JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.49.238

104.207.49.238 was found in our database!

This IP was reported 134 times. Confidence of Abuse is 1%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.49.238

Whois 104.207.49.238

IP Abuse Reports for 104.207.49.238:

This IP address has been reported a total of 134 times from 20 distinct sources. 104.207.49.238 was first reported on June 12th 2024, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇱🇻 garmtech.com	2026-05-11 10:47:45 (3 weeks ago)	IM360 WAF: Old style account creation and modification in Joomla! MV:registration	Web App Attack
🇱🇻 garmtech.com	2026-05-10 15:29:38 (3 weeks ago)	IM360 WAF: Old style account creation and modification in Joomla! MV:/ru/component/users/	Web App Attack
🇺🇸 interbiznw.com	2026-03-29 11:04:36 (2 months ago)	wordpress-fuzzing	Hacking Brute-Force Exploited Host Web App Attack
🇮🇹 Progetto1	2026-01-21 13:30:03 (4 months ago)	Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
🇳🇱 applemooz	2026-01-20 23:21:10 (4 months ago)	WordPress XMLRPC Brute Force Attacks ...	Brute-Force Web App Attack
🇦🇺 MAGIC	2026-01-19 01:10:28 (4 months ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇱🇻 garmtech.com	2026-01-05 22:35:16 (5 months ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 00-35.104.207.49.238.web-spamm ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 00-35.104.207.49.238.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack
🇩🇪 big-cloud.nl	2025-12-15 05:32:17 (5 months ago)	Try to access /xmlrpc.php	Web App Attack
🇺🇸 myagent.site	2025-12-02 18:49:42 (6 months ago)	Blocking for trying to access an exploit file: /.env	Hacking
🇺🇸 TPI-Abuse	2025-12-02 10:58:29 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.238 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 05:58:24.253411 2025] [security2:error] [pid 18177:tid 18177] [client 104.207.49.238:38797] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ballast-capital.com"] [uri "/.env"] [unique_id "aS7GUKjRN6xoijckh4OnggAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 05:55:05 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.238 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 00:54:56.563581 2025] [security2:error] [pid 1198:tid 1198] [client 104.207.49.238:42269] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "amtnm.com"] [uri "/.svn/wc.db"] [unique_id "aS5_MC3xHQ60isIG2fR96gAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 06:44:52 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.238 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 01:44:45.336305 2025] [security2:error] [pid 4960:tid 4960] [client 104.207.49.238:27051] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.theneighborswindow.com"] [uri "/.env"] [unique_id "aSVQXSj-wBZT0BWUlKXORgAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 flws	2025-11-25 05:52:19 (6 months ago)	Using APIs to sign up a huge number of fake users	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 09:50:07 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.238 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:49:50.711640 2025] [security2:error] [pid 10044:tid 10044] [client 104.207.49.238:51475] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.naturessecretresort.com"] [uri "/.env"] [unique_id "aSQqPhD7k2bRzvQekNwB9QAAAB8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 09:24:51 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.238 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:24:43.476037 2025] [security2:error] [pid 22866:tid 22866] [client 104.207.49.238:14399] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.vccemail.net"] [uri "/.svn/wc.db"] [unique_id "aSQkW1ktxkc3xrYQLpeQHwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 134 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.24.210.248

🇩🇪 213.209.159.142

🇧🇼 168.167.228.123

🇺🇸 85.208.96.205

🇫🇷 82.67.128.131

🇬🇧 195.206.182.216

🇬🇧 194.50.235.152

🇮🇳 182.95.42.130

🇺🇸 170.106.180.139

🇸🇬 165.154.236.104

🇫🇮 147.185.133.55

🇭🇰 103.210.237.224

🇸🇬 101.32.248.94

🇳🇱 91.92.42.10

🇬🇧 81.19.219.234

🇺🇸 52.146.90.217

🇬🇧 35.203.211.144

🇬🇧 35.203.211.127

🇺🇸 216.126.236.108

🇳🇱 193.176.31.215