JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.47.20

104.207.47.20 was found in our database!

This IP was reported 102 times. Confidence of Abuse is 12%: ?

12%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.47.20

Whois 104.207.47.20

IP Abuse Reports for 104.207.47.20:

This IP address has been reported a total of 102 times from 20 distinct sources. 104.207.47.20 was first reported on June 20th 2024, and the most recent report was 17 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 webgobe	2026-06-04 15:55:36 (17 hours ago)	wew-Joomla User : try to access forms...	Hacking
🇬🇧 PeravixGroup	2026-05-07 04:45:55 (4 weeks ago)	Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severit ... show more Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
Anonymous	2026-02-28 21:00:13 (3 months ago)	Forum/form spam	Web Spam
🇮🇹 VHosting	2026-02-18 22:22:59 (3 months ago)	Detected attack and reported by a human	Brute-Force Web App Attack SSH DDoS Attack Exploited Host Bad Web Bot
🇦🇺 MAGIC	2026-02-05 00:17:09 (4 months ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇮🇹 VHosting	2025-12-29 14:30:12 (5 months ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇺🇸 mnsf	2025-12-26 05:05:37 (5 months ago)	Too many Status 40X (15)	Brute-Force Web App Attack
🇮🇩 securejdprop	2025-12-14 00:30:00 (5 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET INFO User-Agent ... show more This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET INFO User-Agent (python-requests) Inbound to Webserver). Ip 104.207.47.20 performed 'crowdsecurity/suricata-major-severity' (1 events over 0s) at 2025-12-14 00:29:58.060117813 +0000 UTC show less	Web App Attack
Anonymous	2025-11-28 20:33:59 (6 months ago)	Forum/form spam	Web Spam
🇺🇸 TPI-Abuse	2025-11-26 12:15:03 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.47.20 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.47.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 07:14:58.375749 2025] [security2:error] [pid 26366:tid 26366] [client 104.207.47.20:33913] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.michaels-house.net"] [uri "/.git/HEAD"] [unique_id "aSbvQmsVHFkN2vAvVJz8vwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 09:25:19 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.47.20 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.47.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 04:25:12.316067 2025] [security2:error] [pid 9286:tid 9286] [client 104.207.47.20:53787] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.major33.com"] [uri "/.env"] [unique_id "aSbHeI2BBww1ijTSQiNgWAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 EGP Abuse Dept	2025-11-26 06:32:03 (6 months ago)	forum signup bot	Web Spam Blog Spam Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 05:58:49 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.47.20 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.47.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 00:58:43.556880 2025] [security2:error] [pid 18275:tid 18275] [client 104.207.47.20:59175] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.persnicketyinc.com"] [uri "/.git/HEAD"] [unique_id "aSaXE-yQ4nKMSCxkCFikUQAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 02:27:46 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.47.20 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.47.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 21:27:40.125412 2025] [security2:error] [pid 26871:tid 26871] [client 104.207.47.20:31613] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.eurocs2.com"] [uri "/.svn/wc.db"] [unique_id "aSZlnBiYYjss2wIIaXBfHwAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 00:56:13 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.47.20 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.47.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 19:56:08.855036 2025] [security2:error] [pid 31896:tid 31896] [client 104.207.47.20:19449] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.golflavahotsprings.com"] [uri "/.svn/wc.db"] [unique_id "aSZQKEHO0Edjptw1Ig8gTQAAACE"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 102 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 209.85.217.67

🇸🇬 185.200.116.76

🇫🇮 147.185.133.211

🇿🇦 102.129.53.156

🇱🇹 81.30.98.144

🇺🇸 78.153.155.152

🇳🇱 45.148.10.157

🇧🇪 35.233.69.42

🇹🇼 1.173.180.195

🇩🇪 213.209.159.56

🇧🇴 181.115.147.5

🇵🇰 175.107.0.150

🇺🇸 74.48.105.66

🇺🇸 65.49.1.222

🇮🇳 49.42.179.83

🇧🇴 190.181.44.194

🇺🇿 185.213.230.182

🇮🇹 178.239.180.109

🇸🇬 175.41.157.39

🇻🇺 138.226.239.12