JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.49.191

104.207.49.191 was found in our database!

This IP was reported 138 times. Confidence of Abuse is 1%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.49.191

Whois 104.207.49.191

IP Abuse Reports for 104.207.49.191:

This IP address has been reported a total of 138 times from 21 distinct sources. 104.207.49.191 was first reported on June 11th 2024, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇲🇹 Malta	2026-05-17 09:20:20 (3 weeks ago)	104.207.49.191 - - [17/May/2026:11:20:20 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows ... show more 104.207.49.191 - - [17/May/2026:11:20:20 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0" show less	Hacking Web App Attack VPN IP
🇦🇺 oncord	2026-03-12 11:32:02 (3 months ago)	Form spam	Web Spam
🇺🇸 TPI-Abuse	2026-01-13 12:34:33 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.191 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 13 07:34:25.284494 2026] [security2:error] [pid 1399285:tid 1399285] [client 104.207.49.191:12117] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kittysalterations.com"] [uri "/.env"] [unique_id "aWY70e0oXB_Wu1I7qss89AAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2026-01-13 11:55:21 (4 months ago)	Blocking for trying to access an exploit file: /.env	Hacking
🇺🇸 TPI-Abuse	2026-01-08 14:10:21 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.191 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 08 09:10:15.267777 2026] [security2:error] [pid 14132:tid 14132] [client 104.207.49.191:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "antitribu.com"] [uri "/.git/HEAD"] [unique_id "aV-6x9LzCYnEf8fkqrChRgAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2026-01-03 18:23:25 (5 months ago)	IM360 WAF: Attempt to upload malware	Hacking
Anonymous	2025-12-31 13:04:32 (5 months ago)	wordpress-trap	Web App Attack
Anonymous	2025-12-30 20:36:10 (5 months ago)	"GET /.git/HEAD HTTP/1.1"	Hacking Web App Attack
🇭🇷 IgorS.zg.hr	2025-12-30 11:29:49 (5 months ago)	Web application attack detected by fail2ban	Hacking Web App Attack
🇩🇪 Lino Project	2025-12-25 14:49:47 (5 months ago)	104.207.49.191 - - [25/Dec/2025:15:49:45 +0100] "GET /wp-admin/edit.php?post_type=page HTTP/2.0" 403 ... show more 104.207.49.191 - - [25/Dec/2025:15:49:45 +0100] "GET /wp-admin/edit.php?post_type=page HTTP/2.0" 403 2579 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.207 Safari/537.36" 104.207.49.191 - - [25/Dec/2025:15:49:46 +0100] "GET /wp-admin/edit.php HTTP/2.0" 403 2575 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.207 Safari/537.36" 104.207.49.191 - - [25/Dec/2025:15:49:46 +0100] "GET /wp-admin/edit.php HTTP/2.0" 403 2552 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.207 Safari/537.36" ... show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-09 16:06:10 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.191 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 09 11:06:06.601865 2025] [security2:error] [pid 26007:tid 26007] [client 104.207.49.191:31193] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "blessedhavenfarm.com"] [uri "/.git/HEAD"] [unique_id "aThI7oXG5ZGoaquSIbvFhgAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-09 15:43:02 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.191 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 09 10:42:56.011013 2025] [security2:error] [pid 23517:tid 23517] [client 104.207.49.191:49005] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jojofarmsohio.com"] [uri "/.git/HEAD"] [unique_id "aThDgM4FGGYmPN8ddttdMwAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-07 15:46:41 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.191 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 10:46:37.213900 2025] [security2:error] [pid 13241:tid 13241] [client 104.207.49.191:53533] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "yarbroughfamily.org"] [uri "/.svn/wc.db"] [unique_id "aTWhXb90XqcLRhP1tWmI3QAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-07 13:54:50 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.191 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 08:54:43.834216 2025] [security2:error] [pid 2669:tid 2669] [client 104.207.49.191:23799] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lcoor.org"] [uri "/.git/HEAD"] [unique_id "aTWHI0oDDuKcB-UmjkVGXAAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-06 16:15:51 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.191 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 06 11:15:46.640705 2025] [security2:error] [pid 7735:tid 7735] [client 104.207.49.191:48121] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "brychta.net"] [uri "/.svn/wc.db"] [unique_id "aTRWsohOI7Q6m1gwd2JfMAAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 138 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 187.12.48.70

🇷🇺 178.178.240.106

🇺🇸 147.185.132.250

🇺🇸 132.145.213.106

🇺🇸 104.21.83.228

🇿🇦 102.133.161.36

🇴🇲 89.147.184.173

🇷🇺 83.171.89.209

🇷🇺 72.56.242.111

🇺🇸 65.49.20.114

🇬🇧 37.143.61.84

🇺🇸 20.171.8.157

🇰🇷 210.95.176.50

🇧🇷 200.189.28.51

🇷🇴 193.32.162.76

🇮🇳 182.95.185.30

🇷🇺 176.211.42.202

🇺🇸 172.253.93.216

🇺🇸 162.216.149.78

🇸🇬 152.42.177.179