JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.38.225

104.207.38.225 was found in our database!

This IP was reported 157 times. Confidence of Abuse is 13%: ?

13%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.38.225

Whois 104.207.38.225

IP Abuse Reports for 104.207.38.225:

This IP address has been reported a total of 157 times from 24 distinct sources. 104.207.38.225 was first reported on June 5th 2024, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Sklurk	2026-06-20 00:10:10 (2 days ago)	Web App Attack	Web App Attack
🇧🇪 Saec	2026-06-15 19:30:05 (1 week ago)	Jarvis auto-ban: CF honeypot path /wp-login.php (2× on saec.me)	Port Scan Web App Attack
🇦🇺 RedBear IT	2026-03-26 10:00:37 (2 months ago)	"DDoS against public endpoint"	DDoS Attack
🇫🇷 dynamix	2026-02-13 13:40:25 (4 months ago)	Multiple WAF Violations	Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 13:08:12 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.225 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.225 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 13 08:08:05.368703 2026] [security2:error] [pid 3206:tid 3206] [client 104.207.38.225:46509] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mikeberro.com"] [uri "/admin/.env"] [unique_id "aY8iNQmK3WFyoptErY8GNgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-02-13 13:05:28 (4 months ago)	Scanning/Probing (24)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 09:16:44 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.225 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.225 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 13 04:16:38.228015 2026] [security2:error] [pid 16075:tid 16075] [client 104.207.38.225:18459] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mexicanfriedicecreammix.com"] [uri "/test/.git/config"] [unique_id "aY7r9rR57m9yO-MLI4G1WQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 07:59:41 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.225 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.225 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 13 02:59:36.354346 2026] [security2:error] [pid 14231:tid 14231] [client 104.207.38.225:23409] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "melsjukeboxes.com"] [uri "/.env.production"] [unique_id "aY7Z6LeOrEBAkAtCqaiyBQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 0x44	2026-02-13 07:13:06 (4 months ago)	104.207.38.225 [13/Feb/2026] * Spam host detected, probing for vulnerabilities	Web Spam Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 06:06:11 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.225 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.225 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 13 01:06:05.834285 2026] [security2:error] [pid 23335:tid 23335] [client 104.207.38.225:52339] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mcbrearty.org"] [uri "/.env.staging"] [unique_id "aY6_TbBvi8sKPM-edlRE4AAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇺 DZBOT	2026-02-13 05:15:23 (4 months ago)	Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 03:43:57 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.225 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.225 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 22:43:51.838200 2026] [security2:error] [pid 18019:tid 18019] [client 104.207.38.225:49675] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "marisa-mcphee.com"] [uri "/.env"] [unique_id "aY6d97LVaJjvKMzKegtGGwAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ps-center	2026-02-13 02:02:28 (4 months ago)	SS1: Web Attack GET /admin/.env	Web Spam Hacking Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-12 20:16:03 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.225 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.225 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 15:15:58.768905 2026] [security2:error] [pid 19974:tid 19974] [client 104.207.38.225:29905] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ilovecoffeegroup.com"] [uri "/.git/config"] [unique_id "aY40_n5SDBieu5yju-jZ3wAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-12 19:46:32 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.225 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.225 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 14:46:26.193887 2026] [security2:error] [pid 20595:tid 20595] [client 104.207.38.225:59455] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "howwegothere.info"] [uri "/.git/config"] [unique_id "aY4uEgyBn5DtBPdEWQQyPQAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 157 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 74.87.117.149

🇸🇦 193.122.70.111

🇻🇳 163.223.13.54

🇺🇸 138.0.240.45

🇰🇷 125.142.37.91

🇧🇪 34.62.44.2

🇧🇷 209.14.85.116

🇺🇸 172.212.174.123

🇺🇸 147.185.132.63

🇨🇳 117.50.138.166

🇨🇳 39.171.144.110

🇭🇰 223.197.178.95

🇫🇮 193.148.56.79

🇮🇶 176.222.60.136

🇳🇱 176.65.139.254

🇺🇸 165.22.141.4

🇪🇸 158.158.104.28

🇨🇳 58.34.237.18

🇺🇸 44.250.152.36

🇺🇸 20.190.135.5