JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.38.76

104.207.38.76 was found in our database!

This IP was reported 153 times. Confidence of Abuse is 30%: ?

30%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.38.76

Whois 104.207.38.76

IP Abuse Reports for 104.207.38.76:

This IP address has been reported a total of 153 times from 25 distinct sources. 104.207.38.76 was first reported on June 4th 2024, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 ELYAZ	2026-06-01 15:14:29 (4 days ago)	(y4) Failed scan -byebye- from 104.207.38.76 (US/United States/-): (CF_ENABLE)	Hacking
🇺🇸 lostswordfish.com	2026-05-31 12:32:04 (5 days ago)	Wordfence waf block on fypeducation	Web App Attack
🇫🇷 ELYAZ	2026-05-31 07:41:35 (5 days ago)	(y4) Failed scan -byebye- from 104.207.38.76 (US/United States/-): (CF_ENABLE)	Hacking
Anonymous	2026-05-30 09:19:23 (6 days ago)	Web attack blocked by Wordfence on vestingstadvalkenburg.nl (1 hit). Reported by CRMON.	Web App Attack
Anonymous	2026-05-29 01:58:52 (1 week ago)	[ssd5.kdns.gr] httpd-login-spray-site: sites=hparxo.gr; logs=/var/log/httpd/domains/hparxo.gr.log; s ... show more [ssd5.kdns.gr] httpd-login-spray-site: sites=hparxo.gr; logs=/var/log/httpd/domains/hparxo.gr.log; samples=site_wide=true \| distinct_ips=13 \| /wp-login.php show less	Hacking Web App Attack
🇫🇮 inlink.ltd	2026-05-19 22:31:01 (2 weeks ago)	Known malicious PHP file or CMS probe	Web App Attack
🇺🇸 TPI-Abuse	2026-03-12 18:53:29 (2 months ago)	(mod_security) mod_security (id:210831) triggered by 104.207.38.76 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 104.207.38.76 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 12 14:53:25.193779 2026] [security2:error] [pid 30136:tid 30136] [client 104.207.38.76:64459] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|backstore.com\|F\|4"] [data "a href="] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "backstore.com"] [uri "/webalizer/"] [unique_id "abMLpTu1UfnL_NDwbKl0gwAAAAU"], referer: http://backstore.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 VHosting	2026-02-18 22:11:37 (3 months ago)	Detected attack and reported by a human	Brute-Force Web App Attack SSH DDoS Attack Exploited Host Bad Web Bot
🇺🇸 TPI-Abuse	2025-12-08 16:01:55 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.76 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.76 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 08 11:01:50.779541 2025] [security2:error] [pid 10179:tid 10203] [client 104.207.38.76:58635] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "learndoexplore.com"] [uri "/.env"] [unique_id "aTb2bmlIMH-6r-Ly853T8AAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-07 14:21:17 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.76 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.76 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 09:21:10.057294 2025] [security2:error] [pid 11703:tid 11703] [client 104.207.38.76:14835] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "njletr.org"] [uri "/.env"] [unique_id "aTWNVgY2J0_LtXxAEeT_jgAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 jjnxpct	2025-12-07 04:54:30 (5 months ago)	Automated security incident from hosting server. ModSecurity blocked suspicious request targeting UR ... show more Automated security incident from hosting server. ModSecurity blocked suspicious request targeting URI: /.git/HEAD (Rule ID: 930130) - Restricted File Access Attempt [Suspicious: .git/ found within REQUEST_FILENAME: /.git/HEAD] show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-12-06 17:27:06 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.76 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.76 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 06 12:26:59.588738 2025] [security2:error] [pid 25031:tid 25031] [client 104.207.38.76:14763] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "curts.net"] [uri "/.env"] [unique_id "aTRnY4A57-voT_vh1xuuHgAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-06 11:35:52 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.76 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.76 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 06 06:35:48.001555 2025] [security2:error] [pid 1343:tid 1343] [client 104.207.38.76:14275] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whaleyhouse.net"] [uri "/.env"] [unique_id "aTQVFPyv28KGoe5IQfpfAgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-06 03:36:50 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.38.76 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.38.76 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 22:36:44.651579 2025] [security2:error] [pid 12878:tid 12878] [client 104.207.38.76:33227] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sangalgano.info"] [uri "/.git/HEAD"] [unique_id "aTOkzHaWi_FnHs4sCyigRQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 conseilgouz	2025-12-05 23:33:56 (5 months ago)	ave-17 : Block hidden directories=>/.env(/)	Hacking

Showing 1 to 15 of 153 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.25.89.114

🇫🇷 185.202.223.202

🇺🇸 54.90.8.255

🇦🇷 186.64.95.43

🇳🇱 185.226.197.49

🇮🇳 182.78.108.126

🇫🇮 147.185.133.173

🇺🇸 147.53.127.125

🇺🇸 91.246.176.7

🇭🇰 45.196.236.141

🇩🇪 2a09:bac5:2a95:2464::3a0:64

🇯🇵 212.32.76.56

🇧🇷 205.210.31.229

🇯🇵 203.25.124.183

🇧🇷 200.192.151.227

🇰🇷 183.104.220.84

🇮🇩 182.8.182.229

🇰🇷 119.205.179.217

🇳🇱 64.89.162.139

🇬🇧 35.203.210.85