JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.220.247

104.28.220.247 was found in our database!

This IP was reported 56 times. Confidence of Abuse is 9%: ?

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇺🇦 Ukraine
City	Odesa, Odesa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.220.247

Whois 104.28.220.247

IP Abuse Reports for 104.28.220.247:

This IP address has been reported a total of 56 times from 22 distinct sources. 104.28.220.247 was first reported on July 24th 2022, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇰🇷 windykc	2026-06-12 06:30:03 (1 week ago)	Honeypot first-observation (no prior AbuseIPDB reports). HTTP: 7 attacks (sample URIs: ['/wp-admin/p ... show more Honeypot first-observation (no prior AbuseIPDB reports). HTTP: 7 attacks (sample URIs: ['/wp-admin/plugin-install.php', '/wp-login.php', '/wp-admin/', '/wp-admin/site-editor.php', '/wp-admin/update.php?action=upload-plugin']). Geo/ISP: UA/Cloudflare, Inc.. Last seen: 2026-06-12T15:19:17Z. show less	Hacking Web App Attack
🇩🇪 artifice	2026-05-22 08:42:48 (1 month ago)	WordPress attack activity: credential brute-force, web-application attack.	Brute-Force Web App Attack
🇩🇪 artifice	2026-05-20 04:53:00 (1 month ago)	WordPress wp-login.php credential attack. \| WordPress admin plugin/theme install probe (post-auth RC ... show more WordPress wp-login.php credential attack. \| WordPress admin plugin/theme install probe (post-auth RCE via malicious upload). show less	Hacking Brute-Force Web App Attack
🇩🇪 artifice	2026-05-19 09:27:20 (1 month ago)	WordPress wp-login.php credential attack. \| WordPress version fingerprinting via /wp-admin/load-scri ... show more WordPress wp-login.php credential attack. \| WordPress version fingerprinting via /wp-admin/load-scripts.php bundle endpoint. show less	Brute-Force Web App Attack
🇺🇸 mind5t0rm	2026-03-24 06:54:30 (2 months ago)	(WPLOGIN) WP Login Attack 104.28.220.247 (UA/Ukraine/-): 3 in the last 3600 secs; Ports: ; Directio ... show more (WPLOGIN) WP Login Attack 104.28.220.247 (UA/Ukraine/-): 3 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_TRIGGER; Logs: 104.28.220.247 - - [24/Mar/2026:13:51:32 +0700] "GET /wp-login.php HTTP/2.0" 200 2529 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0" 104.28.220.247 - - [24/Mar/2026:13:51:36 +0700] "POST /wp-login.php HTTP/2.0" 302 2 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0" 104.28.220.247 - - [24/Mar/2026:13:54:29 +0700] "GET /wp-login.php HTTP/2.0" 200 2529 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0" show less	Port Scan
🇺🇸 mind5t0rm	2026-02-13 03:51:40 (4 months ago)	(WPLOGIN) WP Login Attack 104.28.220.247 (UA/Ukraine/-): 3 in the last 3600 secs; Ports: ; Directio ... show more (WPLOGIN) WP Login Attack 104.28.220.247 (UA/Ukraine/-): 3 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_TRIGGER; Logs: 104.28.220.247 - - [13/Feb/2026:10:50:29 +0700] "GET /wp-login.php HTTP/2.0" 200 2469 "-" "Mozilla/6.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.7.43.25 Safari/537.36" 104.28.220.247 - - [13/Feb/2026:10:50:32 +0700] "POST /wp-login.php HTTP/2.0" 302 0 "https://www.zerowaterthailand.com/wp-login.php" "Mozilla/6.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.7.43.25 Safari/537.36" 104.28.220.247 - - [13/Feb/2026:10:51:39 +0700] "GET /wp-login.php HTTP/2.0" 200 2469 "-" "Mozilla/6.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.7.43.25 Safari/537.36" show less	Port Scan
🇺🇸 mind5t0rm	2026-02-12 06:48:18 (4 months ago)	(WPLOGIN) WP Login Attack 104.28.220.247 (UA/Ukraine/-): 3 in the last 3600 secs; Ports: ; Directio ... show more (WPLOGIN) WP Login Attack 104.28.220.247 (UA/Ukraine/-): 3 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_TRIGGER; Logs: 104.28.220.247 - - [12/Feb/2026:13:18:27 +0700] "GET /wp-login.php HTTP/2.0" 200 2469 "-" "Mozilla/6.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.7.43.25 Safari/537.36" 104.28.220.247 - - [12/Feb/2026:13:18:28 +0700] "POST /wp-login.php HTTP/2.0" 302 0 "https://www.zerowaterthailand.com/wp-login.php" "Mozilla/6.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.7.43.25 Safari/537.36" 104.28.220.247 - - [12/Feb/2026:13:48:15 +0700] "GET /wp-login.php HTTP/2.0" 200 2469 "-" "Mozilla/6.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.7.43.25 Safari/537.36" show less	Port Scan
🇫🇮 Erpelstolz	2026-02-06 00:55:45 (4 months ago)	external host: 104.28.220.247 - - [06/Feb/2026:01:55:44 +0100] "GET /.git/config HTTP/1.1" 403 462 " ... show more external host: 104.28.220.247 - - [06/Feb/2026:01:55:44 +0100] "GET /.git/config HTTP/1.1" 403 462 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Mobile Safari/537.36" show less	Web App Attack
