JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 139.28.48.105

139.28.48.105 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 10%: ?

10%

ISP	Telecom SY
Usage Type	Fixed Line ISP
ASN	Unknown
Domain Name	highspeed-sy.com
Country	🇸🇾 Syrian Arab Republic
City	Aleppo, Aleppo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 139.28.48.105

Whois 139.28.48.105

IP Abuse Reports for 139.28.48.105:

This IP address has been reported a total of 12 times from 10 distinct sources. 139.28.48.105 was first reported on February 12th 2026, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇦 polycoda	2026-05-30 11:37:42 (2 weeks ago)	🥶 Part of massive botnet scraping campaign that nearly turned into a DDoS on 2025-11-27	DDoS Attack
🇺🇸 TPI-Abuse	2026-05-06 13:39:50 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 139.28.48.105 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 139.28.48.105 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 06 09:39:43.293041 2026] [security2:error] [pid 29504:tid 29504] [client 139.28.48.105:49141] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|specialtywebservice.com\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "specialtywebservice.com"] [uri "/pattiomalleys.com"] [unique_id "aftEn_AZAj-xSCW5Lkc6owAAAA4"], referer: http://specialtywebservice.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 matt	2026-03-04 03:51:56 (3 months ago)	DDOS attack with query parameters attempting to overload WordPress site.	DDoS Attack
🇺🇸 Hmorrin	2026-03-03 17:16:15 (3 months ago)		Port Scan
🇪🇸 el-brujo	2026-03-01 04:19:56 (3 months ago)	Cloudflare WAF: Request Path: /timofonica/manuales/arp-spoof.zip Request Query: Host: ns2.elhacker. ... show more Cloudflare WAF: Request Path: /timofonica/manuales/arp-spoof.zip Request Query: Host: ns2.elhacker.net userAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Action: block Source: firewallManaged ASN Description: HS-SYR Country: SY Method: GET Timestamp: 2026-03-01T04:19:56Z ruleId: 8629bb58defe4193ab4d493c7bd2d8fa. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇫🇷 pyrogoto	2026-02-28 11:15:39 (3 months ago)	Attempting SQL code injection on url parameters : 1) WHERE 9534=9534AND//4868=DBMS_UTILITY.SQLID_T ... show more Attempting SQL code injection on url parameters : 1) WHERE 9534=9534AND//4868=DBMS_UTILITY.SQLID_TO_SQLHASH(CHR(126)\|\|'~'\|\|(SELECT//(CASE//WHEN//(4868=4868)//THEN//1//ELSE//0//END)//FROM//DUAL)\|\|'~'\|\|CHR(126))-- - show less	SQL Injection
🇺🇸 gui-ying233	2026-02-28 00:32:08 (3 months ago)	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Sa ... show more Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 show less	Bad Web Bot
🇺🇸 gui-ying233	2026-02-25 13:37:57 (3 months ago)	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Sa ... show more Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36 show less	Bad Web Bot
Anonymous	2026-02-22 17:11:31 (3 months ago)	Web App Attack	Brute-Force Exploited Host Web App Attack
🇨🇭 backslash	2026-02-22 06:27:01 (3 months ago)	block ruleset SQL-Injections with typical fingerprints FD77349DE692F8D05B4EE282DE6A5198C42AB90F	SQL Injection
🇨🇦 polycoda	2026-02-15 13:43:33 (3 months ago)	📄 Probes for tons of inexistent files and PHP scripts	Hacking Web App Attack
🇺🇸 SiliSoftware	2026-02-12 20:39:20 (4 months ago)	/phpBB3/app.php/help/faq?sid=d2a3accfc5512a8d49d1f0bb374a4e9c	Web App Attack

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 162.243.242.176

🇺🇸 205.210.31.107

🇱🇹 81.30.98.49

🇪🇨 45.224.97.241

🇳🇱 45.148.10.240

🇻🇳 27.79.1.14

🇸🇦 5.163.115.196

🇩🇪 5.9.102.138

🇩🇪 213.209.159.228

🇩🇪 176.65.132.119

🇮🇳 103.21.79.242

🇺🇸 92.71.98.220

🇷🇴 89.32.41.122

🇫🇷 84.247.175.181

🇷🇴 80.94.95.236

🇮🇶 65.20.233.110

🇺🇸 8.228.3.68

🇦🇷 190.226.196.54

🇵🇱 185.79.139.16

🇸🇬 159.65.1.240