JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.49.127

104.207.49.127 was found in our database!

This IP was reported 132 times. Confidence of Abuse is 15%: ?

15%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.49.127

Whois 104.207.49.127

IP Abuse Reports for 104.207.49.127:

This IP address has been reported a total of 132 times from 19 distinct sources. 104.207.49.127 was first reported on June 5th 2024, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Sklurk	2026-06-17 01:55:21 (1 day ago)	Web App Attack	Web App Attack
🇺🇸 oncord	2026-06-13 18:20:31 (5 days ago)	Form spam	Web Spam
🇺🇸 TPI-Abuse	2026-01-07 19:14:59 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.127 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.127 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 07 14:14:53.785566 2026] [security2:error] [pid 26525:tid 26525] [client 104.207.49.127:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "easy-byte.net"] [uri "/.svn/wc.db"] [unique_id "aV6wrcggBRjhtapU_RqJMAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-12-30 20:33:26 (5 months ago)	"GET /.env HTTP/1.1"	Hacking Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:07 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-12-29 05:28:51 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.127 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.127 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 00:28:49.135712 2025] [security2:error] [pid 8590:tid 8590] [client 104.207.49.127:15619] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dginstruments.com"] [uri "/.git/HEAD"] [unique_id "aVIRkQHxymM9DINL4OEBZQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-27 23:41:06 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.127 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.127 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 18:41:01.801405 2025] [security2:error] [pid 12809:tid 12809] [client 104.207.49.127:13349] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "christianbroadcastingleague.com"] [uri "/.svn/wc.db"] [unique_id "aVBujSag89vslnBFeIqfJQAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-27 23:02:16 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.127 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.127 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 18:02:04.239345 2025] [security2:error] [pid 15834:tid 15834] [client 104.207.49.127:26363] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "daveroozendaal.com"] [uri "/.svn/wc.db"] [unique_id "aVBlbEb8v9IPo_qGEiPw_QAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇭🇷 IgorS.zg.hr	2025-12-27 22:42:04 (5 months ago)	Web application attack detected by fail2ban	Hacking Web App Attack
🇯🇵 Valhalla	2025-12-27 22:41:31 (5 months ago)	/.env	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-12-27 21:25:26 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.127 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.127 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 16:25:22.741105 2025] [security2:error] [pid 28454:tid 28454] [client 104.207.49.127:35649] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "intrialconsultants.com"] [uri "/.git/HEAD"] [unique_id "aVBOwsUSPybIpRiVyKkttgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 jkhorvath.com	2025-12-27 20:24:34 (5 months ago)	Request for URL /.git/HEAD	Phishing Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-12-26 08:33:22 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.127 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.127 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 26 03:33:17.485612 2025] [security2:error] [pid 3143:tid 3143] [client 104.207.49.127:9319] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "charleshenri.net.cblanchard.online"] [uri "/.git/HEAD"] [unique_id "aU5ITaCuT73wb0tBn-eKgAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 mrcrassi	2025-12-12 06:54:05 (6 months ago)	Triggered Cloudflare WAF (firewallCustom) from CA. Action taken: BLOCK Protocol: HTTP/1.1 (POST meth ... show more Triggered Cloudflare WAF (firewallCustom) from CA. Action taken: BLOCK Protocol: HTTP/1.1 (POST method) Endpoint: /wp-login.php UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇧🇪 voormedia	2025-12-10 14:58:27 (6 months ago)	Accessed trap at '/wp-login.php'	Web App Attack

Showing 1 to 15 of 132 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇻🇳 183.91.186.36

🇨🇦 209.42.25.22

🇺🇸 207.90.244.26

🇸🇬 165.154.205.128

🇺🇸 162.216.150.80

🇺🇸 136.118.254.150

🇳🇬 102.88.137.145

🇨🇦 85.217.149.70

🇫🇷 85.217.140.28

🇺🇸 50.247.189.189

🇺🇸 45.33.52.85

🇬🇧 35.203.210.131

🇺🇸 198.62.5.172

🇵🇱 194.180.48.148

🇰🇷 175.198.180.129

🇫🇮 147.185.133.208

🇺🇸 147.185.132.131

🇸🇬 101.127.101.225

🇷🇴 92.118.39.86

🇵🇱 89.73.101.92