JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.33.181

104.207.33.181 was found in our database!

This IP was reported 148 times. Confidence of Abuse is 23%: ?

23%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.33.181

Whois 104.207.33.181

IP Abuse Reports for 104.207.33.181:

This IP address has been reported a total of 148 times from 24 distinct sources. 104.207.33.181 was first reported on June 11th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Bedios GmbH	2026-06-11 21:17:21 (1 week ago)	SQL backup theft attempt	Hacking
🇫🇷 ELYAZ	2026-05-30 12:15:30 (3 weeks ago)	(y4) Failed scan -byebye- from 104.207.33.181 (US/United States/-): (CF_ENABLE)	Hacking
🇩🇪 HERA - Operations	2026-05-30 06:24:59 (3 weeks ago)	bau-arge - searching for vulnerable scripts: data.sql 2026/05/30 08:24:59	Web App Attack
🇺🇸 lostswordfish.com	2026-05-27 20:44:03 (3 weeks ago)	Wordfence waf block on baystatereentrynetwork	Web App Attack
🇩🇪 FeG Deutschland	2026-05-25 19:53:13 (4 weeks ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇦🇺 RedBear IT	2026-03-26 10:00:37 (2 months ago)	"DDoS against public endpoint"	DDoS Attack
🇮🇹 VHosting	2026-02-18 22:11:34 (4 months ago)	Detected attack and reported by a human	Brute-Force Web App Attack SSH DDoS Attack Exploited Host Bad Web Bot
🇪🇸 10dencehispahard SL	2026-01-16 08:06:28 (5 months ago)	Wordpress probing for vulnerabilities	Hacking Exploited Host
🇺🇸 TPI-Abuse	2026-01-12 21:23:56 (5 months ago)	(mod_security) mod_security (id:225170) triggered by 104.207.33.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 104.207.33.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 12 16:23:50.103919 2026] [security2:error] [pid 25003:tid 25003] [client 104.207.33.181:35393] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|primacomm.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "primacomm.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aWVmZlTmJZ5B2umECx09LgAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 11:04:41 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.33.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.33.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 06:04:39.001794 2025] [security2:error] [pid 31674:tid 31674] [client 104.207.33.181:57983] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.shelbysmoak.com"] [uri "/.env"] [unique_id "aSbexqAx57SM9JSYgXeXUAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 10:17:20 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.33.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.33.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 05:17:17.388897 2025] [security2:error] [pid 3793064:tid 3793088] [client 104.207.33.181:24239] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.bhhg.org"] [uri "/.git/HEAD"] [unique_id "aSbTrcImjdfZpXBWNqQYHgAAAEc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 09:20:05 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.33.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.33.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 04:19:55.392913 2025] [security2:error] [pid 4327:tid 4327] [client 104.207.33.181:21933] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.stormstrips.info"] [uri "/.git/HEAD"] [unique_id "aSbGO1VKKEteZiKNFqhIkgAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 03:00:24 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.33.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.33.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 22:00:15.684075 2025] [security2:error] [pid 5425:tid 5441] [client 104.207.33.181:31677] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.martinbenes.com"] [uri "/.env"] [unique_id "aSZtP1oBK930f_mgSwG5bQAAAU4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 05:43:53 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.33.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.33.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 00:43:45.387546 2025] [security2:error] [pid 2457:tid 2457] [client 104.207.33.181:39491] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.michaels-house.net"] [uri "/.env"] [unique_id "aSPwkTdQdLl3a1IBxgQd-gAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-14 10:04:34 (7 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack

Showing 1 to 15 of 148 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 211.228.218.47

🇺🇸 146.70.165.175

🇺🇸 40.122.235.122

🇻🇪 200.35.2.253

🇨🇭 195.177.93.1

🇧🇷 187.111.28.131

🇲🇽 177.228.196.142

🇧🇷 170.246.25.54

🇨🇳 115.190.138.163

🇧🇾 81.30.98.142

🇸🇬 47.84.109.254

🇳🇱 45.148.10.151

🇺🇸 40.122.235.121

🇺🇸 40.122.235.118

🇩🇪 8.211.2.225

🇱🇹 188.69.225.188

🇲🇴 182.93.50.90

🇺🇸 161.0.2.59

🇺🇸 146.70.165.106

🇺🇸 143.244.47.87