JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.163.71

104.28.163.71 was found in our database!

This IP was reported 32 times. Confidence of Abuse is 49%: ?

49%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇪🇸 Spain
City	Chamartin, Castille and Leon

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.163.71

Whois 104.28.163.71

IP Abuse Reports for 104.28.163.71:

This IP address has been reported a total of 32 times from 22 distinct sources. 104.28.163.71 was first reported on December 5th 2025, and the most recent report was 5 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 matthieul.dev	2026-06-23 14:25:28 (5 hours ago)	Blocked by os-abuseipdb; 23 hits, proto=tcp,udp, ports=57094	Port Scan Brute-Force
🇰🇷 zlhIcd	2026-06-16 00:02:17 (1 week ago)	104.28.163.71 - - [15/Jun/2026:19:32:17 +0900] "GET /pcwiki/index.php?days=30&from=20251210214745&hi ... show more 104.28.163.71 - - [15/Jun/2026:19:32:17 +0900] "GET /pcwiki/index.php?days=30&from=20251210214745&hideanons=1&limit=50&title=%ED%8A%B9%EC%88%98%EA%B8%B0%EB%8A%A5:%EB%A7%81%ED%81%AC%EC%B5%9C%EA%B7%BC%EB%B0%94%EB%80%9C HTTP/1.1" 404 460 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.82 Safari/537.36" ... show less	Web Spam SQL Injection Bad Web Bot Web App Attack
🇫🇷 francoisunix	2026-06-10 21:34:55 (1 week ago)	104.28.163.71 - - [10/Jun/2026:21:15:57 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Mozilla/5.0 ... show more 104.28.163.71 - - [10/Jun/2026:21:15:57 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/95.0.0.0 Safari/537.36" 104.28.163.71 - - [10/Jun/2026:21:33:34 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Mozilla/5.0 (Windows NT 6.3; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.0.0 Safari/537.36" 104.28.163.71 - - [10/Jun/2026:21:34:02 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/12.0.0.0 Safari/537.36" 104.28.163.71 - - [10/Jun/2026:21:34:25 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Mozilla/5.0 (Windows NT 6.2; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" 104.28.163.71 - - [10/Jun/2026:21:34:51 +0000] "POST /xmlrpc.php HTTP/1.0" 401 415 "-" "Mozilla/5.0 (Linux; Android 10; x64) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/98.0.0.0 Safari/537.36" ... show less	Web App Attack
🇺🇸 OceanTreasure	2026-06-10 19:15:22 (1 week ago)	tcp/443; WordPress XML-RPC brute force attempt: "POST /xmlrpc.php" @ 2026-06-10T19:10:07Z [proxy]	Brute-Force
🇺🇸 xmission.com	2026-06-06 18:28:19 (2 weeks ago)	Blocked by UFW (TCP on 9050) Source port: 60005 TTL: 50 Packet length: 60 TOS: 0x08 This report (fo ... show more Blocked by UFW (TCP on 9050) Source port: 60005 TTL: 50 Packet length: 60 TOS: 0x08 This report (for 104.28.163.71) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇩🇪 abdubhai	2026-05-26 14:32:17 (4 weeks ago)	104.28.163.71 - - [26/May/2026:1 ...	Brute-Force
🇦🇹 nomzamo	2026-05-26 13:24:53 (4 weeks ago)	Fail2Ban reported: nginx-noscript	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-26 12:52:58 (4 weeks ago)	(mod_security) mod_security (id:225170) triggered by 104.28.163.71 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 104.28.163.71 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 08:52:54.480132 2026] [security2:error] [pid 14578:tid 14626] [client 104.28.163.71:62816] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|rawhabitat.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "rawhabitat.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ahWXpsksXPhQ6Yq96yx1sgAAAdM"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 stinpriza	2026-05-26 08:20:44 (4 weeks ago)	Web App Attack	Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 04:53:11 (4 weeks ago)	(mod_security) mod_security (id:225170) triggered by 104.28.163.71 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 104.28.163.71 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 00:53:06.267439 2026] [security2:error] [pid 16554:tid 16554] [client 104.28.163.71:62057] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|freemanfoundationcle.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "freemanfoundationcle.org"] [uri "/wp-json/wp/v2/users"] [unique_id "ahUnMvgh54Crq0WO9XdM4QAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-05-26 04:35:05 (4 weeks ago)	(xmlrpc) Apache: Failed xmlrpc access from 104.28.163.71 (IE/Ireland/-): 10 in the last 3600 secs (0 ... show more (xmlrpc) Apache: Failed xmlrpc access from 104.28.163.71 (IE/Ireland/-): 10 in the last 3600 secs (0-201) show less	Hacking
🇬🇧 consul.to	2026-05-26 04:12:33 (4 weeks ago)	Web attack/malicious scanning detected	Web App Attack
🇨🇳 pengpeng	2026-05-08 19:39:55 (1 month ago)	monitor: on VM-0-7-ubuntu \| port: 61033 \| ttl: 251 script: github.com/sefinek/UFW-AbuseIPDB-Reporte ... show more monitor: on VM-0-7-ubuntu \| port: 61033 \| ttl: 251 script: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇨🇳 pengpeng	2026-05-06 12:15:50 (1 month ago)	monitor: on VM-0-7-ubuntu \| port: 61033 \| ttl: 251 script: github.com/sefinek/UFW-AbuseIPDB-Reporte ... show more monitor: on VM-0-7-ubuntu \| port: 61033 \| ttl: 251 script: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇨🇳 pengpeng	2026-05-05 10:35:18 (1 month ago)	monitor: on VM-0-7-ubuntu \| port: 61033 \| ttl: 251 script: github.com/sefinek/UFW-AbuseIPDB-Reporte ... show more monitor: on VM-0-7-ubuntu \| port: 61033 \| ttl: 251 script: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan

Showing 1 to 15 of 32 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇭🇰 2602:ffe4:8:1001::4

🇳🇱 185.242.226.67

🇩🇪 172.70.248.13

🇧🇷 170.83.144.21

🇺🇸 164.92.90.143

🇺🇸 162.216.150.210

🇨🇳 36.144.74.39

🇺🇸 20.55.99.64

🇳🇱 185.224.128.16

🇬🇧 185.216.145.166

🇮🇩 182.13.96.107

🇷🇴 141.98.83.240

🇱🇹 141.98.9.111

🇨🇳 125.72.236.89

🇨🇳 120.216.228.127

🇺🇸 66.132.186.160

🇺🇸 40.112.183.29

🇮🇷 213.195.38.244

🇧🇷 181.218.9.86

🇲🇾 180.73.200.163