JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.47.52.104

103.47.52.104 was found in our database!

This IP was reported 11 times. Confidence of Abuse is 1%: ?

ISP	trafficforce, UAB
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	trafficforce.lt
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.47.52.104

Whois 103.47.52.104

IP Abuse Reports for 103.47.52.104:

This IP address has been reported a total of 11 times from 4 distinct sources. 103.47.52.104 was first reported on October 30th 2023, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 bigorre.org	2026-05-13 10:24:31 (3 weeks ago)	Unidentified crawling: not a self-announced bot in user-agent	Bad Web Bot
🇺🇸 TPI-Abuse	2026-01-27 02:48:53 (4 months ago)	(mod_security) mod_security (id:212880) triggered by 103.47.52.104 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:212880) triggered by 103.47.52.104 (-): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 26 21:48:49.128732 2026] [security2:error] [pid 23296:tid 23305] [client 103.47.52.104:34903] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:<style.{0,399}?>.{0,399}?(?:@[i\\\\\\\\]\|(?:[:=]\|&#x?0(?:58\|3A\|61\|3D);?).{0,399}?(?:[(\\\\\\\\]\|&#x?0(?:40\|28\|92\|5C);?)))" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "95"] [id "212880"] [rev "4"] [msg "COMODO WAF: IE XSS Filters - Attack Detected.\|\|ftp.kettlehill.net\|F\|2"] [data "Matched Data: 103.47.52.104 found within MATCHED_VAR: <style><j:jelly xmlns:j=\\x22jelly\\x22 xmlns:g='glide'><g:evaluate>gs.adderrormessage(13371337);</g:evaluate></j:jelly></style>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "ftp.kettlehill.net"] [uri "/login.do"] [unique_id "aXgnkUnBpq4P6Y3u9V4AMwAAAMU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 23:09:52 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 103.47.52.104 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 103.47.52.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 18:09:48.658480 2025] [security2:error] [pid 30335:tid 30335] [client 103.47.52.104:37625] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.farmers123.com"] [uri "/.env"] [unique_id "aS9xvCg17hWWN6F-ly0ZIwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-13 08:56:33 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 103.47.52.104 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 103.47.52.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 03:56:20.428995 2025] [security2:error] [pid 32723:tid 32723] [client 103.47.52.104:37561] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.nbcnewsradio.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.nbcnewsradio.com"] [uri "/admin/error.log"] [unique_id "aRWdNEhjNqZ3jwgDGdwMRAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-06 00:45:23 (10 months ago)	(mod_security) mod_security (id:210730) triggered by 103.47.52.104 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 103.47.52.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 05 20:45:20.272832 2025] [security2:error] [pid 25084:tid 25084] [client 103.47.52.104:39537] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.nbcnewsradio.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.nbcnewsradio.com"] [uri "/www.db"] [unique_id "aJKloJwS27dr30db0Ei34gAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-03 13:45:28 (11 months ago)	(mod_security) mod_security (id:210492) triggered by 103.47.52.104 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 103.47.52.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 03 09:43:44.776414 2025] [security2:error] [pid 20624:tid 20640] [client 103.47.52.104:34785] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whm.kettlehill.net"] [uri "/.env.backup"] [unique_id "aGaJENVUSGmXdzhzbswE4AAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-29 22:50:11 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 103.47.52.104 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 103.47.52.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 18:50:05.844440 2025] [security2:error] [pid 3692691:tid 3692691] [client 103.47.52.104:56777] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.farmers123.com"] [uri "/.git/config"] [unique_id "aDjknaEU8Qcgbj-Fr7QCvwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-04-19 05:23:54 (1 year ago)	(mod_security) mod_security (id:212620) triggered by 103.47.52.104 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:212620) triggered by 103.47.52.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 19 01:23:34.408588 2025] [security2:error] [pid 22650:tid 22656] [client 103.47.52.104:58917] [client 103.47.52.104] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|www.blog.spinningdesigns.com\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /phpmyadmin/setup/index.php?page=servers&mode=test&id=\\x22></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "blog.spinningdesigns.com"] [uri "/phpmyadmin/setup/index.php"] [unique_id "aAMzVsLYwl69KqC_78iZWwAAAEM"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-01-17 12:20:27 (1 year ago)	\| A web attack returned code 200 (success).	Hacking SQL Injection Web App Attack
🇺🇸 ChamberofCommerce.com	2023-11-02 05:54:08 (2 years ago)	Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested ... show more Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested Before Block:226 show less	Bad Web Bot
🇺🇸 ChamberofCommerce.com	2023-10-30 19:45:05 (2 years ago)	Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested ... show more Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested Before Block:226 show less	Bad Web Bot

Showing 1 to 11 of 11 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 54.158.100.105

🇳🇱 45.198.224.126

🇺🇸 34.208.85.199

🇺🇸 18.191.82.226

🇬🇧 18.175.227.126

🇸🇪 13.60.97.111

🇨🇦 3.99.153.120

🇨🇳 221.10.221.104

🇬🇧 185.198.243.145

🇫🇷 62.210.142.178

🇺🇸 44.246.209.57

🇯🇵 43.207.48.120

🇺🇸 18.189.28.168

🇬🇧 18.171.207.75

🇺🇸 3.144.126.46

🇺🇸 216.25.89.141

🇭🇺 195.199.210.194

🇺🇸 172.173.80.109

🇺🇸 162.216.150.245

🇸🇬 138.199.60.37