JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.28.253.99

104.28.253.99 was found in our database!

This IP was reported 593 times. Confidence of Abuse is 24%: ?

24%

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇮🇩 Indonesia
City	Palembang, South Sumatra

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.28.253.99

Whois 104.28.253.99

IP Abuse Reports for 104.28.253.99:

This IP address has been reported a total of 593 times from 229 distinct sources. 104.28.253.99 was first reported on June 17th 2023, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 bogdanv	2026-05-27 14:05:35 (2 weeks ago)	$f2bV_matches	Brute-Force SSH
🇫🇷 gooko	2026-05-11 13:47:48 (1 month ago)	SSH brute-force attack detected by fail2ban jail 'sshd'	Brute-Force SSH
🇺🇸 chronos	2026-05-04 06:18:11 (1 month ago)	[AUTORAVALT][[04/05/2026 - 03:18:11 -03:00 UTC] Attack from [Cloudflare, Inc.] [104.28.253.99] Actio ... show more [AUTORAVALT][[04/05/2026 - 03:18:11 -03:00 UTC] Attack from [Cloudflare, Inc.] [104.28.253.99] Action: BLocKed Phishing -> Phishing websites and/or email. Email Spam -> Spam email content, infected attachments, and phishing emails. Hacking... Unauthorized attempts to access the server. Spoofing -> Email sender spoofing. Brute-Force -> Credential brute-force at] ... show less	Brute-Force Email Spam Spoofing Phishing Hacking
🇦🇺 AWW-Admin	2026-05-03 00:01:37 (1 month ago)	(pop3d) Failed POP3 login from 104.28.253.99 (ID/Indonesia/-)	Brute-Force
🇺🇸 TTWebhosting	2026-05-02 17:24:15 (1 month ago)	(pop3d) Failed POP3 login from 104.28.253.99 (ID/Indonesia/South Sumatra/Palembang/-/[AS13335 Cloudf ... show more (pop3d) Failed POP3 login from 104.28.253.99 (ID/Indonesia/South Sumatra/Palembang/-/[AS13335 Cloudflare, Inc.]): 1 in the last 3600 secs show less	Brute-Force Port Scan Hacking
🇺🇸 vandomatos	2026-05-02 12:29:59 (1 month ago)	May 2 01:39:58 servidor dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 2 secs): user ... show more May 2 01:39:58 servidor dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<[email protected]>, method=PLAIN, rip=104.28.253.99, lip=154.53.60.253, session=<YspbpNFQjUZoHP1j> May 2 03:16:53 servidor dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<[email protected]>, method=PLAIN, rip=104.28.253.99, lip=154.53.60.253, session=<a+70/tJQH1toHP1j> May 2 05:29:55 servidor dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<[email protected]>, method=PLAIN, rip=104.28.253.99, lip=154.53.60.253, session=<W+3E2tRQU8hoHP1j> ... show less	Hacking Spoofing Brute-Force
🇺🇸 chronos	2026-05-01 21:16:03 (1 month ago)	[AUTORAVALT][[01/05/2026 - 18:16:03 -03:00 UTC] Attack from [Cloudflare, Inc.] [104.28.253.99] Actio ... show more [AUTORAVALT][[01/05/2026 - 18:16:03 -03:00 UTC] Attack from [Cloudflare, Inc.] [104.28.253.99] Action: BLocKed Phishing -> Phishing websites and/or email. Email Spam -> Spam email content, infected attachments, and phishing emails. Hacking... Unauthorized attempts to access the server. Spoofing -> Email sender spoofing. Brute-Force -> Credential brute-force at] ... show less	Brute-Force Email Spam Spoofing Phishing Hacking
🇺🇸 TTWebhosting	2026-05-01 17:14:22 (1 month ago)	(pop3d) Failed POP3 login from 104.28.253.99 (ID/Indonesia/South Sumatra/Palembang/-/[AS13335 Cloudf ... show more (pop3d) Failed POP3 login from 104.28.253.99 (ID/Indonesia/South Sumatra/Palembang/-/[AS13335 Cloudflare, Inc.]): 1 in the last 3600 secs show less	Brute-Force Port Scan Hacking
