JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.42.248

104.207.42.248 was found in our database!

This IP was reported 144 times. Confidence of Abuse is 28%: ?

28%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.42.248

Whois 104.207.42.248

IP Abuse Reports for 104.207.42.248:

This IP address has been reported a total of 144 times from 26 distinct sources. 104.207.42.248 was first reported on June 4th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 ELYAZ	2026-05-31 09:24:11 (1 week ago)	(y4) Failed scan -byebye- from 104.207.42.248 (US/United States/-): (CF_ENABLE)	Hacking
Anonymous	2026-05-30 19:25:52 (1 week ago)	[ssd5.kdns.gr] httpd-login-spray-site: sites=e-anastasiadis.gr; logs=/var/log/httpd/domains/e-anasta ... show more [ssd5.kdns.gr] httpd-login-spray-site: sites=e-anastasiadis.gr; logs=/var/log/httpd/domains/e-anastasiadis.gr.log; samples=site_wide=true \| distinct_ips=48 \| /wp-login.php show less	Hacking Web App Attack
🇫🇷 mrcrassi	2026-05-28 23:56:56 (2 weeks ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (POST meth ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (POST method) Endpoint: /wp-login.php UA: Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 lostswordfish.com	2026-05-27 12:34:03 (2 weeks ago)	Wordfence waf block on wp20190711M4	Web App Attack
Anonymous	2026-05-26 08:48:20 (2 weeks ago)	[server.tmg.gr] httpd-login-spray-site: sites=add2021.gr; logs=/var/log/httpd/domains/add2021.gr.log ... show more [server.tmg.gr] httpd-login-spray-site: sites=add2021.gr; logs=/var/log/httpd/domains/add2021.gr.log; samples=site_wide=true \| distinct_ips=64 \| /wp-login.php show less	Hacking Web App Attack
🇺🇸 nowyouknow	2026-05-04 05:44:51 (1 month ago)	(From [email protected]) Hi, Just a quick note Just opened up a free giveaway and made sure yo ... show more (From [email protected]) Hi, Just a quick note Just opened up a free giveaway and made sure you’re in. Join here before it fills up: https://suniljaindvg.systeme.io/6850adaf It takes 10 seconds. Hope you catch it, Sunil Cathcart (Sunil T Jain) P.S. Don’t leave it too late: https://suniljaindvg.systeme.io/6850adaf If you prefer not to receive any further messages from me, please submit the form on my site show less	Phishing Web Spam
🇺🇸 octageeks.com	2026-04-30 04:06:30 (1 month ago)	Wordpress malicious attack:[octaxmlrpc]	Web App Attack
🇩🇪 Lino Project	2026-03-20 06:09:43 (2 months ago)	104.207.42.248 - - [20/Mar/2026:07:09:35 +0100] "GET /wp-admin/post-new.php HTTP/1.1" 403 6555 "http ... show more 104.207.42.248 - - [20/Mar/2026:07:09:35 +0100] "GET /wp-admin/post-new.php HTTP/1.1" 403 6555 "https://www.primobio.it/mio-account/?action=register" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" 104.207.42.248 - - [20/Mar/2026:07:09:42 +0100] "GET /wp-admin/post-new.php HTTP/1.1" 403 6555 "https://www.primobio.it/mio-account/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" ... show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-12-25 13:38:50 (5 months ago)	wordpress-trap	Web App Attack
🇮🇹 VHosting	2025-12-23 18:55:22 (5 months ago)	Detected attack and reported by a human	DDoS Attack Brute-Force Bad Web Bot Exploited Host Web App Attack SSH
🇺🇸 TPI-Abuse	2025-12-08 03:41:37 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.42.248 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.42.248 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 22:41:32.779832 2025] [security2:error] [pid 2926:tid 2926] [client 104.207.42.248:48539] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "36sovereignchambers.com"] [uri "/.git/HEAD"] [unique_id "aTZI7GHVCbWnN5p3VP9UxwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2025-12-08 02:46:43 (6 months ago)	Blocking for trying to access an exploit file: /.env	Hacking
Anonymous	2025-12-07 20:39:26 (6 months ago)	"GET /.env HTTP/1.1"	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-12-07 19:47:28 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.42.248 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.42.248 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 14:47:21.858369 2025] [security2:error] [pid 15191:tid 15191] [client 104.207.42.248:44507] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mibfans.com"] [uri "/.env"] [unique_id "aTXZyfJ2Mn5Jnuao1vE2AgAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-07 12:43:30 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.42.248 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.42.248 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 07:43:23.608273 2025] [security2:error] [pid 10319:tid 10319] [client 104.207.42.248:52639] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "commonthreadsvt.org"] [uri "/.git/HEAD"] [unique_id "aTV2a1NvCkXyk4awsLnEdwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 144 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇺 185.147.26.126

🇩🇪 213.209.159.235

🇺🇸 195.210.125.157

🇺🇸 162.216.149.65

🇦🇹 85.192.42.149

🇺🇸 18.217.208.51

🇻🇳 14.185.124.187

🇲🇽 186.96.145.241

🇷🇺 178.204.4.12

🇨🇳 43.248.108.20

🇨🇭 209.99.189.177

🇺🇸 172.253.251.62

🇺🇸 172.86.114.38

🇺🇸 129.146.121.103

🇷🇺 85.30.212.23

🇫🇷 193.55.175.19

🇩🇪 69.5.169.40

🇺🇸 199.120.14.232

🇹🇭 171.100.67.250

🇺🇸 146.88.241.57