JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.47.28

104.207.47.28 was found in our database!

This IP was reported 170 times. Confidence of Abuse is 26%: ?

26%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.47.28

Whois 104.207.47.28

IP Abuse Reports for 104.207.47.28:

This IP address has been reported a total of 170 times from 28 distinct sources. 104.207.47.28 was first reported on June 11th 2024, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 mnsf	2026-06-02 14:08:26 (2 days ago)	Abuse Detected (1)	Brute-Force Web App Attack
🇫🇷 ELYAZ	2026-06-01 15:14:24 (3 days ago)	(y4) Failed scan -byebye- from 104.207.47.28 (US/United States/-): (CF_ENABLE)	Hacking
🇫🇷 ELYAZ	2026-05-31 07:41:05 (5 days ago)	(y4) Failed scan -byebye- from 104.207.47.28 (US/United States/-): (CF_ENABLE)	Hacking
🇧🇪 cmbplf	2026-05-29 20:27:24 (6 days ago)	3.351 POST requests with url.path */wp-login.php 2.215 requests with url.path //xmlrpc.php	Brute-Force Bad Web Bot
🇨🇭 Origon	2026-05-13 16:45:58 (3 weeks ago)	http-crawl-non_statics - IP: 104.207.47.28 - time="2026-05-13T18:45:58+02:00" level=info msg="(555f ... show more http-crawl-non_statics - IP: 104.207.47.28 - time="2026-05-13T18:45:58+02:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-crawl-non_statics by ip 104.207.47.28 (US/200373) : 4h ban on Ip 104.207.47.28" module=db show less	Bad Web Bot
🇦🇺 RedBear IT	2026-03-26 10:00:37 (2 months ago)	"DDoS against public endpoint"	DDoS Attack
🇮🇩 penjaga BRIN	2026-03-23 14:45:42 (2 months ago)	SQL injection attempt	SQL Injection
🇩🇪 Hazzard	2026-03-18 15:16:57 (2 months ago)	(wordpress) Failed wordpress login from 104.207.47.28 (US/United States/Virginia/Ashburn/-/[redacted ... show more (wordpress) Failed wordpress login from 104.207.47.28 (US/United States/Virginia/Ashburn/-/[redacted]): (CF_ENABLE) show less	Brute-Force
🇺🇸 TPI-Abuse	2026-01-04 10:51:46 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.47.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.47.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 04 05:51:43.261924 2026] [security2:error] [pid 20402:tid 20402] [client 104.207.47.28:23463] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fiasdesigns.com"] [uri "/wp-config.php"] [unique_id "aVpGP1MKpnLvDlKMQ8arTAAAACE"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 403veli	2026-01-01 16:04:17 (5 months ago)	Confirmed malicious activity observed via T-Pot honeypot Observed 11 events on port 80 (unknown) fro ... show more Confirmed malicious activity observed via T-Pot honeypot Observed 11 events on port 80 (unknown) from 2026-01-01T16:04:17+00:00 to 2026-01-01T16:05:26.633000+00:00. Sample: {"src_port": 13303, "dest_port": 80, "src_ip": "104.207.47.28"} show less	Port Scan
🇺🇸 TPI-Abuse	2025-12-08 19:56:46 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.47.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.47.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 08 14:56:39.975861 2025] [security2:error] [pid 31464:tid 31464] [client 104.207.47.28:51965] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "trailermesomewhere.com"] [uri "/.git/HEAD"] [unique_id "aTctd9XazbuhgRbPslLU5wAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-07 12:47:22 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.47.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.47.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 07:47:15.919225 2025] [security2:error] [pid 21825:tid 21825] [client 104.207.47.28:15261] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "crescentcitycafe.org"] [uri "/.svn/wc.db"] [unique_id "aTV3UxnSY3FfFCsyP4krcQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇸🇪 SkyDancer	2025-12-07 00:08:04 (5 months ago)	Multiple intrusion attempts via http/https on known vulnerable url offsets. Attack automatically blo ... show more Multiple intrusion attempts via http/https on known vulnerable url offsets. Attack automatically blocked by SkyDancer Ai(web-X). show less	Hacking Brute-Force
🇺🇸 TPI-Abuse	2025-12-06 11:21:49 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.47.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.47.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 06 06:21:42.613055 2025] [security2:error] [pid 6234:tid 6234] [client 104.207.47.28:43093] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "skyground.net"] [uri "/.svn/wc.db"] [unique_id "aTQRxvkB_mE3RU5imBK9PwAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 16:07:30 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.47.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.47.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 11:07:26.330845 2025] [security2:error] [pid 4817:tid 4817] [client 104.207.47.28:24855] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "willmarksynthetics.com"] [uri "/.git/HEAD"] [unique_id "aTMDPrT7CX1ydAWMKVZZLgAAABo"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 170 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇦🇺 103.209.254.239

🇬🇧 35.203.210.18

🇫🇷 213.199.45.235

🇦🇷 200.55.245.152

🇺🇸 162.216.150.182

🇩🇪 158.94.208.66

🇭🇰 152.32.186.240

🇸🇬 118.194.235.105

🇺🇸 66.132.195.68

🇺🇸 50.6.224.135

🇬🇧 35.203.211.39

🇺🇸 34.122.210.220

🇬🇧 213.166.84.35

🇺🇸 207.90.244.18

🇹🇳 197.26.104.145

🇫🇮 147.185.133.146

🇮🇪 108.130.249.166

🇺🇸 107.172.116.102

🇲🇦 105.157.131.91

🇸🇬 101.100.194.181