JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.39.112

104.207.39.112 was found in our database!

This IP was reported 153 times. Confidence of Abuse is 14%: ?

14%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.39.112

Whois 104.207.39.112

IP Abuse Reports for 104.207.39.112:

This IP address has been reported a total of 153 times from 17 distinct sources. 104.207.39.112 was first reported on June 22nd 2024, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Sklurk	2026-06-20 04:46:38 (5 days ago)	Web App Attack	Web App Attack
🇪🇸 librebit	2026-06-16 07:48:00 (1 week ago)	Brute force	Brute-Force
Anonymous	2026-02-28 22:22:12 (3 months ago)	"GET /.env HTTP/1.1"	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 21:15:25 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.39.112 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.39.112 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 16:15:19.760577 2025] [security2:error] [pid 17496:tid 17496] [client 104.207.39.112:38753] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arkml.com"] [uri "/.env"] [unique_id "aS9W56BF_PsP2tFskqSNugAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 20:01:31 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.39.112 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.39.112 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 15:01:26.909317 2025] [security2:error] [pid 7568:tid 7568] [client 104.207.39.112:14501] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jesuspuzzle.com"] [uri "/.svn/wc.db"] [unique_id "aS9FlrAfwQxCwo6WBkuMhwAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 13:23:30 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.39.112 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.39.112 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 08:23:25.127960 2025] [security2:error] [pid 8175:tid 8196] [client 104.207.39.112:16125] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pilargarciamanzanares.com"] [uri "/.svn/wc.db"] [unique_id "aS7oTfp-bcW5Y2schDrEOgAAARI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 04:38:46 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.39.112 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.39.112 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 23:38:38.823575 2025] [security2:error] [pid 32517:tid 32517] [client 104.207.39.112:46113] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "computerservicesofflorida.com"] [uri "/.svn/wc.db"] [unique_id "aS5tTg6QEINZ5ox6tH0gQgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:45:05 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.39.112 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.39.112 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:44:55.209254 2025] [security2:error] [pid 12120:tid 12120] [client 104.207.39.112:37487] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.walterjhoodco.com"] [uri "/.git/HEAD"] [unique_id "aSU0R83Ut1r14AUVPho5wQAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:16:16 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.39.112 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.39.112 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:16:07.022310 2025] [security2:error] [pid 9236:tid 9236] [client 104.207.39.112:40675] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.jcsforwarding.com"] [uri "/.git/HEAD"] [unique_id "aSUth3FCr0U6dLvYZrqphgAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2025-11-25 03:42:24 (7 months ago)	Attempted access to sensitive endpoint (/.env) detected. Automated scan or unauthorized probing.	Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 02:23:32 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.39.112 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.39.112 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 21:23:26.153656 2025] [security2:error] [pid 7607:tid 7607] [client 104.207.39.112:52665] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.sbeii.com"] [uri "/.svn/wc.db"] [unique_id "aSUTHuUzEJO9N3gcF617JgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 01:21:50 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.39.112 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.39.112 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 20:21:43.108396 2025] [security2:error] [pid 604662:tid 604662] [client 104.207.39.112:32243] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.netguard.us"] [uri "/.git/HEAD"] [unique_id "aSUEp6-GSQJ6BIsEakNV0QAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-14 00:30:54 (7 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
Anonymous	2025-11-09 15:47:48 (7 months ago)	botnet	DDoS Attack
Anonymous	2025-11-07 07:35:37 (7 months ago)	[redacted] 104.207.39.112 - - [07/Nov/2025:08:35:22 +0100] "POST /xmlrpc.php HTTP/2.0" 200 448 "-" " ... show more [redacted] 104.207.39.112 - - [07/Nov/2025:08:35:22 +0100] "POST /xmlrpc.php HTTP/2.0" 200 448 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.7" [redacted] 104.207.39.112 - - [07/Nov/2025:08:35:23 +0100] "POST /xmlrpc.php HTTP/2.0" 200 448 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.99 Safari/533.4" [redacted] 104.207.39.112 - - [07/Nov/2025:08:35:25 +0100] "POST /xmlrpc.php HTTP/2.0" 200 448 "-" "Mozilla/5.0 (Linux; Android 7.0; Moto C Build/NRD90M.059) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36" [redacted] 104.207.39.112 - - [07/Nov/2025:08:35:26 +0100] "POST /xmlrpc.php HTTP/2.0" 200 448 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)" [redacted] 104.207.39.112 - - [07/Nov/2025:08:35:28 +0100] "POST /xmlrpc.php HTTP/2.0" 200 448 "-" " ... show less	Hacking Web App Attack

Showing 1 to 15 of 153 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 181.232.222.58

🇸🇪 122.8.94.199

🇺🇸 107.173.146.37

🇱🇹 45.227.254.170

🇺🇸 45.148.233.17

🇺🇸 44.73.95.215

🇹🇼 35.221.194.187

🇬🇧 35.203.210.110

🇫🇷 13.140.137.189

🇸🇬 178.128.84.112

🇨🇳 119.53.253.2

🇳🇱 45.8.17.46

🇺🇸 44.195.174.103

🇸🇬 35.186.147.139

🇯🇴 176.29.248.162

🇺🇸 162.216.149.194

🇧🇷 148.227.90.85

🇭🇰 103.149.26.230

🇺🇸 100.29.192.89

🇧🇬 79.124.62.134