JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.47.1

104.207.47.1 was found in our database!

This IP was reported 74 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.47.1

Whois 104.207.47.1

IP Abuse Reports for 104.207.47.1:

This IP address has been reported a total of 74 times from 16 distinct sources. 104.207.47.1 was first reported on June 6th 2024, and the most recent report was 2 months ago.

Old Reports: The most recent abuse report for this IP address is from 2 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 LRob.fr	2026-03-30 14:30:03 (2 months ago)	Repeated 403 errors, blocked by Fail2ban in custom-403 jail	Bad Web Bot
🇺🇸 fbarela	2026-01-25 07:00:03 (4 months ago)	FortiGate SSL VPN login failures.	Hacking Brute-Force
🇫🇷 mrcrassi	2026-01-22 22:37:27 (4 months ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (POST meth ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (POST method) Endpoint: /wp-login.php UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇨🇭 backslash	2026-01-22 21:15:04 (4 months ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
🇺🇸 TPI-Abuse	2026-01-21 17:31:14 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.47.1 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.207.47.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 21 12:31:09.404517 2026] [security2:error] [pid 25566:tid 25566] [client 104.207.47.1:51701] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ssion.com"] [uri "/.git/HEAD"] [unique_id "aXENXbdQXzr8RDUp9z5lFAAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Swiptly	2026-01-21 10:15:46 (4 months ago)	Bot scanning for environment files .env .env/\* ...	Web App Attack
🇺🇸 TPI-Abuse	2026-01-21 09:52:43 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.47.1 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.207.47.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 21 04:52:36.291409 2026] [security2:error] [pid 12680:tid 12680] [client 104.207.47.1:41033] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "chblanchard.fr"] [uri "/.git/HEAD"] [unique_id "aXCh5JdnaFq-QQmycRi1-wAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 10dencehispahard SL	2026-01-12 06:38:53 (4 months ago)	Wordpress probing for vulnerabilities	Hacking Exploited Host
🇮🇹 VHosting	2025-12-23 11:24:10 (5 months ago)	Detected attack and reported by a human	DDoS Attack Brute-Force Bad Web Bot Exploited Host Web App Attack SSH
🇨🇭 backslash	2025-12-17 14:40:08 (5 months ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
🇺🇸 TPI-Abuse	2025-11-24 07:50:11 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.47.1 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.207.47.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 02:49:17.407972 2025] [security2:error] [pid 2139:tid 2139] [client 104.207.47.1:34103] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.lisaraylandscapes.com"] [uri "/.env"] [unique_id "aSQN_QtpG8unkzoTSRloTQAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 07:18:20 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.47.1 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.207.47.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 02:18:09.889703 2025] [security2:error] [pid 3461312:tid 3461312] [client 104.207.47.1:23635] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.mw-creations.com"] [uri "/.git/HEAD"] [unique_id "aSQGsYWLRAy8Vhr1IiUvoQAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 06:30:37 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.47.1 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.207.47.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 01:30:30.270406 2025] [security2:error] [pid 30516:tid 30516] [client 104.207.47.1:16157] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.theboates.com"] [uri "/.svn/wc.db"] [unique_id "aSP7ht-oZPcP-Te4imUshAAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2025-11-24 05:54:34 (6 months ago)	Attempted access to sensitive endpoint (/.env) detected. Automated scan or unauthorized probing.	Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 04:51:54 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.47.1 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.207.47.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:51:31.852480 2025] [security2:error] [pid 14814:tid 14814] [client 104.207.47.1:30567] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.deubellzebub.com"] [uri "/.svn/wc.db"] [unique_id "aSPkU3xrNqBY23Y224ZbjQAAABE"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 74 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 176.65.149.212

🇺🇸 2604:a880:400:d1:0:4:8c09:2001

🇧🇪 198.235.24.217

🇲🇽 187.249.60.130

🇺🇸 162.216.149.51

🇨🇳 113.195.163.224

🇳🇱 91.92.241.106

🇺🇸 66.132.186.199

🇩🇪 47.91.65.144

🇩🇪 46.202.156.115

🇺🇸 40.124.175.251

🇺🇸 20.65.195.62

🇺🇸 18.97.5.31

🇷🇴 2.57.121.112

🇺🇸 216.25.89.92

🇭🇰 165.154.61.184

🇻🇳 152.32.250.188

🇺🇸 135.237.125.143

🇨🇳 120.78.9.93

🇨🇳 113.57.185.161