JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.41.196

104.207.41.196 was found in our database!

This IP was reported 142 times. Confidence of Abuse is 13%: ?

13%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.41.196

Whois 104.207.41.196

IP Abuse Reports for 104.207.41.196:

This IP address has been reported a total of 142 times from 19 distinct sources. 104.207.41.196 was first reported on June 11th 2024, and the most recent report was 4 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 4 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Holger	2026-05-07 16:53:21 (4 weeks ago)	Bruteforce WebAttack	Brute-Force Web App Attack
Anonymous	2026-05-06 12:26:33 (4 weeks ago)	Port Scan detected from 104.207.41.196 (US/United States/-).	Port Scan
🇩🇪 Holger	2026-05-05 21:35:57 (1 month ago)	Bruteforce WebAttack	Brute-Force Web App Attack
🇩🇪 Holger	2026-05-03 05:36:45 (1 month ago)	Bruteforce WebAttack	Brute-Force Web App Attack
🇩🇪 Holger	2026-05-01 12:33:24 (1 month ago)	Bruteforce WebAttack	Brute-Force Web App Attack
🇹🇼 tye	2026-04-30 21:43:38 (1 month ago)	Wazuh Alert Evidence: [Fri May 01 05:43:35.298840 2026] [security2:error] [pid 2946349] [client 104. ... show more Wazuh Alert Evidence: [Fri May 01 05:43:35.298840 2026] [security2:error] [pid 2946349] [client 104.207.41.196:58505] [client 104.207.41.196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/etc/apache2/owasp-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [ver "OWASP_CRS/4.23.0-dev"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "114-32-32-181.hinet-ip.hinet.net"] [uri "/.env"] [unique_id "afPNBxaGhu6dQkykANIrdwAAAAI"] show less	Web App Attack
Anonymous	2025-12-22 13:38:44 (5 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-12-11 05:20:57 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 11 00:20:52.284153 2025] [security2:error] [pid 28084:tid 28084] [client 104.207.41.196:43171] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aiagenttypes.com"] [uri "/.git/HEAD"] [unique_id "aTpUtMzjTK692uINgODaNQAAACA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-09 08:21:03 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 09 03:20:56.928421 2025] [security2:error] [pid 7642:tid 7642] [client 104.207.41.196:28939] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cuulphotos.com"] [uri "/.svn/wc.db"] [unique_id "aTfb6E5s2qeAsYz2k3NLXwAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-07 14:11:28 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 09:11:21.712250 2025] [security2:error] [pid 9994:tid 9994] [client 104.207.41.196:18593] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "monogay.org"] [uri "/.git/HEAD"] [unique_id "aTWLCSqa0KafvGLE8hJTsgAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-07 12:14:01 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 07:13:53.753530 2025] [security2:error] [pid 17163:tid 17163] [client 104.207.41.196:58373] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "archief.org"] [uri "/.env"] [unique_id "aTVvgVu0oK3KYUO_WnaHEQAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 i-turnradio.nl	2025-12-07 01:47:51 (5 months ago)	2025-12-07 @ 02:47:51 (CET) ~ Blocked based on risk assessment and prior abuse reports	Web App Attack
🇺🇸 TPI-Abuse	2025-12-06 16:19:11 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 06 11:19:07.295980 2025] [security2:error] [pid 6986:tid 6986] [client 104.207.41.196:17365] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "calfirstrealty.net"] [uri "/.env"] [unique_id "aTRXe6odNiXFOoxYPNTS8gAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 10:51:17 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.196 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.196 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 05:51:14.201773 2025] [security2:error] [pid 8914:tid 8914] [client 104.207.41.196:35601] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ohiokaisers.com"] [uri "/.git/HEAD"] [unique_id "aTK5IrOyCmkYLEA75iVVPwAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-14 01:18:58 (6 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack

Showing 1 to 15 of 142 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇮 147.185.133.188

🇺🇸 47.251.34.107

🇺🇸 205.210.31.18

🇩🇪 159.223.19.41

🇺🇸 147.185.132.252

🇺🇸 147.185.132.240

🇺🇸 147.185.132.231

🇺🇸 147.185.132.40

🇮🇳 122.185.178.218

🇨🇦 85.217.149.41

🇺🇸 45.156.129.95

🇧🇷 43.157.163.155

🇭🇰 223.197.178.95

🇧🇪 198.235.24.232

🇲🇽 189.206.189.150

🇺🇸 147.185.132.243

🇺🇸 147.185.132.22

🇺🇸 147.185.132.21

🇺🇿 82.215.104.197

🇮🇳 52.172.177.191