JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.49.85

104.207.49.85 was found in our database!

This IP was reported 135 times. Confidence of Abuse is 11%: ?

11%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.49.85

Whois 104.207.49.85

IP Abuse Reports for 104.207.49.85:

This IP address has been reported a total of 135 times from 16 distinct sources. 104.207.49.85 was first reported on June 20th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 mnsf	2026-05-25 11:05:34 (1 week ago)	Scanning/Probing (24)	Brute-Force Web App Attack
🇩🇪 IVski	2026-05-13 05:41:00 (3 weeks ago)	IVski WAF \| WordPress scanner detected - probing wp-content, xmlrpc or wp-login	Port Scan Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-01-17 01:44:49 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 20:44:42.608448 2026] [security2:error] [pid 10114:tid 10114] [client 104.207.49.85:42551] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.g-peopleland.com"] [uri "/.env"] [unique_id "aWrpioO2axJwSGaFNsiPwgAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-12-29 00:49:35 (5 months ago)	2025-12-29T02:49:35.352288+02:00 zanati wp(www.sahpa.co.za)[398020]: Blocked authentication attempt ... show more 2025-12-29T02:49:35.352288+02:00 zanati wp(www.sahpa.co.za)[398020]: Blocked authentication attempt for [email protected] from 104.207.49.85 ... show less	Web App Attack
🇦🇺 MAGIC	2025-12-23 02:08:26 (5 months ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇫🇮 Shaik Sai Meera	2025-12-08 05:30:10 (5 months ago)	IM360 WAF: Hidden file access	Brute-Force
🇺🇸 myagent.site	2025-12-07 23:33:38 (5 months ago)	Blocking for trying to access an exploit file: /.env	Hacking
🇳🇱 homeshowdomain.nl	2025-12-06 23:01:55 (5 months ago)	Auto-ban: >3000 req/min op 2025-12-06	Hacking Web App Attack SSH
🇺🇸 TPI-Abuse	2025-12-06 16:00:49 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 06 11:00:40.823231 2025] [security2:error] [pid 10586:tid 10586] [client 104.207.49.85:51647] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "m2pg.net"] [uri "/.env"] [unique_id "aTRTKEFRfrJXcpn8neGCWgAAAD0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-06 11:44:07 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 06 06:44:03.385857 2025] [security2:error] [pid 25455:tid 25455] [client 104.207.49.85:28437] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "janicestewart.net"] [uri "/.env"] [unique_id "aTQXA4c6xrtkcd4MqfGq4QAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 11:49:54 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 06:49:48.647236 2025] [security2:error] [pid 4093:tid 4096] [client 104.207.49.85:57749] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rubenluis.com"] [uri "/.svn/wc.db"] [unique_id "aTLG3NdLWVSCqCkPv_tQJgAAAEA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 08:41:11 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 03:41:07.080813 2025] [security2:error] [pid 30537:tid 30537] [client 104.207.49.85:14499] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "copiersraleigh.com"] [uri "/.env"] [unique_id "aTKao6qnmgLqnNk7TlgWcgAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 07:39:26 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 02:39:19.008374 2025] [security2:error] [pid 5853:tid 5853] [client 104.207.49.85:42257] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "koreasesame.com"] [uri "/.svn/wc.db"] [unique_id "aTKMJ_hJ-YU91MIwhFP5eAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 04:48:42 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 04 23:48:38.389611 2025] [security2:error] [pid 27834:tid 27834] [client 104.207.49.85:24493] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gescosigns.com"] [uri "/.git/HEAD"] [unique_id "aTJkJuzawau8shJZ08DQEwAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-03 09:03:14 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 03 04:03:06.247269 2025] [security2:error] [pid 27410:tid 27410] [client 104.207.49.85:28065] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jewishventura.org"] [uri "/.svn/wc.db"] [unique_id "aS_8yjXFeXMBlKH5J2wtmwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 135 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇷 213.142.156.145

🇮🇩 202.51.214.98

🇳🇱 193.176.31.219

🇸🇬 159.65.0.102

🇩🇪 130.12.181.105

🇧🇩 118.179.102.248

🇷🇴 80.94.92.184

🇺🇸 66.132.172.193

🇨🇳 58.211.39.86

🇰🇿 46.42.239.93

🇳🇱 45.148.10.147

🇺🇸 216.218.206.77

🇨🇳 120.48.75.127

🇳🇱 45.148.10.183

🇬🇧 217.146.80.123

🇬🇧 193.176.29.16

🇭🇰 152.32.226.205

🇰🇷 106.246.224.218

🇮🇳 103.168.240.122

🇮🇳 103.147.248.44