JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.37.166

104.207.37.166 was found in our database!

This IP was reported 159 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.37.166

Whois 104.207.37.166

IP Abuse Reports for 104.207.37.166:

This IP address has been reported a total of 159 times from 23 distinct sources. 104.207.37.166 was first reported on June 29th 2024, and the most recent report was 3 months ago.

Old Reports: The most recent abuse report for this IP address is from 3 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 mnsf	2026-02-16 02:06:15 (3 months ago)	Scanning/Probing (25)	Brute-Force Web App Attack
Anonymous	2026-02-15 13:18:40 (3 months ago)	Fuzzing/Looking for credentials files.	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 12:39:22 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.37.166 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.37.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 07:39:15.609030 2026] [security2:error] [pid 2571:tid 2571] [client 104.207.37.166:61431] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "shafoo.com"] [uri "/.git/config"] [unique_id "aZG-c9BkpE_rLqiyVteCQwAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 DocNetzwerk	2026-02-15 12:25:42 (3 months ago)	(mod_security) mod_security triggered on hostname [redacted] 104.207.37.166 (US/United States/-)	SQL Injection
🇺🇸 TPI-Abuse	2026-02-15 11:23:13 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.37.166 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.37.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 06:23:10.067938 2026] [security2:error] [pid 1822272:tid 1822272] [client 104.207.37.166:20605] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "oweng.com"] [uri "/.env.staging"] [unique_id "aZGsnis3e4Cv0meekIOsdgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-02-15 11:07:56 (3 months ago)	Multiple WAF Violations	Web App Attack
🇫🇷 ecode hosting	2026-02-15 07:09:04 (3 months ago)	Domain : secertarim.com Rule : env 2026-02-15 07:07:11 10.100.1.20 GET /.env.production - 80 - 104.2 ... show more Domain : secertarim.com Rule : env 2026-02-15 07:07:11 10.100.1.20 GET /.env.production - 80 - 104.207.37.166 HTTP/1.1 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 - secertarim.com 301 0 0 349 166 149 - - show less	Hacking SQL Injection
🇬🇧 Axel	2026-02-15 06:50:04 (3 months ago)	Blocked by Fail2Ban. Flagged by jail plesk-modsecurity	Exploited Host
🇺🇸 TPI-Abuse	2026-02-15 06:27:13 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.37.166 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.37.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 01:27:07.401422 2026] [security2:error] [pid 21389:tid 21389] [client 104.207.37.166:35335] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "scoretopicturenetwork.com"] [uri "/config/.env"] [unique_id "aZFnO9oqvaoLoxHrskmOqwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 masterguru	2026-02-15 06:10:11 (3 months ago)	. Matched phrase "/.env" at REQUEST_URI. (210492-123)	Web App Attack
🇮🇩 Burayot	2026-02-15 06:02:23 (3 months ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 104.207.37.166 (US/United States/-) ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 104.207.37.166 (US/United States/-): 1 in the last 3600 secs show less	Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 05:57:54 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.37.166 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.37.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 00:57:51.094387 2026] [security2:error] [pid 27634:tid 27634] [client 104.207.37.166:49219] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "schlegelcreative.com"] [uri "/admin/.env"] [unique_id "aZFgX_NSBo_VJw0xens28gAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇭🇺 Adorjan Daczo	2026-02-15 05:40:50 (3 months ago)	Probe for vulnerabilities. Path attempted: /admin/.env	Web App Attack
🇩🇪 gadix	2026-02-15 05:21:27 (3 months ago)	[15/Feb/2026:06:21:21.690112 +0100] aZFX0dfk7Z4Z5gLC1LbitgAAAEg 104.207.37.166 55002 127.0.0.1 7081 ... show more [15/Feb/2026:06:21:21.690112 +0100] aZFX0dfk7Z4Z5gLC1LbitgAAAEg 104.207.37.166 55002 127.0.0.1 7081 [15/Feb/2026:06:21:22.087376 +0100] aZFX0n18zuAUuYzRJMg3vgAAAIQ 104.207.37.166 55008 127.0.0.1 7081 [15/Feb/2026:06:21:22.534437 +0100] aZFX0tfk7Z4Z5gLC1LbitwAAAE0 104.207.37.166 55012 127.0.0.1 7081 ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 04:52:26 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.37.166 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.37.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 23:52:20.349445 2026] [security2:error] [pid 1860:tid 1860] [client 104.207.37.166:33455] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "oakglenhouse.com"] [uri "/.git/config"] [unique_id "aZFRBM_1RAqQhFwYFZIEbQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 159 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2602:80d:1007::5d

🇺🇸 23.95.137.106

🇺🇸 13.222.182.239

🇧🇷 205.210.31.241

🇳🇱 204.76.203.219

🇳🇱 204.76.203.213

🇧🇬 78.128.113.22

🇳🇱 77.83.39.54

🇺🇸 64.23.214.73

🇺🇸 13.222.179.236

🇺🇸 13.222.169.249

🇺🇸 8.229.80.148

🇺🇸 205.210.31.42

🇷🇺 176.109.97.11

🇵🇪 161.132.50.236

🇨🇦 159.89.124.112

🇱🇹 141.98.11.83

🇻🇳 103.138.113.149

🇨🇳 47.113.113.162

🇺🇸 13.222.168.56