JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.46.99

104.207.46.99 was found in our database!

This IP was reported 144 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.46.99

Whois 104.207.46.99

IP Abuse Reports for 104.207.46.99:

This IP address has been reported a total of 144 times from 21 distinct sources. 104.207.46.99 was first reported on June 4th 2024, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-05-02 14:05:05 (1 month ago)	Forum/form spam	Web Spam
🇫🇷 masterguru	2026-04-06 01:03:46 (2 months ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.46.99 (US/United States/-): 1 in the l ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.46.99 (US/United States/-): 1 in the last 3600 secs (0-196) show less	Hacking
🇫🇷 masterguru	2026-03-30 06:07:13 (2 months ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.46.99 (US/United States/-): 1 in the l ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.46.99 (US/United States/-): 1 in the last 3600 secs (0-193) show less	Hacking
🇺🇸 mind5t0rm	2026-03-28 07:33:36 (2 months ago)	(WPLOGIN) WP Login Attack 104.207.46.99 (US/United States/-): 3 in the last 3600 secs; Ports: ; Dir ... show more (WPLOGIN) WP Login Attack 104.207.46.99 (US/United States/-): 3 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_TRIGGER; Logs: 104.207.46.99 - - [28/Mar/2026:14:33:13 +0700] "GET /wp-login.php?wp_lang=en_US HTTP/2.0" 200 2515 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.207 Safari/537.36" 104.207.46.99 - - [28/Mar/2026:14:33:14 +0700] "POST /wp-login.php?wp_lang=en_US HTTP/2.0" 302 2 "https://zerowaterthailand.com/wp-login.php?wp_lang=en_US" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.207 Safari/537.36" 104.207.46.99 - - [28/Mar/2026:14:33:34 +0700] "GET /wp-login.php?redirect_to=https%3A%2F%2Fwww.zerowaterthailand.com%2Fwp-admin%2F&reauth=1 HTTP/2.0" 200 2511 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.207 Safari/537.36" show less	Port Scan
🇩🇪 LRob.fr	2026-03-21 17:00:16 (2 months ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
Anonymous	2026-03-18 07:09:02 (2 months ago)	Forum/form spam	Web Spam
🇺🇸 windowsforum	2026-02-14 00:01:37 (3 months ago)	Spam bot registration: triggers=timing, js_challenge, inv_honeypot, pow_fail, url, password_confirm, ... show more Spam bot registration: triggers=timing, js_challenge, inv_honeypot, pow_fail, url, password_confirm, username=ShanonZ92 show less	Web Spam Bad Web Bot
Anonymous	2026-02-07 05:30:44 (3 months ago)	Forum/form spam	Web Spam
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:29 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
Anonymous	2025-12-10 22:57:19 (5 months ago)	botnet	DDoS Attack
Anonymous	2025-12-02 15:31:52 (6 months ago)	botnet	DDoS Attack
🇺🇸 TPI-Abuse	2025-11-26 11:21:50 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.46.99 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.46.99 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 06:21:43.299480 2025] [security2:error] [pid 2757:tid 2757] [client 104.207.46.99:56539] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.daebakdesign.com"] [uri "/.env"] [unique_id "aSbix00pGfKT-O5cpl3_SAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 07:10:35 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.46.99 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.46.99 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 02:10:32.336735 2025] [security2:error] [pid 9607:tid 9689] [client 104.207.46.99:50075] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.upperwilds.com"] [uri "/.env"] [unique_id "aSan6PkDcg6wFbLmNJ0b8wAAAhE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 05:59:40 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.46.99 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.46.99 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 00:59:33.179408 2025] [security2:error] [pid 19667:tid 19667] [client 104.207.46.99:49577] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.sterlingandtime.com"] [uri "/.env"] [unique_id "aSaXRagZeR-ylUyrACtzIAAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2025-11-26 05:28:41 (6 months ago)	Attempted access to sensitive endpoint (/.svn/wc.db) detected. Automated scan or unauthorized probin ... show more Attempted access to sensitive endpoint (/.svn/wc.db) detected. Automated scan or unauthorized probing. show less	Web App Attack

Showing 1 to 15 of 144 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 222.102.21.104

🇩🇪 151.243.11.245

🇧🇩 144.48.86.13

🇺🇸 138.197.204.198

🇲🇾 118.100.233.248

🇳🇱 89.21.67.143

🇫🇷 86.217.21.47

🇩🇪 84.233.216.194

🇮🇳 59.183.252.10

🇯🇵 45.159.51.195

🇳🇱 45.148.10.147

🇮🇷 5.237.80.145

🇺🇦 193.176.251.229

🇲🇽 187.246.9.154

🇲🇴 182.93.7.194

🇺🇸 162.240.109.188

🇮🇳 152.32.156.117

🇸🇾 131.222.211.34

🇲🇾 103.249.84.242

🇨🇳 14.103.54.150