JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.39.64

104.207.39.64 was found in our database!

This IP was reported 138 times. Confidence of Abuse is 14%: ?

14%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.39.64

Whois 104.207.39.64

IP Abuse Reports for 104.207.39.64:

This IP address has been reported a total of 138 times from 14 distinct sources. 104.207.39.64 was first reported on June 11th 2024, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 LRob.fr	2026-06-09 03:30:36 (2 weeks ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2026-06-04 01:15:07 (3 weeks ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2026-05-15 12:17:52 (1 month ago)	IM360 WAF: Attempt to upload malware	Hacking
🇬🇧 PeravixGroup	2026-05-08 06:41:42 (1 month ago)	Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severit ... show more Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇬🇧 PeravixGroup	2026-05-07 04:44:59 (1 month ago)	Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severit ... show more Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
Anonymous	2026-03-08 05:14:45 (3 months ago)	Forum/form spam	Web Spam
🇪🇸 10dencehispahard SL	2026-01-23 07:30:50 (5 months ago)	Wordpress probing for vulnerabilities	Hacking Exploited Host
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:57 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
Anonymous	2025-12-22 18:55:41 (6 months ago)	Attempted brute force login to web vpn 126 time(s); last attempt for 2025.12.22 is noted in report t ... show more Attempted brute force login to web vpn 126 time(s); last attempt for 2025.12.22 is noted in report timestamp show less	Hacking Brute-Force
🇳🇱 homeshowdomain.nl	2025-11-25 22:59:20 (7 months ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2025-11-24. show less	Hacking Web App Attack SSH
🇺🇸 TPI-Abuse	2025-11-25 02:57:43 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.39.64 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.39.64 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 21:57:36.440188 2025] [security2:error] [pid 9614:tid 9614] [client 104.207.39.64:17227] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.whlr.net"] [uri "/.env"] [unique_id "aSUbIBvYMbpmrfTtA85bRwAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 02:06:31 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.39.64 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.39.64 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 21:06:25.836629 2025] [security2:error] [pid 320:tid 320] [client 104.207.39.64:40845] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cristalsupermercados.com"] [uri "/.env"] [unique_id "aSUPIdpQqUeSSiYRlxAcKQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 08:34:43 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.39.64 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.39.64 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 03:34:34.412653 2025] [security2:error] [pid 15480:tid 15480] [client 104.207.39.64:31663] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.krislajeskiedesign.com"] [uri "/.env"] [unique_id "aSQYmlvJmZlhNWvA3zrSQAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 07:04:55 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.39.64 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.39.64 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 02:04:35.884276 2025] [security2:error] [pid 27230:tid 27230] [client 104.207.39.64:36085] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.supaskills.com"] [uri "/.env"] [unique_id "aSQDg6jzK_j-AfeNpZ4gvwAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 05:20:29 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.39.64 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.39.64 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 00:20:21.292222 2025] [security2:error] [pid 14762:tid 14762] [client 104.207.39.64:20379] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.cvoguemag.com"] [uri "/.env"] [unique_id "aSPrFZvRwI4W23EXJeFHLAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 138 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2607:f8b0:4001:c0a::124

🇺🇸 195.184.76.99

🇲🇽 187.192.86.153

🇳🇱 178.16.53.108

🇺🇸 162.216.149.90

🇵🇭 136.158.61.99

🇺🇸 135.237.126.233

🇰🇷 125.244.114.221

🇯🇵 40.74.66.191

🇻🇳 27.74.194.127

🇦🇪 2406:da17:a1c:b100:34d:68b3:d393:8988

🇳🇱 195.178.110.217

🇧🇷 190.89.137.35

🇮🇳 183.83.229.81

🇬🇧 109.228.59.224

🇩🇪 85.215.192.100

🇺🇸 54.147.182.90

🇳🇱 45.148.10.151

🇵🇰 39.34.134.199

🇺🇸 195.184.76.212