JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.38.73

104.207.38.73 was found in our database!

This IP was reported 125 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.38.73

Whois 104.207.38.73

IP Abuse Reports for 104.207.38.73:

This IP address has been reported a total of 125 times from 15 distinct sources. 104.207.38.73 was first reported on June 4th 2024, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 PeravixGroup	2026-05-17 06:39:09 (1 month ago)	Honeypot detection: Docker daemon unauthorized access / container escape attempt on port 2375. Sever ... show more Honeypot detection: Docker daemon unauthorized access / container escape attempt on port 2375. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇬🇧 PeravixGroup	2026-05-08 06:45:10 (1 month ago)	Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severit ... show more Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇬🇧 Shadymint	2026-01-04 10:06:12 (5 months ago)	url probing	Web App Attack
🇮🇹 VHosting	2025-12-24 05:55:34 (5 months ago)	Detected attack and reported by a human	DDoS Attack Brute-Force Bad Web Bot Exploited Host Web App Attack SSH
🇺🇸 TPI-Abuse	2025-12-02 07:06:47 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.73 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.73 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 02:06:39.824541 2025] [security2:error] [pid 20883:tid 20883] [client 104.207.38.73:31757] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lipingdata.com"] [uri "/.svn/wc.db"] [unique_id "aS6P_1mZQzRIRb4i8GpeUgAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 10:19:40 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.73 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.73 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 05:19:37.014702 2025] [security2:error] [pid 3738190:tid 3738264] [client 104.207.38.73:37859] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.iancaird.com"] [uri "/.git/HEAD"] [unique_id "aSbUOdynXzP7IZS7N5_PFQAAANc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 07:20:50 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.73 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.73 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 02:20:44.199022 2025] [security2:error] [pid 2522255:tid 2522255] [client 104.207.38.73:36077] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.tjwus.com"] [uri "/.git/HEAD"] [unique_id "aSaqTGrfuN-crFRnI0etfgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 05:58:51 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.73 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.73 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 00:58:44.336105 2025] [security2:error] [pid 4096:tid 4096] [client 104.207.38.73:50371] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.madisonflyers.com"] [uri "/.svn/wc.db"] [unique_id "aSaXFD8LxSKLn-2Pl-Su9wAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 05:29:27 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.73 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.73 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 00:29:20.339555 2025] [security2:error] [pid 3490:tid 3490] [client 104.207.38.73:48603] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.naghmehfarahmand.com"] [uri "/.svn/wc.db"] [unique_id "aSaQMFiS7X4iv2EUFNj1swAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2025-11-25 22:59:08 (6 months ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2025-11-24. show less	Hacking Web App Attack SSH
🇺🇸 TPI-Abuse	2025-11-24 09:55:24 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.73 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.73 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:55:17.508186 2025] [security2:error] [pid 14746:tid 14746] [client 104.207.38.73:32889] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.weirdlovemakers.com"] [uri "/.svn/wc.db"] [unique_id "aSQrhaJhMBp1RxlagB42lgAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 00:47:09 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.73 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.73 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 19:46:42.131078 2025] [security2:error] [pid 30773:tid 30773] [client 104.207.38.73:27773] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.budbearfamily.com"] [uri "/.git/HEAD"] [unique_id "aSOq8nrbdmiURnAuDpJw6wAAADU"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 EGP Abuse Dept	2025-10-25 13:48:52 (7 months ago)	Unauthorized connection to SSH port 22	Port Scan Hacking SSH
Anonymous	2025-10-23 14:43:35 (7 months ago)	2025-10-23T16:43:33.184660 localhost.localdomain sshd[855681]: pam_unix(sshd:auth): authentication f ... show more 2025-10-23T16:43:33.184660 localhost.localdomain sshd[855681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.38.73 2025-10-23T16:43:35.241870 localhost.localdomain sshd[855681]: Failed password for invalid user maxousala9 from 104.207.38.73 port 22543 ssh2 ... show less	Brute-Force SSH
🇩🇪 ps-center	2025-10-23 11:01:55 (7 months ago)	SS1-W: TCP-Scanner. Port: 22	Port Scan

Showing 1 to 15 of 125 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇷 212.252.119.105

🇹🇬 156.38.73.89

🇩🇪 148.153.166.214

🇳🇱 107.189.27.179

🇺🇸 66.132.186.219

🇺🇸 34.121.245.173

🇩🇪 217.160.11.17

🇹🇭 180.180.120.123

🇹🇼 165.154.227.158

🇺🇸 159.223.151.156

🇰🇷 158.247.200.150

🇩🇪 152.53.187.237

🇨🇳 121.40.150.190

🇺🇸 65.49.1.134

🇳🇱 45.153.34.87

🇬🇧 35.203.211.191

🇨🇳 223.85.251.55

🇳🇱 192.253.248.169

🇬🇧 185.247.137.247

🇷🇴 92.118.39.232