JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.41.197

104.207.41.197 was found in our database!

This IP was reported 137 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.41.197

Whois 104.207.41.197

IP Abuse Reports for 104.207.41.197:

This IP address has been reported a total of 137 times from 13 distinct sources. 104.207.41.197 was first reported on June 5th 2024, and the most recent report was 3 months ago.

Old Reports: The most recent abuse report for this IP address is from 3 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-02-20 14:14:37 (3 months ago)	(mod_security) mod_security (id:225170) triggered by 104.207.41.197 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 104.207.41.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 20 09:14:31.598259 2026] [security2:error] [pid 2644:tid 2644] [client 104.207.41.197:49707] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|caschettaconsulting.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "caschettaconsulting.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aZhsR9SOMlFNnMi1BOvWjgAAAAw"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-20 10:54:29 (3 months ago)	(mod_security) mod_security (id:225170) triggered by 104.207.41.197 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 104.207.41.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 20 05:54:24.325845 2026] [security2:error] [pid 28289:tid 28289] [client 104.207.41.197:18689] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|lbee.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "lbee.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aZg9YCpAbDqLvppxezFO9AAAAAU"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 20:07:17 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.197 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 15:06:54.242933 2026] [security2:error] [pid 9759:tid 9759] [client 104.207.41.197:20121] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "galaxyretro.com"] [uri "/test/.git/config"] [unique_id "aYo-XiXu0FiA6bFaNxBhBAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 17:57:49 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.197 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 12:57:45.280822 2026] [security2:error] [pid 24788:tid 24788] [client 104.207.41.197:63249] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "furbabieslivesmatter.com"] [uri "/.env.staging"] [unique_id "aYogGSXVHf8_zFFvcDGvrQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 12:57:35 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.197 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 07:57:24.378502 2026] [security2:error] [pid 24062:tid 24062] [client 104.207.41.197:12137] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fundingworkingcapital.com"] [uri "/frontend/.env"] [unique_id "aYnZtJE1P6d7oxU-GksrqQAAAB8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 10:01:27 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.197 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 05:01:20.499438 2026] [security2:error] [pid 5731:tid 5731] [client 104.207.41.197:49577] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gabosoftware.com"] [uri "/api/.env"] [unique_id "aYmwcMG1XEQJMYuswwcEYgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 afleventoffice.com.au	2026-02-09 09:47:14 (3 months ago)	GET /backup/.git/config HTTP/1.1	Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 07:46:32 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.197 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 02:46:25.625383 2026] [security2:error] [pid 20095:tid 20095] [client 104.207.41.197:21729] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fuzzyecho.com"] [uri "/v2/.git/config"] [unique_id "aYmQ0Sa89Rxuoe5AeAirAQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 fbarela	2025-12-28 13:00:10 (5 months ago)	FortiGate SSL VPN login failures.	Hacking Brute-Force
🇮🇹 VHosting	2025-12-23 16:55:30 (5 months ago)	Detected attack and reported by a human	DDoS Attack Brute-Force Bad Web Bot Exploited Host Web App Attack SSH
🇩🇪 london2038.com	2025-10-26 05:25:16 (7 months ago)	Detected by WP fail2ban 2025-10-26T06:25:13.421810+01:00 wordpress: Authentication attempt from 104. ... show more Detected by WP fail2ban 2025-10-26T06:25:13.421810+01:00 wordpress: Authentication attempt from 104.207.41.197 show less	Brute-Force Web App Attack
🇨🇦 wil.com	2025-10-13 19:33:38 (7 months ago)	GlobalProtect login attempts with user speram.	VPN IP Brute-Force
Anonymous	2025-10-11 08:11:42 (7 months ago)	Attempted brute force login to web vpn 54 time(s); last attempt for 2025.10.11 is noted in report ti ... show more Attempted brute force login to web vpn 54 time(s); last attempt for 2025.10.11 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-10-10 23:44:36 (7 months ago)	Attempted brute force login to web vpn 72 time(s); last attempt for 2025.10.10 is noted in report ti ... show more Attempted brute force login to web vpn 72 time(s); last attempt for 2025.10.10 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-10-09 20:40:49 (7 months ago)	Attempted brute force login to web vpn 180 time(s); last attempt for 2025.10.09 is noted in report t ... show more Attempted brute force login to web vpn 180 time(s); last attempt for 2025.10.09 is noted in report timestamp show less	Hacking Brute-Force

Showing 1 to 15 of 137 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.56

🇨🇳 182.119.230.254

🇨🇳 27.221.13.239

🇦🇴 169.239.135.52

🇨🇳 110.177.176.4

🇨🇳 106.13.39.89

🇭🇰 103.210.21.242

🇧🇷 102.211.152.138

🇺🇸 43.130.32.245

🇰🇭 36.37.203.28

🇩🇪 8.209.83.1

🇺🇸 184.105.247.244

🇸🇬 114.119.142.84

🇰🇿 109.201.58.228

🇮🇩 41.216.178.119

🇳🇱 5.255.121.235

🇩🇪 213.209.159.236

🇲🇽 187.189.41.43

🇮🇩 163.7.3.26

🇸🇬 114.119.152.12