JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.47.118

104.207.47.118 was found in our database!

This IP was reported 135 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.47.118

Whois 104.207.47.118

IP Abuse Reports for 104.207.47.118:

This IP address has been reported a total of 135 times from 19 distinct sources. 104.207.47.118 was first reported on June 7th 2024, and the most recent report was 3 months ago.

Old Reports: The most recent abuse report for this IP address is from 3 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 octageeks.com	2026-03-11 04:07:27 (3 months ago)	Wordpress malicious attack:[octaxmlrpc]	Web App Attack
🇬🇧 relianoid.com	2026-02-15 16:53:42 (3 months ago)	POST Abuse detected by Relianoid OSS Load Balancer - relianoid.com	Web Spam
🇺🇸 TPI-Abuse	2025-11-25 06:14:38 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.47.118 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.47.118 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 01:14:28.022668 2025] [security2:error] [pid 1817001:tid 1817061] [client 104.207.47.118:15099] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.potterpuppetpals.com"] [uri "/.env"] [unique_id "aSVJRGR1ttxeyDpsCa-HTAAAAZY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-25 05:06:04 (6 months ago)	Malicious activity detected	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:19:55 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.47.118 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.47.118 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:19:49.885794 2025] [security2:error] [pid 2183:tid 2183] [client 104.207.47.118:29083] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dogandponyband.com"] [uri "/.git/HEAD"] [unique_id "aSUuZYOL_3OBI6p53HG5nAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 03:04:29 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.47.118 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.47.118 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:04:25.181488 2025] [security2:error] [pid 709917:tid 709917] [client 104.207.47.118:51867] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.pagewideprinting.com"] [uri "/.git/HEAD"] [unique_id "aSUcuYkoRMAUoKsQYSc7xQAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 02:29:59 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.47.118 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.47.118 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 21:29:42.386807 2025] [security2:error] [pid 5075:tid 5075] [client 104.207.47.118:43319] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.brychta.net"] [uri "/.svn/wc.db"] [unique_id "aSUUlkz_UGjosigkmZ8LswAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-16 10:46:26 (6 months ago)	Attempted brute force login to web vpn 3 time(s); last attempt for 2025.11.16 is noted in report tim ... show more Attempted brute force login to web vpn 3 time(s); last attempt for 2025.11.16 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-11-12 10:28:52 (7 months ago)	Attempted brute force login to web vpn 12 time(s); last attempt for 2025.11.12 is noted in report ti ... show more Attempted brute force login to web vpn 12 time(s); last attempt for 2025.11.12 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-11-08 02:32:20 (7 months ago)	Attempted brute force login to web vpn 2 time(s); last attempt for 2025.11.08 is noted in report tim ... show more Attempted brute force login to web vpn 2 time(s); last attempt for 2025.11.08 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-11-01 18:44:08 (7 months ago)	[redacted] 104.207.47.118 - - [01/Nov/2025:19:43:56 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" " ... show more [redacted] 104.207.47.118 - - [01/Nov/2025:19:43:56 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (iPad; CPU OS 6_0_1 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A8426 Safari/8536.25" [redacted] 104.207.47.118 - - [01/Nov/2025:19:43:57 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/533.3 (KHTML, like Gecko) Qt/4.7.1 Safari/533.3" [redacted] 104.207.47.118 - - [01/Nov/2025:19:43:58 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Linux; Android 5.0.1; ALE-L23 Build/HuaweiALE-L23) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36" [redacted] 104.207.47.118 - - [01/Nov/2025:19:43:59 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-us) AppleWebKit/533.17.8 (KHTML, like Gecko) Version/5.0.1 Safari/533.17.8" joerg-shimon-schuldhess.c ... show less	Hacking Web App Attack
🇩🇪 Marc	2025-10-29 18:52:37 (7 months ago)		Brute-Force Web App Attack
Anonymous	2025-10-18 04:46:20 (7 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
🇨🇦 wil.com	2025-10-18 03:37:52 (7 months ago)	GlobalProtect login attempts with user sstrawn.	VPN IP Brute-Force
Anonymous	2025-10-05 03:00:40 (8 months ago)	Attempted brute force login to web vpn 2 time(s); last attempt for 2025.10.05 is noted in report tim ... show more Attempted brute force login to web vpn 2 time(s); last attempt for 2025.10.05 is noted in report timestamp show less	Hacking Brute-Force

Showing 1 to 15 of 135 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 192.3.196.157

🇧🇬 79.124.62.126

🇺🇸 64.121.80.105

🇺🇸 38.248.95.248

🇯🇵 8.216.8.34

🇺🇸 2607:f8b0:4023:1006::126

🇬🇧 217.174.244.15

🇩🇪 213.209.159.175

🇨🇳 203.55.221.42

🇺🇸 173.252.87.20

🇺🇸 162.217.162.248

🇨🇳 125.94.146.123

🇨🇳 119.39.192.224

🇺🇸 104.234.94.23

🇨🇦 70.49.224.123

🇺🇸 66.132.186.177

🇮🇳 59.182.92.14

🇨🇳 42.177.49.248

🇷🇺 31.177.79.11

🇸🇬 23.97.62.139