JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.48.17

104.207.48.17 was found in our database!

This IP was reported 75 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.48.17

Whois 104.207.48.17

IP Abuse Reports for 104.207.48.17:

This IP address has been reported a total of 75 times from 17 distinct sources. 104.207.48.17 was first reported on June 28th 2024, and the most recent report was 2 months ago.

Old Reports: The most recent abuse report for this IP address is from 2 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇪 voormedia	2026-03-05 16:09:56 (2 months ago)	Accessed trap at '/.env'	Web App Attack
🇦🇺 MAGIC	2025-12-07 00:05:38 (5 months ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇪🇪 Unwasted	2025-12-05 01:52:51 (6 months ago)	Odoo contact form spam	Web Spam Blog Spam
🇱🇻 garmtech.com	2025-12-04 18:43:45 (6 months ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 20-43.104.207.48.17.web-spamme ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 20-43.104.207.48.17.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 03:53:42 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.17 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.17 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:53:34.043503 2025] [security2:error] [pid 30516:tid 30516] [client 104.207.48.17:32735] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.bartholow.net"] [uri "/.git/HEAD"] [unique_id "aSUoPrSWOQvYHJh900lLEgAAACA"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2025-11-24 16:34:14 (6 months ago)	Attempted access to sensitive endpoint (/.svn/wc.db) detected. Automated scan or unauthorized probin ... show more Attempted access to sensitive endpoint (/.svn/wc.db) detected. Automated scan or unauthorized probing. show less	Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 09:30:36 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.17 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.17 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:30:21.169077 2025] [security2:error] [pid 22057:tid 22057] [client 104.207.48.17:40261] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.joelsarakula.com"] [uri "/.svn/wc.db"] [unique_id "aSQlrQESRqnKXmTCxjFIXAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-23 13:48:29 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.17 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.17 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 08:48:25.117676 2025] [security2:error] [pid 30809:tid 30809] [client 104.207.48.17:43641] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.barigby.com"] [uri "/.env"] [unique_id "aSMQqS4Gw6_RgeNcVlut3gAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-10 15:30:14 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.17 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.17 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 10 10:30:04.682158 2025] [security2:error] [pid 29686:tid 29686] [client 104.207.48.17:59593] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.luxievintage.com"] [uri "/config.php%7C/.env%7Csettings.py"] [unique_id "aRIE_Pbt5bDjmtTAEzBQwwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-08 14:14:46 (6 months ago)	(mod_security) mod_security (id:225170) triggered by 104.207.48.17 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 104.207.48.17 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 08 09:14:42.147830 2025] [security2:error] [pid 4957:tid 4957] [client 104.207.48.17:18811] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|admin.turedinmobiliaria.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "admin.turedinmobiliaria.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aQ9QUtuK_l4d7iav-nyPHQAAAAU"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 as211431.net	2025-10-19 08:37:01 (7 months ago)	Triggered Cloudflare WAF (firewallCustom) from CA. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from CA. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: / UA: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:114.0) Gecko/20100101 Firefox/114.0 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇬🇧 Steve	2025-10-19 04:25:02 (7 months ago)	SSH invalid-user multiple login attempts	Brute-Force SSH
🇪🇸 10dencehispahard SL	2025-10-13 05:18:13 (7 months ago)	WP probing for vulnerabilities	Hacking Exploited Host
Anonymous	2025-10-11 05:34:18 (7 months ago)	Attempted brute force login to web vpn 72 time(s); last attempt for 2025.10.11 is noted in report ti ... show more Attempted brute force login to web vpn 72 time(s); last attempt for 2025.10.11 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-10-10 23:05:07 (7 months ago)	Attempted brute force login to web vpn 144 time(s); last attempt for 2025.10.10 is noted in report t ... show more Attempted brute force login to web vpn 144 time(s); last attempt for 2025.10.10 is noted in report timestamp show less	Hacking Brute-Force

Showing 1 to 15 of 75 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 205.210.31.135

🇨🇳 114.98.230.202

🇵🇰 103.26.82.244

🇧🇪 34.77.67.35

🇺🇸 20.168.7.215

🇩🇪 207.154.200.245

🇷🇺 176.211.17.187

🇨🇳 112.86.225.140

🇮🇳 103.174.34.49

🇨🇳 101.126.88.251

🇺🇸 98.90.43.197

🇵🇱 81.161.202.18

🇷🇺 77.41.156.64

🇹🇼 61.222.211.114

🇳🇱 45.148.10.157

🇷🇺 37.77.150.67

🇧🇪 34.62.201.49

🇧🇷 201.17.133.138

🇧🇴 181.188.172.6

🇺🇾 167.61.247.188