🇫🇷 Tanados	2026-02-03 12:03:52 (4 months ago)	Blocked by UFW [80/tcp] Source port: 42657 TTL: 50 Packet length: 60 TOS: 0x00 This report was gene ... show more Blocked by UFW [80/tcp] Source port: 42657 TTL: 50 Packet length: 60 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇫🇷 Tanados	2026-02-02 17:15:15 (4 months ago)	Blocked by UFW [80/tcp] Source port: 65430 TTL: 50 Packet length: 60 TOS: 0x00 This report was gene ... show more Blocked by UFW [80/tcp] Source port: 65430 TTL: 50 Packet length: 60 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇳🇱 ParaBug	2026-02-02 16:55:24 (4 months ago)	104.28.220.247 - - [02/Feb/2026:17:55:23 +0100] "GET /.aws/credentials HTTP/1.1" 403 440 "-" "Mozill ... show more 104.28.220.247 - - [02/Feb/2026:17:55:23 +0100] "GET /.aws/credentials HTTP/1.1" 403 440 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_3_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3.1 Mobile/15E148 Safari/604.1" ... show less	Phishing Brute-Force Web App Attack
🇺🇸 mind5t0rm	2026-01-20 21:49:24 (5 months ago)	(WPLOGIN,XMLRPC) Login failure/trigger from 104.28.220.247 (UA/Ukraine/-): 3 in the last 3600 secs; ... show more (WPLOGIN,XMLRPC) Login failure/trigger from 104.28.220.247 (UA/Ukraine/-): 3 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 104.28.220.247 - - [21/Jan/2026:04:49:16 +0700] "GET /xmlrpc.php HTTP/1.1" 403 165 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" 104.28.220.247 - - [21/Jan/2026:04:49:19 +0700] "GET /wp-login.php HTTP/1.1" 200 2482 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" 104.28.220.247 - - [21/Jan/2026:04:49:20 +0700] "GET /xmlrpc.php HTTP/1.1" 403 165 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" show less	Port Scan
🇺🇸 mind5t0rm	2026-01-13 08:02:52 (5 months ago)	(WPLOGIN) WP Login Attack 104.28.220.247 (UA/Ukraine/-): 3 in the last 3600 secs; Ports: ; Directio ... show more (WPLOGIN) WP Login Attack 104.28.220.247 (UA/Ukraine/-): 3 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_TRIGGER; Logs: 104.28.220.247 - - [13/Jan/2026:14:51:58 +0700] "GET /wp-login.php HTTP/1.1" 200 2482 "-" "Mozilla/6.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.7.43.25 Safari/537.36" 104.28.220.247 - - [13/Jan/2026:14:52:01 +0700] "POST /wp-login.php HTTP/1.1" 302 0 "https://www.zerowaterthailand.com/wp-login.php" "Mozilla/6.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.7.43.25 Safari/537.36" 104.28.220.247 - - [13/Jan/2026:15:02:50 +0700] "GET /wp-login.php HTTP/1.1" 200 2482 "-" "Mozilla/6.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.7.43.25 Safari/537.36" show less	Port Scan
🇺🇸 mind5t0rm	2025-11-22 07:10:27 (7 months ago)	(WPLOGIN) WP Login Attack 104.28.220.247 (UA/Ukraine/-): 3 in the last 3600 secs; Ports: ; Directio ... show more (WPLOGIN) WP Login Attack 104.28.220.247 (UA/Ukraine/-): 3 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_TRIGGER; Logs: 104.28.220.247 - - [22/Nov/2025:14:05:02 +0700] "GET /wp-login.php HTTP/2.0" 200 2508 "-" "Mozilla/6.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.7.43.25 Safari/537.36" 104.28.220.247 - - [22/Nov/2025:14:05:04 +0700] "POST /wp-login.php HTTP/2.0" 302 0 "https://www.zerowaterthailand.com/wp-login.php" "Mozilla/6.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.7.43.25 Safari/537.36" 104.28.220.247 - - [22/Nov/2025:14:10:26 +0700] "GET /wp-login.php HTTP/2.0" 200 2900 "-" "Mozilla/6.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.7.43.25 Safari/537.36" show less	Port Scan
🇺🇸 mind5t0rm	2025-11-21 07:56:46 (7 months ago)	(WPLOGIN) WP Login Attack 104.28.220.247 (UA/Ukraine/-): 3 in the last 3600 secs; Ports: ; Directio ... show more (WPLOGIN) WP Login Attack 104.28.220.247 (UA/Ukraine/-): 3 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_TRIGGER; Logs: 104.28.220.247 - - [21/Nov/2025:14:51:32 +0700] "GET /wp-login.php HTTP/2.0" 200 2617 "-" "Mozilla/6.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.7.43.25 Safari/537.36" 104.28.220.247 - - [21/Nov/2025:14:51:33 +0700] "POST /wp-login.php HTTP/2.0" 302 0 "https://www.zerowaterthailand.com/wp-login.php" "Mozilla/6.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.7.43.25 Safari/537.36" 104.28.220.247 - - [21/Nov/2025:14:56:43 +0700] "GET /wp-login.php HTTP/2.0" 200 2936 "-" "Mozilla/6.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.7.43.25 Safari/537.36" show less	Port Scan

Showing 1 to 15 of 56 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 203.76.241.18

🇫🇮 147.185.133.121

🇩🇪 128.1.120.201

🇨🇦 54.39.210.6

🇸🇬 47.82.9.49

🇸🇬 47.82.9.48

🇳🇱 45.148.10.141

🇰🇷 43.200.182.174

🇭🇰 20.255.152.91

🇺🇸 2607:f8b0:4864:20::f2a

🇺🇸 216.73.216.237

🇮🇩 202.72.196.75

🇭🇰 199.45.155.76

🇺🇸 195.184.76.205

🇱🇻 195.123.211.81

🇩🇪 168.222.43.3

🇩🇪 148.153.140.64

🇨🇳 139.9.191.197

🇺🇸 91.230.168.138

🇸🇬 47.82.9.47