JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.49.27

104.207.49.27 was found in our database!

This IP was reported 146 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.49.27

Whois 104.207.49.27

IP Abuse Reports for 104.207.49.27:

This IP address has been reported a total of 146 times from 23 distinct sources. 104.207.49.27 was first reported on June 4th 2024, and the most recent report was 2 months ago.

Old Reports: The most recent abuse report for this IP address is from 2 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 masterguru	2026-04-06 00:02:32 (2 months ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.49.27 (BR/Brazil/-): 1 in the last 360 ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.49.27 (BR/Brazil/-): 1 in the last 3600 secs (0-196) show less	Hacking
🇫🇷 masterguru	2026-03-31 11:27:13 (2 months ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.49.27 (BR/Brazil/-): 1 in the last 360 ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.49.27 (BR/Brazil/-): 1 in the last 3600 secs (0-196) show less	Hacking
🇫🇷 masterguru	2026-03-29 14:36:25 (2 months ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.49.27 (BR/Brazil/-): 1 in the last 360 ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.49.27 (BR/Brazil/-): 1 in the last 3600 secs (0-193) show less	Hacking
🇱🇻 garmtech.com	2026-03-29 14:28:20 (2 months ago)	IM360 WAF: WordPress plugin/theme auto install block	Web App Attack
🇱🇻 garmtech.com	2026-03-23 09:19:05 (2 months ago)	IM360 WAF: Attempt to upload malware	Hacking
🇳🇱 homeshowdomain.nl	2026-03-02 22:59:54 (3 months ago)	Auto-ban: >3000 req/min op 2026-03-02	Web App Attack SSH Hacking
🇳🇱 jjnxpct	2026-02-16 04:54:35 (3 months ago)	Automated security incident from hosting server. ModSecurity blocked suspicious request targeting UR ... show more Automated security incident from hosting server. ModSecurity blocked suspicious request targeting URI: /config/.env (Rule ID: 930130) - Restricted File Access Attempt [Suspicious: .env found within REQUEST_FILENAME: /config/.env] show less	Hacking Web App Attack
🇳🇱 Mangelot Hosting	2026-02-15 12:18:18 (3 months ago)	(modsecurity) srv101 ModSecurity 104.207.49.27 (BR/Brazil/-): 5 in the last 3600 secs; Ports: ; Dir ... show more (modsecurity) srv101 ModSecurity 104.207.49.27 (BR/Brazil/-): 5 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 06:59:45 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 01:59:40.068830 2026] [security2:error] [pid 23665:tid 23665] [client 104.207.49.27:64127] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "psicotanato.com"] [uri "/test/.git/config"] [unique_id "aZFu3GMeXV2as8wekfiyIwAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 06:40:22 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 01:40:19.123729 2026] [security2:error] [pid 15179:tid 15206] [client 104.207.49.27:32671] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "oplconnect.com"] [uri "/admin/.git/config"] [unique_id "aZFqUxTYrrASWRUQoAVasAAAAFY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 05:23:01 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 00:22:58.582404 2026] [security2:error] [pid 31309:tid 31309] [client 104.207.49.27:52781] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "printedweddingmenus.com"] [uri "/admin/.env"] [unique_id "aZFYMq4r638U9Jm1MYR8ngAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-02-15 05:05:19 (3 months ago)	Scanning/Probing (23)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 05:03:09 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 00:03:02.323891 2026] [security2:error] [pid 5048:tid 5048] [client 104.207.49.27:32335] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "oceandrivebeach.net"] [uri "/.env.staging"] [unique_id "aZFThlVqOe8uepd83O4btAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 Origon	2026-02-15 05:01:46 (3 months ago)	http-sensitive-files - IP: 104.207.49.27 - time="2026-02-15T06:01:46+01:00" level=info msg="(555f66 ... show more http-sensitive-files - IP: 104.207.49.27 - time="2026-02-15T06:01:46+01:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-sensitive-files by ip 104.207.49.27 (BR/200373) : 4h ban on Ip 104.207.49.27" module=db show less	Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 03:58:56 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 22:58:53.808340 2026] [security2:error] [pid 271501:tid 271501] [client 104.207.49.27:24403] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nothotmail.org"] [uri "/.env.production"] [unique_id "aZFEfUtbyOpc0qL_zzWd6gAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 146 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 221.10.42.66

🇰🇭 203.144.76.155

🇨🇳 180.100.198.68

🇺🇸 66.132.186.169

🇸🇦 51.36.170.100

🇺🇸 49.51.183.75

🇧🇪 198.235.24.183

🇻🇪 190.206.116.113

🇸🇻 190.150.121.60

🇫🇷 176.169.156.110

🇵🇰 110.93.224.226

🇳🇱 81.19.216.111

🇮🇹 57.131.49.91

🇺🇸 47.251.51.40

🇵🇱 46.20.58.224

🇹🇷 31.40.204.166

🇨🇦 13.71.185.109

🇨🇳 182.243.178.173

🇨🇳 182.138.158.122

🇫🇷 176.191.43.176