JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.48.109

104.207.48.109 was found in our database!

This IP was reported 129 times. Confidence of Abuse is 17%: ?

17%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.48.109

Whois 104.207.48.109

IP Abuse Reports for 104.207.48.109:

This IP address has been reported a total of 129 times from 21 distinct sources. 104.207.48.109 was first reported on June 13th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 PeravixGroup	2026-06-10 23:10:32 (1 week ago)	Honeypot detection: Apache CouchDB unauthorized access / exploitation attempt on port 5984. Severity ... show more Honeypot detection: Apache CouchDB unauthorized access / exploitation attempt on port 5984. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇩🇪 raph	2026-06-07 20:47:25 (2 weeks ago)	[DOT FILES] crawler .env, .git, .config, etc.	Bad Web Bot Web App Attack
🇫🇮 inlink.ltd	2026-05-25 10:29:49 (3 weeks ago)	Known malicious PHP file or CMS probe	Web App Attack
🇬🇧 PeravixGroup	2026-05-07 11:02:49 (1 month ago)	Honeypot detection: Apache CouchDB unauthorized access / exploitation attempt on port 5984. Severity ... show more Honeypot detection: Apache CouchDB unauthorized access / exploitation attempt on port 5984. Severity: CRITICAL. Aaran.cloud show less	Hacking Exploited Host
🇬🇧 PeravixGroup	2026-05-06 13:37:59 (1 month ago)	Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severit ... show more Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇩🇪 FeG Deutschland	2026-04-19 20:02:13 (2 months ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇩🇪 bescared	2026-04-19 16:10:00 (2 months ago)	Malicious activity detected: URL probing.	Bad Web Bot Web App Attack Hacking
Anonymous	2026-04-19 05:23:13 (2 months ago)	[19/Apr/2026:08:23:12 +0300] 177657619239.403339 104.207.48.109 42787 148.251.76.218 443 [19/Apr/202 ... show more [19/Apr/2026:08:23:12 +0300] 177657619239.403339 104.207.48.109 42787 148.251.76.218 443 [19/Apr/2026:08:23:13 +0300] 17765761933.592771 104.207.48.109 28617 148.251.76.218 443 show less	Web App Attack
🇮🇹 [email protected]	2026-04-17 21:19:41 (2 months ago)	[Fri Apr 17 23:19:41.243230 2026] [authz_core:error] [pid 289056:tid 289118] [remote 104.207.48.109: ... show more [Fri Apr 17 23:19:41.243230 2026] [authz_core:error] [pid 289056:tid 289118] [remote 104.207.48.109:17229] AH01630: client denied by server configuration: /var/www/html/MyWeb/Wordpress_www/wp-login.php ... show less	Brute-Force Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:31 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-11-28 20:11:11 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.109 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.109 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 28 15:11:01.922909 2025] [security2:error] [pid 13467:tid 13467] [client 104.207.48.109:32999] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aares2026.net"] [uri "/.env.backup"] [unique_id "aSoB1e0DP3STS77m4k6TnAAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-28 19:11:34 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.109 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.109 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 28 14:11:27.341216 2025] [security2:error] [pid 3315424:tid 3315433] [client 104.207.48.109:37201] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aafim.org"] [uri "/.env"] [unique_id "aSnz39EPeXoM8C_lHxwS0AAAAYM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-28 11:48:46 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.109 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.109 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 28 06:48:42.973435 2025] [security2:error] [pid 32677:tid 32677] [client 104.207.48.109:26471] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "99newmexicans.com"] [uri "/.env.production"] [unique_id "aSmMGoYaWnXL7X2Pbs0rHQAAACY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-04-05 21:14:06 (1 year ago)	Attempted brute force login to web vpn 5 time(s); last attempt for 2025.04.05 is noted in report tim ... show more Attempted brute force login to web vpn 5 time(s); last attempt for 2025.04.05 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-04-04 22:15:44 (1 year ago)	Attempted brute force login to web vpn 5 time(s); last attempt for 2025.04.04 is noted in report tim ... show more Attempted brute force login to web vpn 5 time(s); last attempt for 2025.04.04 is noted in report timestamp show less	Hacking Brute-Force

Showing 1 to 15 of 129 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 211.253.10.61

🇬🇧 194.50.235.151

🇬🇧 193.32.209.243

🇷🇴 193.32.162.16

🇺🇸 162.216.150.148

🇷🇺 45.143.203.220

🇬🇧 31.14.254.111

🇨🇭 20.250.14.139

🇬🇧 5.226.140.66

🇳🇱 185.223.235.61

🇳🇱 176.65.139.66

🇫🇷 91.231.89.64

🇨🇭 91.90.122.9

🇧🇩 43.224.117.118

🇨🇳 39.97.110.217

🇨🇳 8.138.172.28

🇳🇱 192.42.116.48

🇧🇷 189.20.181.138

🇺🇸 161.153.121.253

🇺🇸 107.175.16.202