JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.49.28

104.207.49.28 was found in our database!

This IP was reported 133 times. Confidence of Abuse is 2%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.49.28

Whois 104.207.49.28

IP Abuse Reports for 104.207.49.28:

This IP address has been reported a total of 133 times from 16 distinct sources. 104.207.49.28 was first reported on June 4th 2024, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 oncord	2026-05-17 14:44:25 (2 weeks ago)	Form spam	Web Spam
🇦🇺 oncord	2026-04-21 09:29:42 (1 month ago)	Form spam	Web Spam
🇦🇺 oncord	2026-04-08 05:16:17 (1 month ago)	Form spam	Web Spam
🇦🇺 oncord	2026-03-16 07:49:33 (2 months ago)	Form spam	Web Spam
🇺🇸 TPI-Abuse	2026-02-18 03:47:10 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 17 22:47:05.514998 2026] [security2:error] [pid 1634266:tid 1634266] [client 104.207.49.28:32685] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "robertet.co"] [uri "/.env.production"] [unique_id "aZU2OZ8HNXICCF3vELjmBgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 02:05:13 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 17 21:05:04.231379 2026] [security2:error] [pid 19175:tid 19175] [client 104.207.49.28:21083] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "register-yacht-cook-islands.com"] [uri "/config/.env"] [unique_id "aZUeUNkmS6fDFLmfmCzv3wAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 00:49:05 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 17 19:48:57.908104 2026] [security2:error] [pid 22993:tid 22993] [client 104.207.49.28:13509] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "paulbihn.com"] [uri "/backup/.git/config"] [unique_id "aZUMeRsO2kaPyKUPJ2EvKAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2025-12-29 00:29:31 (5 months ago)	Multiple WAF Violations	Web App Attack
🇺🇸 oncord	2025-12-28 02:34:11 (5 months ago)	Form spam	Web Spam
🇮🇹 VHosting	2025-12-27 16:40:04 (5 months ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇦🇺 oncord	2025-12-22 22:18:37 (5 months ago)	Form spam	Web Spam
🇫🇷 dynamix	2025-12-22 11:54:35 (5 months ago)	Multiple WAF Violations	Web App Attack
🇦🇺 oncord	2025-12-07 06:38:55 (5 months ago)	Form spam	Web Spam
🇺🇸 oncord	2025-12-04 04:59:47 (6 months ago)	Form spam	Web Spam
🇺🇸 TPI-Abuse	2025-11-24 09:43:33 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:43:27.952189 2025] [security2:error] [pid 31829:tid 31829] [client 104.207.49.28:9561] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.intermixx.net"] [uri "/.git/HEAD"] [unique_id "aSQovyA0pX80Yc3aEy54VQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 133 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 110.249.202.24

🇳🇱 45.148.10.183

🇮🇳 182.78.107.6

🇧🇷 177.55.226.226

🇺🇸 172.214.209.153

🇺🇸 162.216.149.172

🇭🇰 161.81.28.121

🇨🇳 117.50.177.222

🇵🇭 112.207.160.161

🇧🇩 103.112.54.86

🇷🇴 80.94.92.171

🇺🇸 74.125.181.154

🇺🇸 66.132.172.98

🇵🇰 39.38.112.80

🇨🇳 221.233.52.218

🇰🇷 221.163.5.228

🇺🇸 165.154.235.9

🇳🇬 165.154.10.201

🇧🇩 103.163.117.83

🇻🇳 103.159.54.61