AbuseIPDB » 104.28.251.139

104.28.251.139 was found in our database!

This IP was reported 1,082 times. Confidence of Abuse is 100%: ?

100%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 104.28.251.139

Whois 104.28.251.139

IP Abuse Reports for 104.28.251.139:

This IP address has been reported a total of 1,082 times from 208 distinct sources. 104.28.251.139 was first reported on October 6th 2022, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
ingroscart.it	2025-06-13 16:27:10 (1 day ago)	(apache-useragents) Failed apache-useragents trigger with match [redacted] from 104.28.251.139 (NL/T ... show more(apache-useragents) Failed apache-useragents trigger with match [redacted] from 104.28.251.139 (NL/The Netherlands/-) show less	Bad Web Bot
Jason Howell	2025-06-13 11:28:33 (1 day ago)	104.28.251.139 - - [13/Jun/2025:06:28:28 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3073 "https://www.de ... show more104.28.251.139 - - [13/Jun/2025:06:28:28 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3073 "https://www.delsmetalco.com/xmlrpc.php" "python-requests/2.32.3" 104.28.251.139 - - [13/Jun/2025:06:28:29 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3074 "https://www.delsmetalco.com/xmlrpc.php" "python-requests/2.32.3" 104.28.251.139 - - [13/Jun/2025:06:28:30 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3072 "https://www.delsmetalco.com/xmlrpc.php" "python-requests/2.32.3" 104.28.251.139 - - [13/Jun/2025:06:28:31 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3073 "https://www.delsmetalco.com/xmlrpc.php" "python-requests/2.32.3" 104.28.251.139 - - [13/Jun/2025:06:28:32 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3072 "https://www.delsmetalco.com/xmlrpc.php" "python-requests/2.32.3" ... show less	Web App Attack
stinpriza	2025-06-13 11:07:07 (1 day ago)	(XMLRPC) WP XMLPRC Attack 104.28.251.139 (NL/The Netherlands/-): 1 in the last 3600 secs	Web App Attack
voormedia	2025-06-13 10:59:01 (1 day ago)	Accessed trap at '/xmlrpc.php'	Web App Attack
Kenshin869	2025-06-13 09:36:42 (1 day ago)	Wordpress unauthorized access attempt	Brute-Force
Site.eu	2025-06-13 06:38:33 (1 day ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
Jason Howell	2025-06-13 05:41:25 (2 days ago)	104.28.251.139 - - [13/Jun/2025:00:41:18 -0500] "GET /xmlrpc.php HTTP/1.1" 405 2900 "-" "Mozilla/5.0 ... show more104.28.251.139 - - [13/Jun/2025:00:41:18 -0500] "GET /xmlrpc.php HTTP/1.1" 405 2900 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" 104.28.251.139 - - [13/Jun/2025:00:41:18 -0500] "GET /wp-login.php HTTP/1.1" 200 1678 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" 104.28.251.139 - - [13/Jun/2025:00:41:23 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3043 "https://www.golfbackspin.com/xmlrpc.php" "python-requests/2.32.3" 104.28.251.139 - - [13/Jun/2025:00:41:24 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3044 "https://www.golfbackspin.com/xmlrpc.php" "python-requests/2.32.3" 104.28.251.139 - - [13/Jun/2025:00:41:24 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3043 "https://www.golfbackspin.com/xmlrpc.php" "python-requests/2.32.3" ... show less	Web App Attack
statistics indonesia	2025-06-13 00:21:09 (2 days ago)	XML RPC Scan Activities	Brute-Force Web App Attack
voormedia	2025-06-12 08:58:00 (2 days ago)	Accessed trap at '/xmlrpc.php'	Web App Attack
URAN Publishing Service	2025-06-12 02:58:39 (3 days ago)	104.28.251.139 - - [12/Jun/2025:05:58:38 +0300] "GET /xmlrpc.php HTTP/1.1" 404 2879 "-" "Mozilla/5.0 ... show more104.28.251.139 - - [12/Jun/2025:05:58:38 +0300] "GET /xmlrpc.php HTTP/1.1" 404 2879 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" ... show less	Web App Attack
Bedios GmbH	2025-06-11 07:10:46 (3 days ago)	Wordpress hacking attempt	Web App Attack
i-turnradio.nl	2025-06-11 05:33:15 (4 days ago)	2025-06-11 @ 07:33:14 (CET) ~ Blocked based on risk assessment and prior abuse reports	Web App Attack
Anonymous	2025-06-11 02:09:41 (4 days ago)	Backdrop CMS module - malicious activity detected	Bad Web Bot Web App Attack
noise.agency	2025-06-10 19:26:01 (4 days ago)	(wordpress) Failed wordpress login from 104.28.251.139 (NL/The Netherlands/-)	Brute-Force
botreporter	2025-06-10 19:18:37 (4 days ago)	CMS vulnerability/installation scanning	Brute-Force Web App Attack

Showing 1 to 15 of 1082 reports

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩

Recently Reported IPs:

24.225.196.46

13.38.123.21

184.183.89.5

52.178.193.84

1.0.214.72

109.134.188.174

64.227.151.235

185.242.226.38

1.214.197.163

78.140.248.65

103.189.208.13

47.84.42.62

47.237.116.205

15.235.182.49

162.142.125.232

52.169.12.179

195.178.110.160

103.106.191.71

35.203.211.160

185.156.73.67