JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.48.250

104.207.48.250 was found in our database!

This IP was reported 152 times. Confidence of Abuse is 20%: ?

20%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.48.250

Whois 104.207.48.250

IP Abuse Reports for 104.207.48.250:

This IP address has been reported a total of 152 times from 20 distinct sources. 104.207.48.250 was first reported on June 20th 2024, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 PeravixGroup	2026-06-11 00:22:12 (4 days ago)	Honeypot detection: Apache CouchDB unauthorized access / exploitation attempt on port 5984. Severity ... show more Honeypot detection: Apache CouchDB unauthorized access / exploitation attempt on port 5984. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
Anonymous	2026-06-06 12:19:07 (1 week ago)	Fuzzing/Looking for credentials files.	Brute-Force Web App Attack
🇨🇭 backslash	2026-05-23 05:03:07 (3 weeks ago)		Bad Web Bot
🇬🇧 PeravixGroup	2026-05-10 10:35:00 (1 month ago)	Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severit ... show more Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇬🇧 PeravixGroup	2026-05-06 17:55:09 (1 month ago)	Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severit ... show more Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇦🇺 oncord	2026-02-12 05:52:48 (4 months ago)	Form spam	Web Spam
🇦🇺 oncord	2026-02-09 04:13:02 (4 months ago)	Form spam	Web Spam
🇦🇺 oncord	2026-02-03 18:06:52 (4 months ago)	Form spam	Web Spam
🇩🇪 F242	2026-01-30 05:17:30 (4 months ago)	Wordpress Login or XMLRPC abuse	Web App Attack
🇺🇸 TPI-Abuse	2025-12-10 10:10:14 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.250 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.250 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 10 05:10:08.190787 2025] [security2:error] [pid 18513:tid 18513] [client 104.207.48.250:24907] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tesacate.com"] [uri "/.svn/wc.db"] [unique_id "aTlHAIHDqRF0Cv93SiCE7wAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-09 20:28:39 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.250 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.250 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 09 15:28:34.647477 2025] [security2:error] [pid 503:tid 503] [client 104.207.48.250:9257] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lifevsai.com"] [uri "/.env"] [unique_id "aTiGcqy4Y_Qv8oPAe5wwkAAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 jjnxpct	2025-12-07 04:54:50 (6 months ago)	Automated security incident from hosting server. ModSecurity blocked suspicious request targeting UR ... show more Automated security incident from hosting server. ModSecurity blocked suspicious request targeting URI: /.env (Rule ID: 930130) - Restricted File Access Attempt [Suspicious: .env found within REQUEST_FILENAME: /.env] show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-12-06 16:15:17 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.250 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.250 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 06 11:15:11.798460 2025] [security2:error] [pid 4551:tid 4551] [client 104.207.48.250:43445] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "byles.net"] [uri "/.env"] [unique_id "aTRWj7IbY4eqERkLOYnc7gAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-06 04:43:01 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.250 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.250 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 23:42:55.931244 2025] [security2:error] [pid 5075:tid 5075] [client 104.207.48.250:18213] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "megastorebuilders.info"] [uri "/.env"] [unique_id "aTO0T600fffKQhvUMGAPrwAAACo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 10:38:56 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.250 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.250 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 05:38:54.014827 2025] [security2:error] [pid 32686:tid 32707] [client 104.207.48.250:53473] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kwainet.com"] [uri "/.svn/wc.db"] [unique_id "aTK2Poy_rIQt22vJqtq4IAAAANM"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 152 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 220.180.166.214

🇩🇪 130.49.113.117

🇺🇸 47.251.123.181

🇳🇱 45.148.10.157

🇰🇷 223.194.21.240

🇲🇽 186.96.151.198

🇨🇦 155.94.236.91

🇺🇸 66.132.195.21

🇸🇦 51.252.190.211

🇬🇧 45.198.224.140

🇷🇺 37.128.240.47

🇬🇧 5.226.140.7

🇮🇩 203.83.40.30

🇹🇼 114.35.23.130

🇵🇱 95.214.53.157

🇫🇷 84.247.172.198

🇰🇷 59.21.37.60

🇳🇱 45.148.10.151

🇺🇸 4.150.201.26

🇩🇪 2.26.51.160