JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.37.128

104.207.37.128 was found in our database!

This IP was reported 142 times. Confidence of Abuse is 12%: ?

12%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.37.128

Whois 104.207.37.128

IP Abuse Reports for 104.207.37.128:

This IP address has been reported a total of 142 times from 21 distinct sources. 104.207.37.128 was first reported on June 5th 2024, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 Charlesiv	2026-05-12 18:02:16 (1 month ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK ASN: 200373 (3xK Tech GmbH) P ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK ASN: 200373 (3xK Tech GmbH) Protocol: HTTP/1.1 (GET method) Endpoint: /.svn/wc.db Timestamp: 2026-05-12T16:14:43Z Ray ID: 9faab7d08d21d6cf UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Safari/605.1.15 show less	Bad Web Bot
🇦🇺 2000cn.com.au	2026-05-12 14:36:05 (1 month ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
🇳🇱 i-turnradio.nl	2026-05-12 14:27:17 (1 month ago)	2026-05-12 @ 16:27:17 (CET) ~ Blocked for trying to access: /.svn/wc.db	Web App Attack
Anonymous	2026-02-06 21:26:31 (4 months ago)	Forum/form spam	Web Spam
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:55 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-11-25 06:13:31 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.37.128 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.37.128 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 01:13:22.300559 2025] [security2:error] [pid 14952:tid 14952] [client 104.207.37.128:51203] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jasonharveydesign.dianogah.com"] [uri "/.git/HEAD"] [unique_id "aSVJArxK2mr1rp09-J2qewAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 05:49:18 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.37.128 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.37.128 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 00:49:10.897849 2025] [security2:error] [pid 31461:tid 31461] [client 104.207.37.128:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.thectegroup.net"] [uri "/.env"] [unique_id "aSVDVnBrhwNcXEMJ5LNLmgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 03:36:55 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.37.128 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.37.128 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:36:49.216498 2025] [security2:error] [pid 20786:tid 20786] [client 104.207.37.128:59911] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.christmaspartynapkins.com"] [uri "/.env"] [unique_id "aSUkUcDy-aEs0k5PR8tboQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 02:08:52 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.37.128 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.37.128 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 21:08:45.713911 2025] [security2:error] [pid 15681:tid 15681] [client 104.207.37.128:38525] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.grainavi.com"] [uri "/.env"] [unique_id "aSUPrWIhn_XMY0ykSomC9gAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 01:39:16 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.37.128 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.37.128 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 20:39:06.893129 2025] [security2:error] [pid 1647077:tid 1647125] [client 104.207.37.128:60793] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.conservativedemocrat.com"] [uri "/.svn/wc.db"] [unique_id "aSUIutNHCagQpGvj6qO96QAAAlI"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 MM-bot	2025-11-25 01:17:28 (6 months ago)	URL-probe: HTTP/1.1 GET request on /.env (2025-11-25 02:17:28 UTC+1)	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 00:51:29 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.37.128 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.37.128 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 19:51:22.709257 2025] [security2:error] [pid 2866:tid 2866] [client 104.207.37.128:12335] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.annropp.perkjazz.com"] [uri "/.svn/wc.db"] [unique_id "aST9it6_mRAfZcTjEFG6bwAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 00:28:08 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.37.128 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.37.128 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 19:28:04.705521 2025] [security2:error] [pid 22361:tid 22361] [client 104.207.37.128:60951] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.joshi.us"] [uri "/.env"] [unique_id "aST4FOhtCT3k_yH7R6yx7AAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-14 17:22:34 (7 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
Anonymous	2025-10-30 15:08:20 (7 months ago)	WordPress Brute Force	Brute-Force

Showing 1 to 15 of 142 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 115.190.53.236

🇧🇷 43.164.197.97

🇳🇱 5.83.143.123

🇬🇧 193.163.125.103

🇭🇰 156.225.29.180

🇺🇸 147.185.132.216

🇨🇳 122.193.10.235

🇰🇷 118.34.164.157

🇫🇮 94.183.234.128

🇧🇬 78.128.112.6

🇰🇷 61.43.121.132

🇺🇸 54.81.51.193

🇨🇦 198.50.239.95

🇷🇴 193.32.162.204

🇧🇷 179.125.145.2

🇸🇬 172.253.84.215

🇻🇳 103.78.1.33

🇷🇴 92.118.39.62

🇧🇬 79.124.62.134

🇧🇬 79.124.62.126