	Web App Attack
🇫🇷 Baking333	2026-05-07 21:08:03 (3 weeks ago)	[redacted] 104.28.163.27 - - [07/May/2026:22:07:58 +0100] "GET /[redacted] HTTP/1.1" 302 5268 0/1093 ... show more [redacted] 104.28.163.27 - - [07/May/2026:22:07:58 +0100] "GET /[redacted] HTTP/1.1" 302 5268 0/109330 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/129.0.0.0 Safari/537.36" [redacted] 104.28.163.27 - - [07/May/2026:22:07:59 +0100] "GET /wp-admin/ HTTP/1.1" 301 4332 0/3755 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/129.0.0.0 Safari/537.36" show less	Bad Web Bot Web App Attack
🇮🇩 sockominfo	2026-05-07 12:00:39 (3 weeks ago)	User login to application from malicious IP 104.28.163.27.. Threat Score: 3.6/10 (LOW). Confidence: ... show more User login to application from malicious IP 104.28.163.27.. Threat Score: 3.6/10 (LOW). Confidence: 30%. CVSS v3.1: 0/10 (None). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N. Bayesian Probability: 40%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-05-07 11:00:46 (3 weeks ago)	User login to application from malicious IP 104.28.163.27.. Threat Score: 3.7/10 (LOW). Confidence: ... show more User login to application from malicious IP 104.28.163.27.. Threat Score: 3.7/10 (LOW). Confidence: 30%. CVSS v3.1: 0/10 (None). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N. Bayesian Probability: 40%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-05-07 10:00:40 (3 weeks ago)	User login to application from malicious IP 104.28.163.27.. Threat Score: 3.7/10 (LOW). Confidence: ... show more User login to application from malicious IP 104.28.163.27.. Threat Score: 3.7/10 (LOW). Confidence: 30%. CVSS v3.1: 0/10 (None). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N. Bayesian Probability: 34%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-05-07 09:00:12 (3 weeks ago)	User login to application from malicious IP 104.28.163.27.. Threat Score: 0/10 (INFORMATIONAL). Repo ... show more User login to application from malicious IP 104.28.163.27.. Threat Score: 0/10 (INFORMATIONAL). Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
Anonymous	2026-05-07 02:21:09 (3 weeks ago)	104.28.163.27 - - [07/May/2026:04:16:21 +0200] "POST /wp-login.php HTTP/1.0" 200 9387 "-" "Mozilla/5 ... show more 104.28.163.27 - - [07/May/2026:04:16:21 +0200] "POST /wp-login.php HTTP/1.0" 200 9387 "-" "Mozilla/5.0" 104.28.163.27 - - [07/May/2026:04:16:24 +0200] "POST /wp-login.php HTTP/1.1" 200 8915 "-" "Mozilla/5.0" 104.28.163.27 - - [07/May/2026:04:18:41 +0200] "POST /wp-login.php HTTP/1.0" 200 9387 "-" "Mozilla/5.0" 104.28.163.27 - - [07/May/2026:04:18:43 +0200] "POST /wp-login.php HTTP/1.1" 200 8915 "-" "Mozilla/5.0" 104.28.163.27 - - [07/May/2026:04:21:06 +0200] "POST /wp-login.php HTTP/1.0" 200 9387 "-" "Mozilla/5.0" ... show less	Brute-Force Web App Attack
🇲🇹 Malta	2026-05-05 00:00:43 (4 weeks ago)	104.28.163.27 - - [05/May/2026:02:00:43 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0" Brute-for ... show more 104.28.163.27 - - [05/May/2026:02:00:43 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0" Brute-force password attempt show less	Hacking Web App Attack Brute-Force
Anonymous	2026-05-02 06:12:11 (1 month ago)	104.28.163.27 - - [02/May/2026:08:04:05 +0200] "POST /wp-login.php HTTP/1.1" 200 7115 "-" "Mozilla/5 ... show more 104.28.163.27 - - [02/May/2026:08:04:05 +0200] "POST /wp-login.php HTTP/1.1" 200 7115 "-" "Mozilla/5.0" 104.28.163.27 - - [02/May/2026:08:04:04 +0200] "POST /wp-login.php HTTP/1.0" 200 7629 "-" "Mozilla/5.0" 104.28.163.27 - - [02/May/2026:08:04:04 +0200] "POST /wp-login.php HTTP/1.0" 200 7578 "-" "Mozilla/5.0" 104.28.163.27 - - [02/May/2026:08:04:06 +0200] "POST /wp-login.php HTTP/1.1" 200 7064 "-" "Mozilla/5.0" 104.28.163.27 - - [02/May/2026:08:12:10 +0200] "POST /wp-login.php HTTP/1.0" 200 7629 "-" "Mozilla/5.0" ... show less	Brute-Force Web App Attack
🇫🇷 masterguru	2026-05-01 23:26:42 (1 month ago)	wp-login request blocked, no referer. Pattern match "wp-login.php" at REQUEST_URI. (88020-193)	Hacking
🇩🇪 paissangroup	2026-05-01 09:36:15 (1 month ago)	Multiple WAF Violations	Web App Attack
🇧🇷 KingHost	2026-04-30 23:31:34 (1 month ago)		Brute-Force

Showing 46 to 60 of 201 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 221.226.232.44

🇹🇼 198.235.24.6

🇩🇪 149.88.24.3

🇳🇱 94.102.49.125

🇲🇩 89.28.33.199

🇱🇻 185.113.139.51

🇨🇳 111.19.212.140

🇳🇱 212.30.37.111

🇵🇦 190.32.173.145

🇹🇬 156.38.73.89

🇭🇰 154.83.13.181

🇬🇧 152.32.157.173

🇮🇳 125.23.183.138

🇷🇴 92.118.39.62

🇬🇧 86.18.119.62

🇺🇸 66.132.172.215

🇸🇨 41.86.34.139

🇬🇧 35.203.211.62

🇨🇳 27.42.243.148

🇺🇸 20.118.240.192