JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.166.48

104.28.166.48 was found in our database!

This IP was reported 44 times. Confidence of Abuse is 45%: ?

45%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇭🇰 Hong Kong
City	Hong Kong

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.166.48

Whois 104.28.166.48

IP Abuse Reports for 104.28.166.48:

This IP address has been reported a total of 44 times from 22 distinct sources. 104.28.166.48 was first reported on January 9th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇳 pengpeng	2026-06-03 04:52:07 (1 day ago)	monitor: on VM-0-7-ubuntu \| port: 23127 \| ttl: 250 script: github.com/sefinek/UFW-AbuseIPDB-Reporte ... show more monitor: on VM-0-7-ubuntu \| port: 23127 \| ttl: 250 script: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-01 17:41:44 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 104.28.166.48 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 104.28.166.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 13:41:41.109929 2026] [security2:error] [pid 24175:tid 24175] [client 104.28.166.48:0] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 104.28.166.48 (+1 hits since last alert)\|rodrigoaldecoa.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rodrigoaldecoa.com"] [uri "/xmlrpc.php"] [unique_id "ah3EVSenx-MCR-BSmO7BbgAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-01 16:39:39 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 104.28.166.48 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 104.28.166.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 12:39:32.426516 2026] [security2:error] [pid 30458:tid 30458] [client 104.28.166.48:45146] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 104.28.166.48 (+1 hits since last alert)\|wpcoc.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "wpcoc.org"] [uri "/xmlrpc.php"] [unique_id "ah21xIXKWMgy-Bq31LSN7wAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-26 12:08:10 (1 week ago)	Attac	Brute-Force
🇨🇭 Origon	2026-05-22 18:11:16 (1 week ago)	postfix-non-smtp-command - IP: 104.28.166.48 - time="2026-05-22T20:11:16+02:00" level=info msg="(55 ... show more postfix-non-smtp-command - IP: 104.28.166.48 - time="2026-05-22T20:11:16+02:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/postfix-non-smtp-command by ip 104.28.166.48 (HK/13335) : 4h ban on Ip 104.28.166.48" module=db show less	Email Spam
🇷🇴 gtheo99	2026-05-06 08:18:44 (4 weeks ago)	104.28.166.48 (CA/Canada/-), 3 distributed cpanel attacks on account [root] in the last 900 secs	SSH Brute-Force Hacking
Anonymous	2026-05-06 04:18:09 (4 weeks ago)	104.28.166.48 (CA/Canada/-)	Brute-Force
🇪🇸 loadsoporte	2026-05-04 16:36:07 (1 month ago)	RdpGuard detected brute-force attempt on SMTP	Brute-Force
🇷🇴 iulianh	2026-04-30 05:42:08 (1 month ago)	25,465,587	Brute-Force SSH
🇮🇩 Burayot	2026-04-28 17:39:10 (1 month ago)	LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 104.28.166.48 (HK/Hong Kong/-): 1 in ... show more LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 104.28.166.48 (HK/Hong Kong/-): 1 in the last 3600 secs show less	Web App Attack
🇺🇸 TPI-Abuse	2026-04-27 05:16:30 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 104.28.166.48 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.28.166.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 27 01:16:19.883648 2026] [security2:error] [pid 10727:tid 10727] [client 104.28.166.48:21355] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rodandreelpiercam.com"] [uri "/sftp-config.json"] [unique_id "ae7xI4a1CqE8-jz0ukVdXAAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-26 18:57:30 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 104.28.166.48 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.28.166.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 26 14:57:24.369492 2026] [security2:error] [pid 19367:tid 19367] [client 104.28.166.48:21809] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lbee.com"] [uri "/sftp-config.json"] [unique_id "ae5gFEB-hOzUzlXcssDvpQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-26 18:09:48 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 104.28.166.48 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.28.166.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 26 14:09:43.451929 2026] [security2:error] [pid 762:tid 762] [client 104.28.166.48:21800] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.rochesterhistorical.org"] [uri "/sftp-config.json"] [unique_id "ae5U538kXXvaANxIXweXcQAAADU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-26 11:59:30 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 104.28.166.48 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.28.166.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 26 07:59:24.675541 2026] [security2:error] [pid 18443:tid 18443] [client 104.28.166.48:19545] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "franklincountyquilters.org"] [uri "/sftp-config.json"] [unique_id "ae3-HCcR7GLFCkh6yPqn4AAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-04-26 11:08:33 (1 month ago)	Web attack/malicious scanning detected	Web App Attack

Showing 1 to 15 of 44 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.225

🇺🇸 206.221.176.60

🇺🇸 162.216.150.188

🇳🇱 45.148.10.151

🇭🇰 45.142.154.87

🇮🇶 45.128.121.66

🇨🇳 221.212.228.67

🇺🇸 207.90.244.25

🇨🇴 186.99.241.88

🇨🇴 179.33.210.213

🇳🇱 176.65.149.203

🇩🇪 167.94.146.75

🇺🇸 165.154.135.144

🇺🇸 162.216.150.229

🇺🇸 162.216.150.62

🇧🇩 114.130.168.88

🇮🇩 103.125.103.201

🇨🇦 85.217.149.29

🇷🇺 85.95.166.40

🇳🇱 45.148.10.183