JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.38.118

104.207.38.118 was found in our database!

This IP was reported 131 times. Confidence of Abuse is 11%: ?

11%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.38.118

Whois 104.207.38.118

IP Abuse Reports for 104.207.38.118:

This IP address has been reported a total of 131 times from 22 distinct sources. 104.207.38.118 was first reported on June 6th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Sklurk	2026-06-20 02:07:08 (1 week ago)	Web App Attack	Web App Attack
🇩🇪 strxmpp	2026-06-15 01:01:50 (2 weeks ago)	104.207.38.118 - - [15/Jun/2026:03:01:47 +0200] "GET /wp-sitemap.xml HTTP/1.1" 302 5510 "-" "Mozilla ... show more 104.207.38.118 - - [15/Jun/2026:03:01:47 +0200] "GET /wp-sitemap.xml HTTP/1.1" 302 5510 "-" "Mozilla/5.0" ... show less	Bad Web Bot
🇦🇺 RedBear IT	2026-03-26 10:00:37 (3 months ago)	"DDoS against public endpoint"	DDoS Attack
🇺🇸 TPI-Abuse	2025-12-28 02:32:20 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.118 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.118 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 21:32:14.087089 2025] [security2:error] [pid 2878:tid 2878] [client 104.207.38.118:19741] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "canfieldnyc.com"] [uri "/.env"] [unique_id "aVCWrjg_K5roNpCTd-f8hwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-27 23:19:12 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.118 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.118 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 18:19:05.401364 2025] [security2:error] [pid 4906:tid 4906] [client 104.207.38.118:11069] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "haroturkiye.com"] [uri "/.svn/wc.db"] [unique_id "aVBpaZU3WhQFU0THS3qeSwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-27 21:16:04 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.118 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.118 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 16:15:55.603567 2025] [security2:error] [pid 16010:tid 16019] [client 104.207.38.118:30737] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arizonasolutionsgroup.com"] [uri "/.git/HEAD"] [unique_id "aVBMi91O7Na7SFTUCFtGcwAAAIU"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 2000cn.com.au	2025-12-27 19:02:17 (6 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-12-27 17:51:45 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.118 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.118 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 12:51:41.474922 2025] [security2:error] [pid 12364:tid 12364] [client 104.207.38.118:32709] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kbalan.com"] [uri "/.svn/wc.db"] [unique_id "aVAcrWPO87ghFU_PK_pi7gAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-27 17:00:12 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.118 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.118 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 12:00:06.849222 2025] [security2:error] [pid 3168:tid 3168] [client 104.207.38.118:23345] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dianedanielsmanning.com"] [uri "/.git/HEAD"] [unique_id "aVAQlqFytq1UFtrRZLCMQwAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-12-27 13:18:34 (6 months ago)	Fuzzing/Looking for credentials files.	Brute-Force Web App Attack
Anonymous	2025-11-14 16:41:04 (7 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
Anonymous	2025-11-01 22:09:13 (7 months ago)	[redacted] 104.207.38.118 - - [01/Nov/2025:23:09:01 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" " ... show more [redacted] 104.207.38.118 - - [01/Nov/2025:23:09:01 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0" [redacted] 104.207.38.118 - - [01/Nov/2025:23:09:03 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; T312461; .NET CLR 1.1.4322)" [redacted] 104.207.38.118 - - [01/Nov/2025:23:09:05 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Safari/604.1.38" [redacted] 104.207.38.118 - - [01/Nov/2025:23:09:06 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13" [redacted] 104.207.38.118 - - [01/Nov/2025:23:09:07 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Linux; U; Android 4.4.2; en-us; S ... show less	Hacking Web App Attack
🇫🇷 applemooz	2025-11-01 11:58:33 (7 months ago)	WordPress XMLRPC Brute Force Attacks ...	Brute-Force Web App Attack
Anonymous	2025-10-30 14:03:33 (7 months ago)	WordPress Brute Force	Brute-Force
Anonymous	2025-10-18 03:36:11 (8 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack

Showing 1 to 15 of 131 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇯🇵 203.25.124.233

🇩🇪 195.230.103.246

🇫🇮 147.185.133.14

🇺🇸 141.11.88.10

🇳🇱 91.92.40.47

🇺🇸 66.132.186.127

🇺🇸 66.132.172.183

🇺🇸 44.180.194.232

🇺🇸 34.24.89.220

🇺🇸 193.26.115.137

🇨🇳 106.75.227.248

🇮🇳 98.70.50.166

🇳🇱 91.92.40.202

🇳🇱 91.92.40.171

🇫🇷 85.217.140.22

🇺🇸 66.132.195.21

🇺🇸 66.132.172.242

🇺🇸 44.204.253.60

🇺🇸 157.230.8.30

🇺🇸 144.172.100.125