JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.41.202

104.207.41.202 was found in our database!

This IP was reported 157 times. Confidence of Abuse is 29%: ?

29%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.41.202

Whois 104.207.41.202

IP Abuse Reports for 104.207.41.202:

This IP address has been reported a total of 157 times from 31 distinct sources. 104.207.41.202 was first reported on June 4th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 FeG Deutschland	2026-05-29 04:18:35 (1 week ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇬🇧 poundawebsiteltd	2026-05-29 02:42:45 (1 week ago)	WP Exploit attempt. Evidence: [REDACTED_DOMAIN]:443 104.207.41.202 - - [29/May/2026:03:42:38 +0100] ... show more WP Exploit attempt. Evidence: [REDACTED_DOMAIN]:443 104.207.41.202 - - [29/May/2026:03:42:38 +0100] POST /wp-login.php HTTP/1.1 200 6872 https://[REDACTED_DOMAIN]/wp-login.php Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 show less	Web App Attack
🇫🇷 pm33	2026-05-25 23:06:29 (1 week ago)	Wordpress login attempts	Brute-Force
🇺🇸 lostswordfish.com	2026-05-23 09:42:04 (1 week ago)	Wordfence waf block on secure	Web App Attack
🇪🇸 librebit	2026-05-13 23:09:35 (3 weeks ago)	Brute force	Brute-Force
🇳🇱 jjnxpct	2026-02-16 04:55:07 (3 months ago)	Automated security incident from hosting server. ModSecurity blocked suspicious request targeting UR ... show more Automated security incident from hosting server. ModSecurity blocked suspicious request targeting URI: /backup/.git/config (Rule ID: 930130) - Restricted File Access Attempt show less	Hacking Web App Attack
🇷🇴 INTEQ	2026-02-15 11:47:49 (3 months ago)	Web attack from 104.207.41.202	Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 11:06:21 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.202 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.202 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 06:06:14.881817 2026] [security2:error] [pid 6221:tid 6221] [client 104.207.41.202:62317] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "puoci.com"] [uri "/site/.git/config"] [unique_id "aZGopl1m3-gAHuzH3o5IEQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 on-com	2026-02-15 06:02:18 (3 months ago)	URL scan	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 05:47:16 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.202 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.202 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 00:47:10.638529 2026] [security2:error] [pid 11477:tid 11477] [client 104.207.41.202:19741] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "prodivediving.com"] [uri "/frontend/.env"] [unique_id "aZFd3tkTlxQVdt-BXS2JkQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2026-02-15 05:08:13 (3 months ago)	Blocking for trying to access an exploit file: /test/.git/config	Hacking
🇺🇸 TPI-Abuse	2026-02-15 04:22:19 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.202 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.202 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 23:22:14.545848 2026] [security2:error] [pid 333:tid 333] [client 104.207.41.202:63375] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "san-marino-boat-registration.com"] [uri "/backend/.env"] [unique_id "aZFJ9pmfu6rh8kx6Yf9rowAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 02:47:03 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.202 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.202 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 21:46:58.536669 2026] [security2:error] [pid 184122:tid 184215] [client 104.207.41.202:9775] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pmdwebenterprises.com"] [uri "/admin/.git/config"] [unique_id "aZEzohZxbpqQBAmMeBFzVAAAAgQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 01:52:30 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.202 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.202 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 20:52:24.737643 2026] [security2:error] [pid 11843:tid 11843] [client 104.207.41.202:27531] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rotarymagnetics.com"] [uri "/config/.env"] [unique_id "aZEm2IDbXeaxK2hQy5uM5gAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 ISPLtd	2026-02-15 01:40:17 (3 months ago)	104.207.41.202 - - [14/Feb/2026:21:40:15 -0400] "GET /.env.production 104.207.41.202 - - [14/Feb/202 ... show more 104.207.41.202 - - [14/Feb/2026:21:40:15 -0400] "GET /.env.production 104.207.41.202 - - [14/Feb/2026:21:40:16 -0400] "GET /.env.staging ... show less	Hacking Web App Attack

Showing 1 to 15 of 157 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 147.185.132.208

🇨🇳 220.167.233.130

🇿🇦 172.253.249.212

🇺🇸 146.190.166.168

🇨🇭 104.244.79.40

🇩🇪 93.196.23.90

🇺🇸 52.54.95.127

🇺🇸 2607:f8b0:400e:c09::124

🇲🇽 186.96.145.241

🇵🇪 181.176.62.72

🇺🇸 135.237.124.174

🇸🇪 46.236.65.4

🇸🇬 43.163.90.141

🇻🇳 27.79.2.165

🇬🇧 2a06:4880:8000::a3

🇺🇸 205.210.31.78

🇩🇪 193.124.20.245

🇺🇸 188.213.202.132

🇳🇱 178.16.55.94

🇩🇪 155.117.234.80