JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.32.66

104.207.32.66 was found in our database!

This IP was reported 138 times. Confidence of Abuse is 8%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.32.66

Whois 104.207.32.66

IP Abuse Reports for 104.207.32.66:

This IP address has been reported a total of 138 times from 21 distinct sources. 104.207.32.66 was first reported on June 4th 2024, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇺 oncord	2026-05-01 05:24:58 (1 month ago)	Form spam	Web Spam
🇫🇷 ✨	2026-04-21 23:31:17 (1 month ago)	Rule : Security 4 System %592 104.207.32.66 39083 *hidden-privacy* 443 6 187920474 %610 44	Port Scan Hacking Brute-Force
🇬🇧 CrystalMaker	2026-03-28 17:31:11 (2 months ago)	Wordpress attack - GET //wp-includes/wlwmanifest.xml; GET //xmlrpc.php?rsd; GET //blog/wp-includes/w ... show more Wordpress attack - GET //wp-includes/wlwmanifest.xml; GET //xmlrpc.php?rsd; GET //blog/wp-includes/wlwmanifest.xml; GET //web/wp-includes/wlwmanifest.xml; GET //wordpress/wp-includes/wlwmanifest.xml; GET //website/wp-includes/wlwmanifest.xml; GET //wp/wp-includes/wlwmanifest.xml; GET //news/wp-includes/wlwmanifest.xml; GET //wp1/wp-includes/wlwmanifest.xml; GET //test/wp-includes/wlwmanifest.xml; GET //wp2/wp-includes/wlwmanifest.xml; GET //site/wp-includes/wlwmanifest.xml; GET //cms/wp-includes/wlwmanifest.xml; GET //sito/wp-includes/wlwmanifest.xml show less	Web App Attack
Anonymous	2026-03-22 00:02:31 (2 months ago)	Forum/form spam	Web Spam
Anonymous	2026-03-05 00:59:00 (3 months ago)		Exploited Host
🇺🇸 TPI-Abuse	2026-01-15 10:34:59 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.32.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.32.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 15 05:34:55.602288 2026] [security2:error] [pid 29430:tid 29430] [client 104.207.32.66:56331] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "madandproud.com"] [uri "/.git/HEAD"] [unique_id "aWjCz09QFC8sxy5OMiTTHQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2026-01-13 11:55:34 (4 months ago)	Blocking for trying to access an exploit file: /.env	Hacking
🇩🇪 Vegascosmetics	2026-01-12 22:50:30 (4 months ago)	Kingcopy(AI-IDS):IP does Multiple AWS Environment Abuse	Hacking Web App Attack
🇫🇷 Jean Valjean	2025-12-30 23:15:33 (5 months ago)	Fail2ban Caboom : xmlrpc.php Abuse	SQL Injection Web App Attack
🇨🇭 backslash	2025-12-30 16:40:04 (5 months ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
🇺🇸 TPI-Abuse	2025-11-26 11:15:04 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.32.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.32.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 06:14:58.655023 2025] [security2:error] [pid 19135:tid 19135] [client 104.207.32.66:36411] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.zoesaadeh.com"] [uri "/.env"] [unique_id "aSbhMugAHQ4UG2FC5l7I6QAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 05:53:37 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.32.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.32.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 00:53:34.340152 2025] [security2:error] [pid 26118:tid 26118] [client 104.207.32.66:14875] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.389thbg.com"] [uri "/.env"] [unique_id "aSaV3mUHC2XfP6gNvyy6-AAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 02:32:43 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.32.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.32.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 21:32:38.097188 2025] [security2:error] [pid 5361:tid 5379] [client 104.207.32.66:28259] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.accsesame.com"] [uri "/.git/HEAD"] [unique_id "aSZmxg6mFNQyT6yLV4L5SgAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 01:03:30 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.32.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.32.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 20:03:23.311759 2025] [security2:error] [pid 29800:tid 29800] [client 104.207.32.66:21423] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.alwaysatyourservice.net"] [uri "/.env"] [unique_id "aSZR2xXqhVO1xQi12t26CwAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 04:51:26 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.32.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.32.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:51:21.591900 2025] [security2:error] [pid 3965258:tid 3965284] [client 104.207.32.66:29899] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "store.flapjacktoys.com"] [uri "/.svn/wc.db"] [unique_id "aSPkSchgZFlRjqvFboh9cgAAAQ0"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 138 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇵 202.70.78.237

🇹🇭 171.6.23.226

🇭🇰 154.221.25.205

🇨🇳 123.232.131.208

🇩🇪 69.5.169.155

🇺🇸 66.132.224.17

🇮🇳 49.200.158.226

🇰🇷 211.63.214.90

🇧🇪 207.175.45.58

🇨🇳 182.242.168.36

🇮🇳 182.76.66.186

🇺🇸 147.185.132.182

🇵🇰 110.38.240.226

🇸🇬 103.134.154.36

🇳🇱 89.248.163.200

🇷🇴 80.94.92.171

🇺🇸 65.49.1.22

🇪🇬 41.234.150.170

🇻🇪 38.43.225.248

🇨🇦 24.53.21.123