JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.48.120

104.207.48.120 was found in our database!

This IP was reported 137 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.48.120

Whois 104.207.48.120

IP Abuse Reports for 104.207.48.120:

This IP address has been reported a total of 137 times from 18 distinct sources. 104.207.48.120 was first reported on June 5th 2024, and the most recent report was 3 months ago.

Old Reports: The most recent abuse report for this IP address is from 3 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 tilellit.pro	2026-02-22 10:53:28 (3 months ago)	Fail2Ban banned 104.207.48.120 for security violations in jail wp-armour. Log: 2026/02/22 10:53:27 [ ... show more Fail2Ban banned 104.207.48.120 for security violations in jail wp-armour. Log: 2026/02/22 10:53:27 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 104.207.48.120 \| Target: wplogin" , client: 104.207.48.120, server: [REDACTED], request: "POST /wp-login.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED], referrer: "https://comerciogallego.es/wp-login.php" ... show less	Web Spam
🇺🇸 TPI-Abuse	2025-12-02 22:32:08 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.120 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 17:32:05.579703 2025] [security2:error] [pid 9900:tid 9900] [client 104.207.48.120:35301] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "8two7.com"] [uri "/.git/HEAD"] [unique_id "aS9o5e6wmIRYFt9PMbyAkAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 05:59:05 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.120 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 00:59:02.306795 2025] [security2:error] [pid 29363:tid 29363] [client 104.207.48.120:11785] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hatefmusic.com"] [uri "/.git/HEAD"] [unique_id "aS6AJr4wipXV73vYELQGjAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 04:59:09 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.120 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 23:59:05.781416 2025] [security2:error] [pid 20996:tid 20996] [client 104.207.48.120:33325] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "willowriver3.com"] [uri "/.env"] [unique_id "aS5yGVcPaWDQpVOcI7acowAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 2000cn.com.au	2025-12-02 00:54:54 (6 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Hacking Web App Attack
🇷🇸 Smel	2025-11-27 00:37:01 (6 months ago)	HTTP/80/443/8080 Unauthorized Probe, Hack -	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 07:41:03 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.120 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 02:40:54.822337 2025] [security2:error] [pid 16409:tid 16409] [client 104.207.48.120:16581] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.duckysoup.com"] [uri "/.env"] [unique_id "aSVdhl2ObJ1XmIGs2JTKMAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 06:22:35 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.120 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 01:22:28.057730 2025] [security2:error] [pid 19036:tid 19036] [client 104.207.48.120:46235] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.churchbehindthewalls.com"] [uri "/.git/HEAD"] [unique_id "aSVLJFeQwdl3JAfwV0X6VwAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:30:51 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.120 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:30:39.773176 2025] [security2:error] [pid 28037:tid 28037] [client 104.207.48.120:49651] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.hendersonsign.com"] [uri "/.env"] [unique_id "aSUw7y8X8ZSox8npnmdQ2AAAAB8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 03:30:14 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.120 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:30:10.868598 2025] [security2:error] [pid 27727:tid 27732] [client 104.207.48.120:15683] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "calendar.giere.us"] [uri "/.svn/wc.db"] [unique_id "aSUiwveXMnwYTnmV60PiDAAAAMM"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-25 03:30:02 (6 months ago)	suspicious request in access.log	Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 02:36:31 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.120 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 21:36:21.797293 2025] [security2:error] [pid 682721:tid 682721] [client 104.207.48.120:30359] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.cedricwillems.be"] [uri "/.svn/wc.db"] [unique_id "aSUWJSub5QkyqBjKgjHMawAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 02:09:10 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.120 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 21:09:06.182124 2025] [security2:error] [pid 14313:tid 14313] [client 104.207.48.120:33087] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.macau-muaythai.com"] [uri "/.svn/wc.db"] [unique_id "aSUPwk8prpSzcGPN6Y1n0wAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 00:57:50 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.120 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 19:57:42.740353 2025] [security2:error] [pid 7197:tid 7197] [client 104.207.48.120:19983] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.canebrakes.com"] [uri "/.svn/wc.db"] [unique_id "aST_BuQzw7NiSvAkaMMHXAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-04-07 02:23:04 (1 year ago)	Attempted brute force login to web vpn 2 time(s); last attempt for 2025.04.07 is noted in report tim ... show more Attempted brute force login to web vpn 2 time(s); last attempt for 2025.04.07 is noted in report timestamp show less	Hacking Brute-Force

Showing 1 to 15 of 137 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.25.89.155

🇬🇧 193.163.125.237

🇩🇪 193.124.20.230

🇨🇳 183.6.72.120

🇷🇴 151.242.30.56

🇺🇸 147.185.132.242

🇨🇳 120.48.135.189

🇵🇭 115.147.8.223

🇧🇬 79.124.62.230

🇩🇪 69.5.169.254

🇷🇺 37.77.150.241

🇹🇷 31.223.79.2

🇧🇪 198.235.24.172

🇬🇧 193.163.125.225

🇨🇱 164.77.201.250

🇺🇸 156.232.13.161

🇮🇳 144.16.22.230

🇮🇳 139.59.30.229

🇺🇸 135.237.126.103

🇲🇦 102.103.62.34