JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.48.63

104.207.48.63 was found in our database!

This IP was reported 149 times. Confidence of Abuse is 1%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.48.63

Whois 104.207.48.63

IP Abuse Reports for 104.207.48.63:

This IP address has been reported a total of 149 times from 28 distinct sources. 104.207.48.63 was first reported on June 4th 2024, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇲🇹 Malta	2026-05-17 15:51:38 (3 weeks ago)	104.207.48.63 - - [17/May/2026:17:51:38 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows N ... show more 104.207.48.63 - - [17/May/2026:17:51:38 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0" show less	Hacking Web App Attack VPN IP
🇱🇻 garmtech.com	2026-04-02 06:34:22 (2 months ago)	IM360 WAF: WordPress plugin/theme auto install block	Web App Attack
🇫🇷 masterguru	2026-03-27 22:21:23 (2 months ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.48.63 (BR/Brazil/-): 1 in the last 360 ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.48.63 (BR/Brazil/-): 1 in the last 3600 secs (0-193) show less	Hacking
🇺🇸 mnsf	2026-02-15 23:05:48 (3 months ago)	Too many Status 40X (12) Scanning/Probing (16)	Brute-Force Web App Attack
🇬🇧 consul.to	2026-02-15 12:49:14 (3 months ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 11:50:37 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 06:50:33.917998 2026] [security2:error] [pid 20428:tid 20428] [client 104.207.48.63:34139] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thugdoggsrecords.com"] [uri "/.env"] [unique_id "aZGzCRNUorgArahpNcXW0AAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-02-15 06:32:08 (3 months ago)	Multiple WAF Violations	Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 05:52:03 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 00:51:56.872338 2026] [security2:error] [pid 352843:tid 352843] [client 104.207.48.63:26965] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "swetzer.net"] [uri "/test/.git/config"] [unique_id "aZFe_J8bai2rEbe0mFN5gwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 05:25:39 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 00:25:30.907685 2026] [security2:error] [pid 18139:tid 18139] [client 104.207.48.63:47933] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "supportourlibrary.org"] [uri "/backend/.env"] [unique_id "aZFYys1CXfrShTIVllUKogAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 04:24:37 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 23:24:31.256371 2026] [security2:error] [pid 12383:tid 12383] [client 104.207.48.63:34937] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "stringview.com"] [uri "/app/.env"] [unique_id "aZFKfzHY7o1o1yGO4JAXmAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 03:58:39 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 22:58:36.727970 2026] [security2:error] [pid 1559:tid 1559] [client 104.207.48.63:59417] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "stlouisdave.com"] [uri "/app/.env"] [unique_id "aZFEbN_yA1AR09k3_TpYOgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 03:20:19 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 22:20:12.946874 2026] [security2:error] [pid 30169:tid 30169] [client 104.207.48.63:31401] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "starrmail.net"] [uri "/frontend/.env"] [unique_id "aZE7bHBTgH77LmSs_9quxAAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 2000cn.com.au	2026-02-15 02:07:32 (3 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 01:51:35 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 20:51:31.730590 2026] [security2:error] [pid 30282:tid 30282] [client 104.207.48.63:60147] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mycherishedteddies.com"] [uri "/wp/.git/config"] [unique_id "aZEmo6Os5IgWaLReDeD-vwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 01:18:53 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.48.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.48.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 20:18:47.865776 2026] [security2:error] [pid 14743:tid 14743] [client 104.207.48.63:27727] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lynellejonsson.com"] [uri "/backend/.env"] [unique_id "aZEe94iHk86nZk0zPLSx4QAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 149 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 219.146.119.139

🇩🇪 193.124.20.246

🇺🇸 162.216.149.44

🇮🇳 113.193.234.210

🇺🇸 107.152.44.215

🇮🇳 103.220.91.138

🇺🇸 69.49.246.176

🇫🇷 62.210.209.225

🇷🇴 2.57.122.177

🇬🇧 188.240.59.50

🇲🇽 186.96.145.241

🇳🇱 185.223.235.47

🇺🇸 162.217.167.14

🇦🇺 103.144.100.175

🇳🇱 45.148.10.157

🇺🇸 20.81.46.136

🇷🇴 2.57.121.25

🇺🇸 205.210.31.75

🇺🇸 205.210.31.47

🇹🇼 198.235.24.12