Anonymous	2026-04-18 01:15:28 (1 month ago)	Feb 17 15:41:44 mail fail2ban.actions [619]: NOTICE [sshd] Ban 104.28.253.99 Feb 18 19:15:32 ... show more Feb 17 15:41:44 mail fail2ban.actions [619]: NOTICE [sshd] Ban 104.28.253.99 Feb 18 19:15:32 mail fail2ban.actions [619]: NOTICE [sshd] Ban 104.28.253.99 Feb 20 11:36:46 mail fail2ban.actions [619]: NOTICE [sshd] Ban 104.28.253.99 show less	Brute-Force SSH
🇫🇷 dwmp	2026-04-07 16:43:32 (2 months ago)	2026-04-07T16:35:08.025362+01:00 galileo.dwmp.it auth[2379220]: pam_unix(dovecot:auth): authenticati ... show more 2026-04-07T16:35:08.025362+01:00 galileo.dwmp.it auth[2379220]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot [email protected] rhost=104.28.253.99 2026-04-07T16:35:11.372252+01:00 galileo.dwmp.it dovecot[1879399]: imap-login: Disconnected: Connection closed (auth failed, 1 attempts in 3 secs): user=<[email protected]>, method=PLAIN, rip=104.28.253.99, lip=161.97.99.110, TLS, session=<BJIwh+BOSi1oHP1j> 2026-04-07T17:43:31.134326+01:00 galileo.dwmp.it auth[2383530]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot [email protected] rhost=104.28.253.99 ... show less	Brute-Force
🇷🇴 TerraCorp Global Solutions	2026-04-07 02:38:06 (2 months ago)	2026-04-07T05:38:05.836462+03:00 honeypot.mkwayexchange.com auth[304218]: pam_unix(dovecot:auth): au ... show more 2026-04-07T05:38:05.836462+03:00 honeypot.mkwayexchange.com auth[304218]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot [email protected] rhost=104.28.253.99 ... show less	Brute-Force Exploited Host Web App Attack SSH
🇧🇬 Stoyko Stoykov	2026-04-07 02:20:30 (2 months ago)	2026-04-07T02:08:39.792388+03:00 ns1 dovecot: imap-login: Disconnected: Connection closed (auth fail ... show more 2026-04-07T02:08:39.792388+03:00 ns1 dovecot: imap-login: Disconnected: Connection closed (auth failed, 1 attempts in 2 secs): user=<[email protected]>, method=PLAIN, rip=104.28.253.99, lip=192.168.100.60, TLS, session=<Klsov9JO1qloHP1j> 2026-04-07T05:20:30.259720+03:00 ns1 dovecot: imap-login: Disconnected: Connection closed (auth failed, 1 attempts in 2 secs): user=<[email protected]>, method=PLAIN, rip=104.28.253.99, lip=192.168.100.60, TLS, session=<Uu1FbdVOOJ9oHP1j> ... show less	Hacking Brute-Force
🇳🇱 nikki101	2026-04-07 00:23:40 (2 months ago)	pop/imap unauthorized access attempt, inappropriate conduct	Email Spam Brute-Force
🇫🇷 solution.it	2026-04-06 23:11:43 (2 months ago)	Apr 7 01:11:43 vps789997 dovecot: imap-login: Disconnected (auth failed, 1 attempts in 4 secs): use ... show more Apr 7 01:11:43 vps789997 dovecot: imap-login: Disconnected (auth failed, 1 attempts in 4 secs): user=<[email protected]>, method=PLAIN, rip=104.28.253.99, lip=51.77.194.251, TLS, session=<THr9ydJOUW9oHP1j> show less	Brute-Force
Anonymous	2026-04-03 22:14:54 (2 months ago)	104.28.253.99 - - [04/Apr/2026:00:14:54 +0200] "GET /api/.env HTTP/1.1" 301 169 "-" "Mozilla/5.0"	Web App Attack

Showing 1 to 15 of 593 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 182.95.234.6

🇺🇸 173.255.223.143

🇺🇸 146.190.208.190

🇺🇸 137.184.217.144

🇮🇳 115.98.2.246

🇻🇳 103.249.23.19

🇻🇳 103.97.135.244

🇵🇱 91.231.122.55

🇩🇪 79.201.187.207

🇨🇦 54.39.136.218

🇧🇷 45.187.108.43

🇿🇦 41.193.168.233

🇳🇱 5.61.209.92

🇮🇩 2406:da19:776:6e01:d86a:21b6:be65:49cb

🇹🇳 197.5.145.150

🇺🇸 195.184.76.28

🇳🇱 185.226.197.12

🇲🇾 183.171.242.9

🇮🇳 182.95.190.134

🇨🇴 181.54.0.63