JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.38.148

104.207.38.148 was found in our database!

This IP was reported 128 times. Confidence of Abuse is 1%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.38.148

Whois 104.207.38.148

IP Abuse Reports for 104.207.38.148:

This IP address has been reported a total of 128 times from 16 distinct sources. 104.207.38.148 was first reported on June 11th 2024, and the most recent report was 4 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 4 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 librebit	2026-05-17 05:05:16 (4 weeks ago)	Brute force	Brute-Force
🇦🇺 RedBear IT	2026-03-26 10:00:37 (2 months ago)	"DDoS against public endpoint"	DDoS Attack
🇺🇸 TPI-Abuse	2026-02-18 00:47:57 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.148 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 17 19:47:50.738708 2026] [security2:error] [pid 23519:tid 23519] [client 104.207.38.148:61201] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "paulbihn.com"] [uri "/.env.production"] [unique_id "aZUMNmHdjwH0wT7UsISx7wAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:02:10 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇨🇭 backslash	2025-12-11 09:50:02 (6 months ago)		Web Spam
🇺🇸 nowyouknow	2025-12-04 12:25:52 (6 months ago)	(From [email protected]) Skyrocket your search engine rankings, improve your search visib ... show more (From [email protected]) Skyrocket your search engine rankings, improve your search visibility and gain powerful backlinks! BonusBacklinks.com - we build daily backlinks and drive website traffic to your page EVERY DAY: + Take 85% DISCOUNT + Strong daily seo backlinks + Real website visits + Prices as low as $1 + Bonus coupon codes Explore backlinks discounts - https://tiny.cc/BonusBacklinks-Discount Or view directly - https://BonusBacklinks.com BonusBacklinks - daily seo backlinks and website traffic to boost your site every day show less	Phishing Web Spam
🇺🇸 TPI-Abuse	2025-11-26 10:30:28 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.148 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 05:30:23.015846 2025] [security2:error] [pid 16934:tid 16972] [client 104.207.38.148:42027] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.desert-automotive.com"] [uri "/.svn/wc.db"] [unique_id "aSbWvxKESCEx-WKRVnuD4wAAAYg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 06:31:10 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.148 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 01:31:05.926980 2025] [security2:error] [pid 21411:tid 21411] [client 104.207.38.148:48461] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.industrialgraphicdesign.com"] [uri "/.svn/wc.db"] [unique_id "aSaeqSIMn8NApsvIZvAlSwAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 00:47:54 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.148 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 19:47:48.453714 2025] [security2:error] [pid 25529:tid 25529] [client 104.207.38.148:10755] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.microkerneltechnologies.com"] [uri "/.env"] [unique_id "aSZONEnrgIEsgQTcAE8QhAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 06:51:13 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.148 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 01:51:06.999186 2025] [security2:error] [pid 6757:tid 6757] [client 104.207.38.148:46395] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.dshgraphics.com"] [uri "/.git/HEAD"] [unique_id "aSQAWl3Q1ffqKmSPlqWXAwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 05:43:24 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.148 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 00:43:16.030575 2025] [security2:error] [pid 2234:tid 2234] [client 104.207.38.148:47461] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.huboon.com"] [uri "/.git/HEAD"] [unique_id "aSPwdHolvnX5uUGzirx0AgAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-23 20:14:43 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.148 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 15:14:33.592872 2025] [security2:error] [pid 9153:tid 9153] [client 104.207.38.148:30149] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.aguitas.com"] [uri "/.svn/wc.db"] [unique_id "aSNrKeFOqnVoqYPAFBaAfAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-14 12:14:17 (6 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
Anonymous	2025-10-18 01:18:14 (7 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
🇨🇦 wil.com	2025-10-16 18:26:43 (7 months ago)	GlobalProtect login attempts with user snwchristi.	VPN IP Brute-Force

Showing 1 to 15 of 128 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2607:f8b0:4023:100f::125

🇺🇸 147.185.132.239

🇨🇳 123.191.142.112

🇳🇱 89.248.163.200

🇺🇸 64.62.156.179

🇭🇰 45.249.244.136

🇺🇸 34.106.229.156

🇺🇸 2602:80d:1007::33

🇭🇰 218.103.120.150

🇲🇽 187.190.35.163

🇫🇮 147.185.133.76

🇺🇸 71.92.74.74

🇳🇱 45.148.10.183

🇺🇸 34.170.189.242

🇯🇵 34.97.2.92

🇮🇳 122.15.139.162

🇨🇳 120.48.175.122

🇷🇺 83.239.108.218

🇺🇸 78.138.53.75

🇺🇸 65.49.20.94