JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.48.139

104.207.48.139 was found in our database!

This IP was reported 150 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.48.139

Whois 104.207.48.139

IP Abuse Reports for 104.207.48.139:

This IP address has been reported a total of 150 times from 22 distinct sources. 104.207.48.139 was first reported on June 29th 2024, and the most recent report was 2 months ago.

Old Reports: The most recent abuse report for this IP address is from 2 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 findlab	2026-04-09 16:00:09 (2 months ago)	Backdrop CMS module - malicious activity detected	Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-02-15 12:49:45 (3 months ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 myagent.site	2026-02-15 12:38:43 (3 months ago)	Blocking for trying to access an exploit file: /site/.git/config	Hacking
🇳🇱 BlueWire Hosting	2026-02-15 12:17:48 (3 months ago)	Probing websites for vulnerabilities	Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 12:03:49 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.139 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 07:03:46.005965 2026] [security2:error] [pid 31169:tid 31169] [client 104.207.48.139:30441] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tigerallenyim.com"] [uri "/.env.staging"] [unique_id "aZG2Ir7a0_qRfNBHdHYwZQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 masterguru	2026-02-15 12:02:46 (3 months ago)	Restricted File Access Attempt. Matched phrase "/.env" at REQUEST_FILENAME. (930130-122)	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 11:42:44 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.139 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 06:42:39.168841 2026] [security2:error] [pid 533049:tid 533077] [client 104.207.48.139:51357] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thompsonhypnotherapy.com"] [uri "/.env.production"] [unique_id "aZGxL9b1zu3U8m5370ObFAAAARU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-02-15 06:07:21 (3 months ago)	Scanning/Probing (23)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 05:35:23 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.139 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 00:35:16.907336 2026] [security2:error] [pid 17753:tid 17753] [client 104.207.48.139:32287] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "susansambou.org"] [uri "/api/.git/config"] [unique_id "aZFbFMhzwKClJCJd7PAMKwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-02-15 04:31:13 (3 months ago)	Failed login attempt detected by Fail2Ban in plesk-modsecurity jail	Exploited Host
🇷🇴 INTEQ	2026-02-15 02:32:19 (3 months ago)	Web attack from 104.207.48.139	Web App Attack
🇨🇭 Origon	2026-02-15 01:38:54 (3 months ago)	http-sensitive-files - IP: 104.207.48.139 - time="2026-02-15T02:38:54+01:00" level=info msg="(555f6 ... show more http-sensitive-files - IP: 104.207.48.139 - time="2026-02-15T02:38:54+01:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-sensitive-files by ip 104.207.48.139 (BR/200373) : 4h ban on Ip 104.207.48.139" module=db show less	Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 00:46:33 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.139 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 19:46:30.037588 2026] [security2:error] [pid 22547:tid 22547] [client 104.207.48.139:47353] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mplsmedia.com"] [uri "/.env.local"] [unique_id "aZEXZtfzJ41sOXcTkVLe-AAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-14 23:20:43 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.139 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 18:20:37.439125 2026] [security2:error] [pid 17392:tid 17411] [client 104.207.48.139:42097] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "livingalegacybulldogges.com"] [uri "/config/.env"] [unique_id "aZEDRTIyJsQfjBl0rcjraQAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-14 22:54:48 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.139 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 17:54:42.936098 2026] [security2:error] [pid 25833:tid 25833] [client 104.207.48.139:23459] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "morrofleece.com"] [uri "/wp/.git/config"] [unique_id "aZD9MptypPxoeI2inQMpJAAAABo"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 150 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇪 198.235.24.227

🇷🇴 193.32.162.16

🇮🇳 125.20.233.102

🇺🇸 47.252.118.185

🇧🇷 45.205.1.240

🇬🇧 35.203.211.214

🇳🇱 195.178.110.30

🇧🇷 186.251.71.202

🇵🇰 103.173.7.164

🇫🇷 85.217.140.37

🇩🇪 69.5.169.125

🇹🇼 60.199.224.2

🇳🇱 45.156.128.64

🇻🇪 38.17.131.87

🇦🇹 37.252.189.216

🇬🇧 35.246.65.247

🇨🇳 223.159.80.91

🇵🇰 202.63.211.199

🇲🇽 186.96.145.241

🇻🇪 181.233.91.98