JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.48.230

104.207.48.230 was found in our database!

This IP was reported 119 times. Confidence of Abuse is 1%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.48.230

Whois 104.207.48.230

IP Abuse Reports for 104.207.48.230:

This IP address has been reported a total of 119 times from 11 distinct sources. 104.207.48.230 was first reported on June 11th 2024, and the most recent report was 4 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 4 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 big-cloud.nl	2026-05-06 16:22:37 (4 weeks ago)	Try to access /.aws/credentials	Web App Attack
🇩🇪 kranem	2026-02-25 06:02:04 (3 months ago)	Triggered Cloudflare WAF from CA. Action taken: BLOCK ASN: 200373 (DREI-K-TECH-GMBH) Protocol: HTTP/ ... show more Triggered Cloudflare WAF from CA. Action taken: BLOCK ASN: 200373 (DREI-K-TECH-GMBH) Protocol: HTTP/2 (GET method) Endpoint: /auth/login Timestamp: 2026-02-25T04:53:31Z User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 13_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15 show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-02-19 03:56:19 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.230 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 22:56:16.622463 2026] [security2:error] [pid 23473:tid 23473] [client 104.207.48.230:54289] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kinnen.org"] [uri "/dev/.git/config"] [unique_id "aZaJ4Es0uZi7qMa8-WZz5AAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-19 02:59:52 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.230 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 21:59:42.808893 2026] [security2:error] [pid 18710:tid 18710] [client 104.207.48.230:38767] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kengarysp.com"] [uri "/app/.env"] [unique_id "aZZ8ntBPnhOsm38ND1bPuwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Mr-Money	2026-02-18 23:19:44 (3 months ago)	scenario: crowdsecurity/http-sensitive-files - events: 5	Web App Attack Hacking
🇺🇸 TPI-Abuse	2026-02-18 19:09:20 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.230 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 14:09:12.504057 2026] [security2:error] [pid 23526:tid 23526] [client 104.207.48.230:17613] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "timlandry.com"] [uri "/.git/config"] [unique_id "aZYOWKMFkX1rw8YbLD0kqAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 18:42:36 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.230 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 13:42:25.011876 2026] [security2:error] [pid 10696:tid 10696] [client 104.207.48.230:40017] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thirtyonebycartio.com"] [uri "/.env.staging"] [unique_id "aZYIEYSOkCmxxrjY8Uff-gAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2026-02-18 17:22:14 (3 months ago)	Blocking for trying to access an exploit file: /.env.production	Hacking
🇪🇸 10dencehispahard SL	2025-12-29 11:01:24 (5 months ago)	Wordpress probing for vulnerabilities	Hacking Exploited Host
🇺🇸 TPI-Abuse	2025-11-25 05:34:20 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.230 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 00:34:14.906300 2025] [security2:error] [pid 10362:tid 10362] [client 104.207.48.230:46949] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ehrlichfamily.com"] [uri "/.env"] [unique_id "aSU_1nZWH1XR0g5odhSq6AAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 02:30:30 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.230 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 21:30:25.863079 2025] [security2:error] [pid 21556:tid 21556] [client 104.207.48.230:25423] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cyberv.info"] [uri "/.env"] [unique_id "aSUUwU0XbvU_P_4hg1BeNAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-29 15:08:47 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 104.207.48.230 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 104.207.48.230 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 29 11:08:43.982009 2025] [security2:error] [pid 7580:tid 7580] [client 104.207.48.230:11073] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|cpking.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "cpking.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aQIt-7jQ5DOb_KwNhbIO1gAAABg"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-04-07 07:45:45 (1 year ago)	Attempted brute force login to web vpn 2 time(s); last attempt for 2025.04.07 is noted in report tim ... show more Attempted brute force login to web vpn 2 time(s); last attempt for 2025.04.07 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-04-06 14:28:57 (1 year ago)	Attempted brute force login to web vpn 4 time(s); last attempt for 2025.04.06 is noted in report tim ... show more Attempted brute force login to web vpn 4 time(s); last attempt for 2025.04.06 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-04-05 20:48:00 (1 year ago)	Attempted brute force login to web vpn 4 time(s); last attempt for 2025.04.05 is noted in report tim ... show more Attempted brute force login to web vpn 4 time(s); last attempt for 2025.04.05 is noted in report timestamp show less	Hacking Brute-Force

Showing 1 to 15 of 119 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 121.41.93.210

🇺🇸 184.105.247.234

🇻🇳 180.93.43.225

🇮🇩 163.7.11.155

🇨🇳 111.228.36.44

🇵🇰 103.66.149.231

🇺🇸 54.91.199.167

🇳🇱 45.148.10.183

🇩🇪 213.209.159.56

🇰🇷 210.118.224.138

🇵🇦 201.77.55.254

🇨🇳 115.190.160.80

🇨🇳 58.240.112.150

🇧🇷 45.165.244.238

🇨🇳 14.103.104.36

🇷🇴 2.57.122.177

🇫🇮 194.99.26.180

🇲🇽 187.141.71.166

🇻🇳 171.243.149.218

🇺🇸 166.62.41.26