JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.48.133

104.207.48.133 was found in our database!

This IP was reported 127 times. Confidence of Abuse is 23%: ?

23%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.48.133

Whois 104.207.48.133

IP Abuse Reports for 104.207.48.133:

This IP address has been reported a total of 127 times from 15 distinct sources. 104.207.48.133 was first reported on June 11th 2024, and the most recent report was 13 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 FeG Deutschland	2026-06-17 14:02:52 (13 hours ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
Anonymous	2026-06-17 07:20:30 (20 hours ago)	Web attack blocked by Wordfence on kernoverlegsibbe-ijzeren.nl (1 hit). Reported by CRMON.	Web App Attack
🇫🇷 ELYAZ	2026-06-16 19:56:37 (1 day ago)	(y4) Failed scan -byebye- from 104.207.48.133 (BR/Brazil/-): (CF_ENABLE)	Hacking
🇺🇸 TPI-Abuse	2026-02-10 17:07:35 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.133 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.133 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 10 12:07:29.926074 2026] [security2:error] [pid 29170:tid 29170] [client 104.207.48.133:10881] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "anxo.org"] [uri "/admin/.git/config"] [unique_id "aYtl0cKBc1CtFNbmMEbYLAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-10 06:06:46 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.133 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.133 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 10 01:06:32.221130 2026] [security2:error] [pid 24564:tid 24564] [client 104.207.48.133:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail-pmg.com"] [uri "/backend/.env"] [unique_id "aYrK6GtCi8TaS5lt7SOeUgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 23:36:19 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.133 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.133 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 18:36:12.003870 2026] [security2:error] [pid 27308:tid 27308] [client 104.207.48.133:47273] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kelleysbridge.com"] [uri "/site/.git/config"] [unique_id "aYpvbEDMFzuUJDG-d6r16gAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 20:46:21 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.133 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.133 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 15:46:16.850442 2026] [security2:error] [pid 23258:tid 23309] [client 104.207.48.133:61479] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "honorac.com"] [uri "/dev/.git/config"] [unique_id "aYpHmPQWDMuJKw5btCryVQAAAZU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2026-02-09 20:15:50 (4 months ago)	Blocking for trying to access an exploit file: /backup/.git/config	Hacking
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:00:55 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-11-25 06:26:27 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.133 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.133 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 01:26:24.379467 2025] [security2:error] [pid 1817000:tid 1817022] [client 104.207.48.133:21073] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.foresthillseast.com"] [uri "/.git/HEAD"] [unique_id "aSVMEJiXM9qjzOaPIgRSswAAAUo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 00:35:03 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.133 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.133 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 19:34:54.863459 2025] [security2:error] [pid 14629:tid 14629] [client 104.207.48.133:55937] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.oogeothermal.com"] [uri "/.svn/wc.db"] [unique_id "aST5rpSVhWeVPvzfiT6CJQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 09:10:50 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.133 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.133 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:10:46.224076 2025] [security2:error] [pid 12725:tid 12725] [client 104.207.48.133:13097] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "billhoy.com"] [uri "/.env"] [unique_id "aSQhFt-0QKOHhFAE93z-RQAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-10-01 05:36:47 (8 months ago)	2025-10-01T07:36:43.946517 localhost.localdomain sshd[231683]: pam_unix(sshd:auth): authentication f ... show more 2025-10-01T07:36:43.946517 localhost.localdomain sshd[231683]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.48.133 2025-10-01T07:36:46.361380 localhost.localdomain sshd[231683]: Failed password for invalid user [email protected] from 104.207.48.133 port 25511 ssh2 ... show less	Brute-Force SSH
🇮🇹 Rosh	2025-09-29 01:36:37 (8 months ago)	[09/29/25 03:36:37] SSH: authentication failure	Brute-Force SSH
Anonymous	2025-04-07 11:07:07 (1 year ago)	Attempted brute force login to web vpn 1 time(s); last attempt for 2025.04.07 is noted in report tim ... show more Attempted brute force login to web vpn 1 time(s); last attempt for 2025.04.07 is noted in report timestamp show less	Hacking Brute-Force

Showing 1 to 15 of 127 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 172.238.171.10

🇺🇸 162.216.150.161

🇫🇷 46.105.132.35

🇮🇩 210.210.155.71

🇩🇪 194.88.98.86

🇺🇸 146.88.241.69

🇮🇳 110.172.147.190

🇺🇸 66.132.186.244

🇳🇱 45.142.193.18

🇧🇪 34.76.95.238

🇩🇪 2.27.62.69

🇭🇰 199.45.155.86

🇧🇪 198.235.24.223

🇺🇸 172.253.192.156

🇺🇸 170.89.82.135

🇮🇳 167.71.225.225

🇳🇱 154.86.119.221

🇵🇰 144.48.135.192

🇺🇿 84.54.72.28

🇳🇱 45.148.10.152