JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.41.139

104.207.41.139 was found in our database!

This IP was reported 153 times. Confidence of Abuse is 29%: ?

29%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.41.139

Whois 104.207.41.139

IP Abuse Reports for 104.207.41.139:

This IP address has been reported a total of 153 times from 31 distinct sources. 104.207.41.139 was first reported on June 22nd 2024, and the most recent report was 5 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇺 MAGIC	2026-06-13 01:12:44 (5 hours ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇬🇷 setupgr	2026-06-11 08:35:52 (1 day ago)	(mod_security) mod_security (id:900001) triggered by 104.207.41.139: 1 in the last 86400 secs; Ports ... show more (mod_security) mod_security (id:900001) triggered by 104.207.41.139: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Thu Jun 11 11:35:51.507569 2026] [security2:error] [pid 2066679:tid 2066725] [client 104.207.41.139:23697] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|alloweddomain2\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "74"] [id "900001"] [msg "Blocked WP Login attempt on domain: sea-sound.com"] [severity "CRITICAL"] [tag "security"] [hostname "sea-sound.com"] [uri "/wp-login.php"] [unique_id "aipzZ-19bB3nUzfQACZjzQAAAZM"], referer: https://sea-sound.com/wp-login.php show less	Port Scan
🇫🇷 ELYAZ	2026-06-01 16:26:03 (1 week ago)	(y4) Failed scan -byebye- from 104.207.41.139 (US/United States/-): (CF_ENABLE)	Hacking
🇲🇽 octageeks.com	2026-06-01 04:08:35 (1 week ago)	Wordpress malicious attack:[octaflood]	Web App Attack
🇲🇽 octageeks.com	2026-05-30 04:15:22 (2 weeks ago)	Wordpress malicious attack:[octaflood]	Web App Attack
🇬🇧 PeravixGroup	2026-05-10 10:33:20 (1 month ago)	Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severit ... show more Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇮🇹 [email protected]	2026-04-17 23:35:15 (1 month ago)	[Sat Apr 18 01:35:15.339074 2026] [authz_core:error] [pid 560720:tid 560750] [remote 104.207.41.139: ... show more [Sat Apr 18 01:35:15.339074 2026] [authz_core:error] [pid 560720:tid 560750] [remote 104.207.41.139:32217] AH01630: client denied by server configuration: /var/www/html/MyWeb/Wordpress_www/wp-login.php ... show less	Brute-Force Web App Attack
🇬🇧 openstrike.co.uk	2026-02-16 06:13:03 (3 months ago)	12 attacks on password grabbing URLs, VC URLs, env grabbing URLs: GET /.aws/credentials HTTP/1.1 GET ... show more 12 attacks on password grabbing URLs, VC URLs, env grabbing URLs: GET /.aws/credentials HTTP/1.1 GET /api/.git/config HTTP/1.1 GET /config/.env HTTP/1.1 show less	Hacking
🇺🇸 TPI-Abuse	2026-02-15 11:52:39 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.139 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 06:52:32.121811 2026] [security2:error] [pid 25061:tid 25061] [client 104.207.41.139:46035] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sergioaurell.com"] [uri "/.env.production"] [unique_id "aZGzgOaKt16kNkV-XiQPEwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 11:31:46 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.139 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 06:31:38.317960 2026] [security2:error] [pid 26569:tid 26569] [client 104.207.41.139:34739] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ozera.com"] [uri "/wp/.git/config"] [unique_id "aZGumvUXuJhKS-QaoczrAgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 06:31:46 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.139 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 01:31:38.686947 2026] [security2:error] [pid 4366:tid 4366] [client 104.207.41.139:28333] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "scottwithers.net"] [uri "/.git/config"] [unique_id "aZFoSrOVSiW36da1HxceeQAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-02-15 06:07:00 (3 months ago)	Scanning/Probing (25)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 05:29:07 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.139 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 00:29:02.040497 2026] [security2:error] [pid 22199:tid 22236] [client 104.207.41.139:16237] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "prismatik.com"] [uri "/app/.git/config"] [unique_id "aZFZnr6k6LPKjSLyJxBv0QAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 04:09:32 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.139 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 23:09:23.868293 2026] [security2:error] [pid 2464505:tid 2464505] [client 104.207.41.139:46647] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "powerlinemagazine.com"] [uri "/.env.staging"] [unique_id "aZFG83zTNplM7nyrlqYPXQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 03:50:33 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.139 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 22:50:25.440339 2026] [security2:error] [pid 458:tid 471] [client 104.207.41.139:26719] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "northmiamichamber.org"] [uri "/backend/.env"] [unique_id "aZFCgYfp7zOmXgeq_CNHGwAAAIk"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 153 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 193.124.20.244

🇺🇸 147.185.132.145

🇹🇷 78.189.150.95

🇨🇳 61.182.2.26

🇨🇳 39.130.240.253

🇧🇷 187.33.59.116

🇨🇳 183.36.179.7

🇩🇪 172.71.164.147

🇺🇸 162.216.150.21

🇺🇸 150.107.36.223

🇨🇳 139.9.191.197

🇧🇩 103.183.62.0

🇺🇸 64.62.197.195

🇱🇹 62.60.130.238

🇰🇪 41.60.238.168

🇦🇪 176.205.254.176

🇺🇸 146.190.157.206

🇭🇰 107.149.92.119

🇺🇸 52.224.109.126

🇸🇬 43.153.196.80