JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.47.51

104.207.47.51 was found in our database!

This IP was reported 142 times. Confidence of Abuse is 11%: ?

11%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.47.51

Whois 104.207.47.51

IP Abuse Reports for 104.207.47.51:

This IP address has been reported a total of 142 times from 23 distinct sources. 104.207.47.51 was first reported on June 11th 2024, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 LRob.fr	2026-06-19 15:15:06 (2 days ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇵🇱 stareradia.pl	2026-05-06 03:58:46 (1 month ago)	[Wed May 06 05:58:15.609410 2026] [php:error] [pid 4056762:tid 4056762] [client 104.207.47.51:0] scr ... show more [Wed May 06 05:58:15.609410 2026] [php:error] [pid 4056762:tid 4056762] [client 104.207.47.51:0] script '/var/www/html/profile.php' not found or unable to stat, referer: https://forum-trioda.pl/ [Wed May 06 05:58:21.916412 2026] [php:error] [pid 4016211:tid 4016211] [client 104.207.47.51:0] script '/var/www/html/profile.php' not found or unable to stat, referer: https://forum-trioda.pl/ [Wed May 06 05:58:22.853537 2026] [php:error] [pid 4056762:tid 4056762] [client 104.207.47.51:0] script '/var/www/html/profile.php' not found or unable to stat, referer: https://forum-trioda.pl/ucp.php?mode=register&agreed=true&iscanyesno=yeswecan&step=2&coppa=0 [Wed May 06 05:58:45.638974 2026] [php:error] [pid 4055290:tid 4055290] [client 104.207.47.51:0] script '/var/www/html/profile.php' not found or unable to stat, referer: https://forum-trioda.pl/ ... show less	Web App Attack
🇳🇱 EGP Abuse Dept	2026-02-24 06:52:09 (3 months ago)	Scanning for web/db/file exploits on www.ogen.com	SQL Injection Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 21:13:05 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.47.51 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.47.51 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 16:12:59.117600 2025] [security2:error] [pid 3002:tid 3002] [client 104.207.47.51:49415] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mdgcontrols.com"] [uri "/.git/HEAD"] [unique_id "aS9WW3r4wsAT3OvBga4MxAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 12:11:24 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.47.51 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.47.51 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 07:11:18.238488 2025] [security2:error] [pid 4660:tid 4680] [client 104.207.47.51:60825] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "penboy7.com"] [uri "/.git/HEAD"] [unique_id "aS7XZk6M3RhR5_FEjlWoagAAAJE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-12-02 10:16:35 (6 months ago)	Malicious activity detected	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 05:16:16 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.47.51 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.47.51 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 00:16:11.345175 2025] [security2:error] [pid 1831:tid 1831] [client 104.207.47.51:24223] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ithacalions.com"] [uri "/.git/HEAD"] [unique_id "aS52G7ZBXO0EETn-eOZfmwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 04:58:22 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.47.51 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.47.51 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 23:58:13.814219 2025] [security2:error] [pid 12108:tid 12108] [client 104.207.47.51:42661] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kinkycouple4u.com"] [uri "/.git/HEAD"] [unique_id "aS5x5eO6IAP020LlYmKZpAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 07:23:03 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.47.51 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.47.51 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 02:22:54.548720 2025] [security2:error] [pid 5756:tid 5756] [client 104.207.47.51:46153] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.tigerpathteam.org"] [uri "/.svn/wc.db"] [unique_id "aSVZThukwDrFpuvK_T_yKgAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 octageeks.com	2025-10-27 04:08:55 (7 months ago)	Wordpress malicious attack:[octaflood]	Web App Attack
🇺🇸 TPI-Abuse	2025-10-23 19:58:47 (7 months ago)	(mod_security) mod_security (id:220150) triggered by 104.207.47.51 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:220150) triggered by 104.207.47.51 (-): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 23 15:57:49.746777 2025] [security2:error] [pid 6177:tid 6177] [client 104.207.47.51:11857] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:union(?:\\\\/\\\\.\\\\\\\\/)?select)" at ARGS:order. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5671"] [id "220150"] [rev "4"] [msg "COMODO WAF: SQL injection vulnerability in Ginkgo CMS 5.0 (CVE-2013-5318)\|\|kountz.org\|F\|2"] [data "mname////and//row(2018,1386)>(select//count(),concat(0x6d766652,(select//(elt(2836=2836,1))),0x66397536,floor(rand(0)2))x//from//(select//2027//union//select//8505//union//select//7491//union//select//4808)a//group//by/**/x)"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kountz.org"] [uri "/famsearch.php"] [unique_id "aPqIvclV8GYuhcxV08m9bgAAACE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-10-16 16:34:46 (8 months ago)	Attempted brute force login to web vpn 1 time(s); last attempt for 2025.10.16 is noted in report tim ... show more Attempted brute force login to web vpn 1 time(s); last attempt for 2025.10.16 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-10-16 11:12:15 (8 months ago)	WordPress Brute Force	Brute-Force
Anonymous	2025-10-16 08:47:20 (8 months ago)	[redacted] 104.207.47.51 - - [16/Oct/2025:10:46:42 +0200] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "M ... show more [redacted] 104.207.47.51 - - [16/Oct/2025:10:46:42 +0200] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/312.8 (KHTML, like Gecko) Safari/312.6" [redacted] 104.207.47.51 - - [16/Oct/2025:10:46:46 +0200] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Linux; Android 6.0; LENNY3 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.85 Mobile Safari/537.36" [redacted] 104.207.47.51 - - [16/Oct/2025:10:46:48 +0200] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)" [redacted] 104.207.47.51 - - [16/Oct/2025:10:46:50 +0200] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Linux; Android 6.0; MYA-L03 Build/HUAWEIMYA-L03; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/69.0.3497.100 Mobile Safari/537.36 [FB_IAB/FB4A;FBAV/193.0.0.45.101;]" [redacted] 104.207.47.51 - - ... show less	Hacking Web App Attack
🇨🇦 wil.com	2025-10-15 03:14:01 (8 months ago)	GlobalProtect login attempts with user rampseehale.	VPN IP Brute-Force

Showing 1 to 15 of 142 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 193.163.125.241

🇺🇸 100.33.140.195

🇫🇷 2001:41d0:33a:a00::40a

🇨🇳 180.76.226.129

🇨🇳 116.171.162.109

🇺🇸 66.132.195.58

🇵🇪 45.236.44.109

🇺🇸 43.153.70.250

🇳🇱 204.76.203.219

🇧🇷 177.69.176.217

🇺🇸 167.99.5.1

🇰🇷 106.246.224.218

🇩🇪 46.225.189.44

🇳🇱 45.148.10.141

🇳🇱 45.142.193.24

🇫🇮 37.27.197.191

🇳🇱 5.61.209.224

🇳🇱 5.61.209.92

🇯🇴 2a01:9700:4f0d:1000:d49f:ab69:df20:44b5

🇺🇸 216.45.75.104