JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.39.147

104.207.39.147 was found in our database!

This IP was reported 143 times. Confidence of Abuse is 19%: ?

19%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.39.147

Whois 104.207.39.147

IP Abuse Reports for 104.207.39.147:

This IP address has been reported a total of 143 times from 16 distinct sources. 104.207.39.147 was first reported on June 21st 2024, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Sklurk	2026-06-23 04:05:49 (3 days ago)	Web App Attack	Web App Attack
🇺🇸 webgobe	2026-06-20 07:35:01 (5 days ago)	wew-Joomla User : try to access forms...	Hacking
🇫🇷 Sklurk	2026-06-19 16:47:38 (6 days ago)	Web App Attack	Web App Attack
🇫🇷 Sklurk	2026-06-17 04:42:42 (1 week ago)	Web App Attack	Web App Attack
🇲🇹 Malta	2026-05-16 22:19:42 (1 month ago)	104.207.39.147 - - [17/May/2026:00:19:42 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows ... show more 104.207.39.147 - - [17/May/2026:00:19:42 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" show less	Hacking Web App Attack VPN IP
🇮🇹 VHosting	2026-02-18 22:16:54 (4 months ago)	Detected attack and reported by a human	Brute-Force Web App Attack SSH DDoS Attack Exploited Host Bad Web Bot
Anonymous	2026-01-26 06:14:00 (4 months ago)	Forum/form spam	Web Spam
🇳🇱 homeshowdomain.nl	2026-01-02 23:01:50 (5 months ago)	Auto-ban: >3000 req/min op 2026-01-02	Hacking Web App Attack SSH
🇮🇹 VHosting	2025-12-23 22:20:16 (6 months ago)	Detected attack and reported by a human	DDoS Attack Brute-Force Bad Web Bot Exploited Host Web App Attack SSH
🇺🇸 TPI-Abuse	2025-11-27 22:53:22 (6 months ago)	(mod_security) mod_security (id:210740) triggered by 104.207.39.147 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210740) triggered by 104.207.39.147 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 27 17:53:19.325553 2025] [security2:error] [pid 712330:tid 712330] [client 104.207.39.147:56917] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy\|\|www.neff.family.name\|F\|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] [hostname "www.neff.family.name"] [uri "/default.asp"] [unique_id "aSjWX1gyhRlw-0VP8fdOwwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 09:29:07 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.39.147 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.39.147 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:28:58.871833 2025] [security2:error] [pid 11410:tid 11410] [client 104.207.39.147:22013] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.casadelsolmexico.net"] [uri "/.env"] [unique_id "aSQlWhRq09F1DORcroIAtwAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 05:42:41 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.39.147 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.39.147 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 00:42:32.057526 2025] [security2:error] [pid 29785:tid 29785] [client 104.207.39.147:15913] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.jamesrobertparish.com"] [uri "/.env"] [unique_id "aSPwSEgYx60bNc2r7DTgwgAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-14 00:29:03 (7 months ago)	(mod_security) mod_security (id:210350) triggered by 104.207.39.147 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210350) triggered by 104.207.39.147 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 19:28:26.629663 2025] [security2:error] [pid 16125:tid 16125] [client 104.207.39.147:16341] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.bosozuki.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.bosozuki.com"] [uri "/sitemap_index.xml.gz"] [unique_id "aRZ3qvhINpQlDnP0vMg2FgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 MAGIC	2025-11-13 01:40:17 (7 months ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇨🇦 wil.com	2025-10-28 23:09:06 (7 months ago)	GlobalProtect login attempts with user barrettconnell.	VPN IP Brute-Force

Showing 1 to 15 of 143 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇺 194.146.202.39

🇮🇳 183.83.132.165

🇺🇸 147.185.132.52

🇰🇷 121.131.220.155

🇸🇬 101.100.194.252

🇫🇷 91.238.181.92

🇫🇷 91.196.152.217

🇳🇱 91.92.42.195

🇹🇷 88.248.188.220

🇱🇻 87.110.46.119

🇳🇱 51.158.205.203

🇫🇷 51.75.123.96

🇳🇱 45.84.222.25

🇨🇳 14.103.55.226

🇺🇸 13.219.1.233

🇺🇸 2607:f8b0:4001:c58::127

🇰🇷 222.120.176.6

🇨🇳 221.0.10.223

🇳🇱 195.178.110.30

🇱🇹 194.165.16.167