JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.41.18

104.207.41.18 was found in our database!

This IP was reported 75 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.41.18

Whois 104.207.41.18

IP Abuse Reports for 104.207.41.18:

This IP address has been reported a total of 75 times from 13 distinct sources. 104.207.41.18 was first reported on June 5th 2024, and the most recent report was 2 months ago.

Old Reports: The most recent abuse report for this IP address is from 2 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇸🇪 KIDOS	2026-03-19 18:28:02 (2 months ago)	malicious activity	Web App Attack
Anonymous	2026-01-16 14:29:19 (4 months ago)	wordpress-trap	Web App Attack
Anonymous	2025-12-09 10:44:23 (5 months ago)	botnet	DDoS Attack
🇺🇸 TPI-Abuse	2025-12-09 04:05:28 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.18 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 08 23:05:22.109855 2025] [security2:error] [pid 29221:tid 29221] [client 104.207.41.18:30647] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "speedysremodeling.com"] [uri "/.git/HEAD"] [unique_id "aTegAg3pLjzsrFv_Fl7p2gAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-08 22:02:16 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.18 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 08 17:02:12.990691 2025] [security2:error] [pid 1080:tid 1086] [client 104.207.41.18:20493] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gelatoconsapevole.com"] [uri "/.env"] [unique_id "aTdK5HELI8RM6E24WVmRsQAAAUE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 10:16:45 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.18 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 05:16:38.545976 2025] [security2:error] [pid 12776:tid 12776] [client 104.207.41.18:18103] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "theblindmantylertx.com"] [uri "/.env"] [unique_id "aTKxBvD6Ju-6aishlbvBowAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 09:17:12 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.18 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 04:17:10.253154 2025] [security2:error] [pid 24253:tid 24253] [client 104.207.41.18:56347] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thecommonsenseeconomist.com"] [uri "/.svn/wc.db"] [unique_id "aTKjFm2V8z-tA-0keQLVDwAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇸🇪 SkyDancer	2025-12-05 07:14:18 (6 months ago)	Multiple intrusion attempts via http/https on known vulnerable url offsets. Attack automatically blo ... show more Multiple intrusion attempts via http/https on known vulnerable url offsets. Attack automatically blocked by SkyDancer Ai(web-X). show less	Hacking Brute-Force
🇺🇸 TPI-Abuse	2025-11-24 09:14:22 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.18 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:14:18.474026 2025] [security2:error] [pid 15533:tid 15533] [client 104.207.41.18:53927] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.sprek.net"] [uri "/.env"] [unique_id "aSQh6phcOcZSSXz0y-I-MwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 05:43:41 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.18 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 00:43:34.325952 2025] [security2:error] [pid 10575:tid 10575] [client 104.207.41.18:18961] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "q3.evolute.io"] [uri "/.svn/wc.db"] [unique_id "aSPwhqdUEWR2na8UEryd4AAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 03:50:12 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.18 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 22:50:03.097589 2025] [security2:error] [pid 17262:tid 17262] [client 104.207.41.18:25413] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.rotarymagnetics.com"] [uri "/.env"] [unique_id "aSPV60tGLpc7-l4FsyPHOQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-15 18:25:57 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.18 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 15 13:25:53.430068 2025] [security2:error] [pid 9065:tid 9065] [client 104.207.41.18:42209] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.impactqualityinc.com"] [uri "/.env"] [unique_id "aRjFsc1HMhVgg5nBQhimzwAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-13 21:08:34 (6 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
🇨🇦 wil.com	2025-10-29 09:33:58 (7 months ago)	GlobalProtect login attempts with user teamhays.	VPN IP Brute-Force
Anonymous	2025-10-17 18:37:22 (7 months ago)	Attempted brute force login to web vpn 1 time(s); last attempt for 2025.10.17 is noted in report tim ... show more Attempted brute force login to web vpn 1 time(s); last attempt for 2025.10.17 is noted in report timestamp show less	Hacking Brute-Force

Showing 1 to 15 of 75 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇱🇻 185.113.139.51

🇨🇳 171.116.47.24

🇫🇷 75.119.156.116

🇺🇸 23.254.178.52

🇹🇼 198.235.24.69

🇲🇽 187.174.238.116

🇫🇷 185.177.72.100

🇵🇰 153.117.7.13

🇩🇪 151.243.11.35

🇮🇳 143.110.186.36

🇵🇾 138.59.224.80

🇨🇳 112.65.211.88

🇭🇰 101.36.111.119

🇳🇱 45.148.10.240

🇦🇹 45.95.243.5

🇳🇱 45.8.17.11

🇳🇱 45.8.17.8

🇬🇧 35.203.210.100

🇷🇴 2.57.121.25

🇧🇪 198.235.24.204