JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.49.252

104.207.49.252 was found in our database!

This IP was reported 136 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.49.252

Whois 104.207.49.252

IP Abuse Reports for 104.207.49.252:

This IP address has been reported a total of 136 times from 18 distinct sources. 104.207.49.252 was first reported on June 12th 2024, and the most recent report was 3 months ago.

Old Reports: The most recent abuse report for this IP address is from 3 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-02-15 13:05:42 (3 months ago)	WAF repeated trigger detected by Fail2Ban	Web App Attack
🇫🇷 dynamix	2026-02-15 06:17:57 (3 months ago)	Multiple WAF Violations	Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 05:08:52 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.252 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 00:08:47.175063 2026] [security2:error] [pid 17315:tid 17315] [client 104.207.49.252:62573] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "octaviomontes.com"] [uri "/api/.git/config"] [unique_id "aZFU37Mo6LmSbQ0YRgGGTQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Mangelot Hosting	2026-02-15 04:09:35 (3 months ago)	(modsecurity) srv102 ModSecurity 104.207.49.252 (BR/Brazil/-): 5 in the last 3600 secs; Ports: ; Di ... show more (modsecurity) srv102 ModSecurity 104.207.49.252 (BR/Brazil/-): 5 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
🇺🇸 mnsf	2026-02-15 04:05:37 (3 months ago)	Scanning/Probing (23)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 03:49:03 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.252 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 22:48:57.844888 2026] [security2:error] [pid 14690:tid 14690] [client 104.207.49.252:52481] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "portraitsinblues.com"] [uri "/frontend/.env"] [unique_id "aZFCKb-dFBJVcnz5cnKSUwAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 02:52:31 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.252 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 21:52:25.665560 2026] [security2:error] [pid 4899:tid 4899] [client 104.207.49.252:33273] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rx-art.com"] [uri "/api/.env"] [unique_id "aZE06YzjfSXlaf1vuAzi3AAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 01:46:00 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.252 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 20:45:48.612612 2026] [security2:error] [pid 9424:tid 9424] [client 104.207.49.252:38397] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rosemeadefarms.com"] [uri "/backup/.git/config"] [unique_id "aZElTGQ0BaNTXmPIGV9ijAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 01:23:46 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.252 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 20:23:43.703566 2026] [security2:error] [pid 1079397:tid 1079397] [client 104.207.49.252:19663] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nccb.org"] [uri "/.env.local"] [unique_id "aZEgH_h0pCl3lPPdLcUqDAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 01:01:46 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.252 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 20:01:41.485968 2026] [security2:error] [pid 8887:tid 8887] [client 104.207.49.252:20801] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rocknwalktours.com"] [uri "/.env.save"] [unique_id "aZEa9c32nniTLYfzhURmHwAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 F242	2026-01-30 05:57:47 (4 months ago)	Wordpress Login or XMLRPC abuse	Web App Attack
🇦🇺 MAGIC	2026-01-19 02:07:52 (4 months ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇮🇹 VHosting	2026-01-02 12:35:13 (5 months ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇦🇺 MAGIC	2025-12-07 00:05:41 (5 months ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇳🇱 homeshowdomain.nl	2025-11-25 23:04:28 (6 months ago)	Auto-ban: >3000 req/min op 2025-11-25	Hacking Web App Attack SSH

Showing 1 to 15 of 136 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 162.216.149.159

🇨🇳 219.142.251.122

🇺🇸 109.105.210.57

🇨🇳 103.152.76.141

🇺🇸 72.241.202.104

🇺🇸 52.13.219.52

🇺🇸 45.132.74.249

🇺🇸 40.124.174.209

🇺🇸 20.65.194.85

🇦🇺 3.106.188.147

🇪🇬 197.199.224.52

🇱🇻 195.123.213.182

🇫🇮 147.185.133.245

🇦🇪 132.243.121.237

🇮🇩 103.156.164.21

🇧🇬 91.191.209.118

🇧🇾 86.57.173.115

🇬🇧 81.19.219.233

🇧🇬 79.124.58.142

🇺🇸 57.141.0.36