JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.49.213

104.207.49.213 was found in our database!

This IP was reported 132 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.49.213

Whois 104.207.49.213

IP Abuse Reports for 104.207.49.213:

This IP address has been reported a total of 132 times from 19 distinct sources. 104.207.49.213 was first reported on June 5th 2024, and the most recent report was 3 months ago.

Old Reports: The most recent abuse report for this IP address is from 3 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-03-02 21:19:18 (3 months ago)	Fuzzing/Looking for credentials files.	Brute-Force Web App Attack
🇦🇺 MAGIC	2026-01-19 03:06:55 (5 months ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇺🇸 TPI-Abuse	2026-01-09 13:12:48 (5 months ago)	(mod_security) mod_security (id:225170) triggered by 104.207.49.213 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 104.207.49.213 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 09 08:12:44.384004 2026] [security2:error] [pid 25641:tid 25641] [client 104.207.49.213:47105] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.jmms.mx\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.jmms.mx"] [uri "/wp-json/wp/v2/users"] [unique_id "aWD-zOtZQhDSuRmDcrzQsgAAAAM"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Psycho Solutions LLC	2026-01-05 16:00:34 (5 months ago)	Detected Wordpress Scanning. - Request Method: GET - Target: {PC} wp-json/wp/v2/users - User A ... show more Detected Wordpress Scanning. - Request Method: GET - Target: {PC} wp-json/wp/v2/users - User Agent: N/A - Timestamp: 1/5/2026 4:00 pm (UTC-6) show less	Web Spam Hacking Bad Web Bot Web App Attack
🇮🇩 BPS-StatisticsIndonesia	2025-12-18 13:19:37 (6 months ago)	WP Login Scan Activities	Web App Attack
🇮🇩 BPS-StatisticsIndonesia	2025-12-17 19:24:34 (6 months ago)	WP Login Scan Activities	Web App Attack
🇮🇩 BPS-StatisticsIndonesia	2025-12-04 18:53:15 (6 months ago)	WP Login Scan Activities	Web App Attack
🇺🇸 Psycho Solutions LLC	2025-11-10 00:48:24 (7 months ago)	Detected Wordpress Scanning. - Request Method: GET - Target: {PC} wp-json/wp/v2/users - User A ... show more Detected Wordpress Scanning. - Request Method: GET - Target: {PC} wp-json/wp/v2/users - User Agent: N/A - Timestamp: 11/10/2025 12:48 am (UTC-6) show less	Web Spam Hacking Bad Web Bot Web App Attack
🇺🇸 octageeks.com	2025-10-26 04:07:36 (7 months ago)	Wordpress malicious attack:[sshd]	Web App Attack
Anonymous	2025-10-25 18:03:55 (7 months ago)	2025-10-25T20:03:52.197490 localhost.localdomain sshd[912750]: pam_unix(sshd:auth): authentication f ... show more 2025-10-25T20:03:52.197490 localhost.localdomain sshd[912750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.49.213 2025-10-25T20:03:54.684795 localhost.localdomain sshd[912750]: Failed password for invalid user xylium.clan from 104.207.49.213 port 11505 ssh2 ... show less	Brute-Force SSH
🇺🇸 TPI-Abuse	2025-10-20 13:28:28 (8 months ago)	(mod_security) mod_security (id:225170) triggered by 104.207.49.213 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 104.207.49.213 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 20 09:28:23.437747 2025] [security2:error] [pid 24607:tid 24607] [client 104.207.49.213:43585] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|admin.turedinmobiliaria.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "admin.turedinmobiliaria.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aPY495gTnZ7o0rsLUMca3QAAAAQ"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-04-07 08:54:55 (1 year ago)	Attempted brute force login to web vpn 1 time(s); last attempt for 2025.04.07 is noted in report tim ... show more Attempted brute force login to web vpn 1 time(s); last attempt for 2025.04.07 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-04-06 18:45:25 (1 year ago)	Attempted brute force login to web vpn 5 time(s); last attempt for 2025.04.06 is noted in report tim ... show more Attempted brute force login to web vpn 5 time(s); last attempt for 2025.04.06 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-04-05 21:18:29 (1 year ago)	Attempted brute force login to web vpn 5 time(s); last attempt for 2025.04.05 is noted in report tim ... show more Attempted brute force login to web vpn 5 time(s); last attempt for 2025.04.05 is noted in report timestamp show less	Hacking Brute-Force
🇺🇸 TPI-Abuse	2025-04-04 20:45:26 (1 year ago)	(mod_security) mod_security (id:225170) triggered by 104.207.49.213 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 104.207.49.213 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 04 16:45:21.675535 2025] [security2:error] [pid 1630240:tid 1630240] [client 104.207.49.213:41425] [client 104.207.49.213] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|five21.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "five21.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z_BE4ZeZ_YblB2ZqBtuglgAAAAs"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 132 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇾 47.250.38.64

🇨🇳 222.176.201.62

🇿🇦 192.95.82.83

🇦🇲 176.32.193.16

🇹🇭 45.194.70.254

🇧🇪 34.140.16.38

🇲🇳 203.23.199.89

🇳🇱 185.224.128.16

🇭🇰 144.48.8.10

🇻🇳 116.109.32.206

🇩🇪 69.5.169.253

🇺🇸 47.251.161.178

🇸🇬 47.128.36.30

🇱🇹 45.227.254.170

🇳🇱 45.148.10.244

🇸🇬 43.156.239.194

🇺🇸 40.78.189.106

🇺🇸 209.38.147.173

🇩🇪 161.35.205.74

🇳🇱 104.23.171.84