JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.48.232

104.207.48.232 was found in our database!

This IP was reported 165 times. Confidence of Abuse is 1%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.48.232

Whois 104.207.48.232

IP Abuse Reports for 104.207.48.232:

This IP address has been reported a total of 165 times from 27 distinct sources. 104.207.48.232 was first reported on June 5th 2024, and the most recent report was 4 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 4 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 openstrike.co.uk	2026-05-08 05:13:32 (4 weeks ago)	66 attacks on PHP URLs, password grabbing URLs, env grabbing URLs: GET http://mta-sts.ellastoneparis ... show more 66 attacks on PHP URLs, password grabbing URLs, env grabbing URLs: GET http://mta-sts.ellastoneparishcouncil.gov.uk/env.php HTTP/1.1 GET http://mta-sts.ellastoneparishcouncil.gov.uk/pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000 HTTP/1.1 GET http://mta-sts.ellastoneparishcouncil.gov.uk/api/.env HTTP/1.1 show less	Web App Attack Hacking
🇩🇪 big-cloud.nl	2026-02-13 05:01:03 (3 months ago)	Try to access /.env	Web App Attack
🇺🇸 TPI-Abuse	2026-02-12 17:04:23 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.232 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.232 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 12:04:19.631227 2026] [security2:error] [pid 26233:tid 26233] [client 104.207.48.232:27695] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bandpd.com"] [uri "/.env"] [unique_id "aY4IE1S8jMhIZToqELUU0QAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-12 01:47:28 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.232 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.232 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 11 20:47:20.691031 2026] [security2:error] [pid 1127965:tid 1127965] [client 104.207.48.232:16797] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "effectivefirearms.com"] [uri "/api/.env"] [unique_id "aY0xKJUCUmW7tFQ0i6ToXgAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-11 10:00:15 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.232 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.232 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 11 05:00:08.510124 2026] [security2:error] [pid 3903:tid 3903] [client 104.207.48.232:38535] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cougarcrusade.com"] [uri "/.env"] [unique_id "aYxTKI3-Qh9TPSYFGN5eHwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-11 03:10:15 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.232 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.232 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 10 22:10:08.956953 2026] [security2:error] [pid 2564:tid 2564] [client 104.207.48.232:41107] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ecomim.com"] [uri "/config/.env"] [unique_id "aYvzECGuFvEiq_mixWwy-AAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-10 02:26:55 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.232 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.232 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 21:26:45.904450 2026] [security2:error] [pid 1775870:tid 1775870] [client 104.207.48.232:14093] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gensou.net"] [uri "/api/.env"] [unique_id "aYqXZe731QMuyKZxNetpzAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-10 01:06:06 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.232 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.232 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 20:05:54.241978 2026] [security2:error] [pid 1036081:tid 1036167] [client 104.207.48.232:62551] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gelatoconsapevole.com"] [uri "/api/.git/config"] [unique_id "aYqEcs__7REXY7sHL-BOewAAAcU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-10 00:35:29 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.232 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.232 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 19:35:23.845950 2026] [security2:error] [pid 17658:tid 17658] [client 104.207.48.232:34223] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "geckoturner.com"] [uri "/dev/.git/config"] [unique_id "aYp9S18Zhh7CflHZUY42jQAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-28 16:18:40 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.232 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.232 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 11:18:32.851321 2025] [security2:error] [pid 12991:tid 12991] [client 104.207.48.232:19871] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.aliciagrant.com"] [uri "/.env"] [unique_id "aVFYWM1kxfGXAYY1T6Fy2gAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-09 18:42:10 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.232 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.232 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 09 13:42:05.660843 2025] [security2:error] [pid 30053:tid 30053] [client 104.207.48.232:45477] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "impostersyndromeunmasked.com"] [uri "/.svn/wc.db"] [unique_id "aThtfZVEq1uUikppcsYM9wAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-07 15:11:19 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.232 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.232 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 10:11:13.347040 2025] [security2:error] [pid 27906:tid 27906] [client 104.207.48.232:13585] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "stewhist.org"] [uri "/.svn/wc.db"] [unique_id "aTWZEZmKeNTO1jlnZ6qMqQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-06 21:20:59 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 104.207.48.232 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 104.207.48.232 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 06 16:20:56.435699 2025] [security2:error] [pid 12631:tid 12631] [client 104.207.48.232:15057] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|primrust.net\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "primrust.net"] [uri "/.svn/wc.db"] [unique_id "aTSeOMwDEeDaEAJ-ZXyzlgAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-06 11:07:51 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.232 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.232 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 06 06:07:46.705910 2025] [security2:error] [pid 26577:tid 26577] [client 104.207.48.232:25227] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "carterindustries.net"] [uri "/.env"] [unique_id "aTQOgtPqhe9kZ9CLValD3QAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2025-12-06 04:20:38 (6 months ago)	Blocking for trying to access an exploit file: /.env	Hacking

Showing 1 to 15 of 165 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇦 176.98.8.117

🇺🇸 162.216.149.89

🇮🇪 2a05:d018:10df:d400:6c53:a516:1bff:cdc2

🇬🇧 217.146.80.105

🇺🇸 216.218.206.81

🇮🇳 202.88.251.234

🇳🇱 176.65.139.58

🇨🇳 175.169.80.148

🇮🇪 108.130.235.94

🇪🇪 80.77.25.87

🇨🇦 70.50.143.40

🇺🇸 64.62.197.232

🇮🇪 54.78.38.237

🇬🇧 35.203.211.79

🇻🇳 14.224.227.189

🇬🇧 5.181.124.131

🇮🇳 4.213.99.137

🇺🇸 3.221.209.142

🇮🇪 2a05:d018:10df:d400:7b71:8709:1c8:cefa

🇮🇩 180.243.254.154