JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.165.137

104.28.165.137 was found in our database!

This IP was reported 65 times. Confidence of Abuse is 100%: ?

100%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇧🇷 Brazil
City	Sao Paulo, Sao Paulo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.165.137

Whois 104.28.165.137

IP Abuse Reports for 104.28.165.137:

This IP address has been reported a total of 65 times from 47 distinct sources. 104.28.165.137 was first reported on January 7th 2026, and the most recent report was 13 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 masterguru	2026-06-27 02:25:25 (13 hours ago)	(xmlrpc) Failed xmlrpc access from 104.28.165.137 (AR/Argentina/-): 5 in the last 3600 secs (0-122)	Hacking
🇫🇷 masterguru	2026-06-27 01:09:13 (14 hours ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)	Hacking
🇺🇸 WeekendWeb	2026-06-26 01:58:13 (1 day ago)	Wordpress Vunerability attack	Web App Attack
🇫🇷 dynamix	2026-06-25 15:21:00 (2 days ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇦🇺 screwlooseit.com.au	2026-06-23 22:02:32 (3 days ago)	Blocked by CSF 13 firewall - Rule: XMLRPC US/United States/-	Web App Attack
🇬🇧 andypiper	2026-06-21 01:01:10 (6 days ago)	CrowdSec ban for AbuseIPDB Top List	Brute-Force Web App Attack
Anonymous	2026-06-21 01:00:06 (6 days ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack
🇺🇸 Matthew Ping	2026-06-21 00:15:02 (6 days ago)	ModSecurity rule 949110 triggered on wp1. Web application attack blocked by CSF/LFD.	Web App Attack Hacking
🇫🇮 as211431.net	2026-06-21 00:12:47 (6 days ago)	Triggered Cloudflare WAF (firewallCustom) from BR. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from BR. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /.env.local UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-20 23:39:34 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 104.28.165.137 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.28.165.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 19:39:26.547530 2026] [security2:error] [pid 7602:tid 7602] [client 104.28.165.137:63778] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cruisingforsex.com"] [uri "/.env.production"] [unique_id "ajckrmpGLHiEW4D09BxZtwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-20 23:17:08 (6 days ago)	[redacted] 104.28.165.137 - - [21/Jun/2026:01:16:26 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ... show more [redacted] 104.28.165.137 - - [21/Jun/2026:01:16:26 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.4)" [redacted] 104.28.165.137 - - [21/Jun/2026:01:16:35 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 104.28.165.137 - - [21/Jun/2026:01:16:46 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.0; WordPress/6.4; http://site52398714.com" [redacted] 104.28.165.137 - - [21/Jun/2026:01:16:56 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.2)" [redacted] 104.28.165.137 - - [21/Jun/2026:01:17:07 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" ... show less	Hacking Web App Attack
🇩🇪 Marc	2026-06-20 23:16:49 (6 days ago)	104.28.165.137 - - [21/Jun/2026:01:16:29 +0200] "POST /xmlrpc.php HTTP/1.1" 403 3720 "-" "Jetpack/13 ... show more 104.28.165.137 - - [21/Jun/2026:01:16:29 +0200] "POST /xmlrpc.php HTTP/1.1" 403 3720 "-" "Jetpack/13.0; WordPress/6.4; http://site93805758.com" 104.28.165.137 - - [21/Jun/2026:01:16:38 +0200] "POST /xmlrpc.php HTTP/1.1" 403 3720 "-" "WordPress.com; https://wordpress.com" 104.28.165.137 - - [21/Jun/2026:01:16:48 +0200] "POST /xmlrpc.php HTTP/1.1" 403 3718 "-" "Jetpack/12.0; WordPress/6.2; http://site37915759.com" show less	Brute-Force Web App Attack
🇧🇷 dominioz	2026-06-20 20:54:05 (6 days ago)	2026-06-20 20:53:02 GET /.env.local - - 104.28.165.137 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64; ... show more 2026-06-20 20:53:02 GET /.env.local - - 104.28.165.137 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/120.0.0.0+Safari/537.36 - 404 5298 2026-06-20 20:53:02 GET /.env - - 104.28.165.137 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/120.0.0.0+Safari/537.36 - 404 5286 2026-06-20 20:53:02 GET /.env.save - - 104.28.165.137 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/120.0.0.0+Safari/537.36 - 404 5296 2026-06-20 20:53:02 GET /.env.production - - 104.28.165.137 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/120.0.0.0+Safari/537.36 - 404 5308 ... show less	Web App Attack
🇺🇸 Lee Daniel	2026-06-20 20:45:27 (6 days ago)	104.28.165.137 - - [20/Jun/2026:16:45:26 -0400] "GET /.env HTTP/1.1" 403 4382 "-" "Mozilla/5.0 (Wind ... show more 104.28.165.137 - - [20/Jun/2026:16:45:26 -0400] "GET /.env HTTP/1.1" 403 4382 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" ... show less	DDoS Attack Web Spam Email Spam Port Scan Brute-Force Bad Web Bot Web App Attack
🇺🇦 URAN Publishing Service	2026-06-20 20:37:25 (6 days ago)	104.28.165.137 - - [20/Jun/2026:23:37:11 +0300] "GET /config/.env HTTP/1.1" 404 273 "-" "Mozilla/5.0 ... show more 104.28.165.137 - - [20/Jun/2026:23:37:11 +0300] "GET /config/.env HTTP/1.1" 404 273 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 104.28.165.137 - - [20/Jun/2026:23:37:11 +0300] "GET /backend/.env HTTP/1.1" 404 273 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" ... show less	Web App Attack

Showing 1 to 15 of 65 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇮 147.185.133.203

🇳🇱 81.19.216.83

🇺🇸 44.192.232.162

🇬🇧 35.203.211.67

🇰🇷 15.164.212.157

🇳🇱 195.178.110.30

🇮🇳 182.95.181.50

🇷🇺 109.94.184.37

🇧🇩 103.186.216.76

🇺🇸 192.185.4.108

🇰🇷 112.216.129.27

🇳🇬 105.113.63.147

🇰🇪 102.210.148.92

🇳🇱 91.92.40.240

🇳🇱 45.148.10.152

🇺🇸 18.246.215.233

🇨🇦 4.239.240.98

🇹🇷 195.33.199.59

🇳🇱 188.166.54.221

🇺🇸 162.216.149.53