JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.41.231

104.207.41.231 was found in our database!

This IP was reported 143 times. Confidence of Abuse is 10%: ?

10%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.41.231

Whois 104.207.41.231

IP Abuse Reports for 104.207.41.231:

This IP address has been reported a total of 143 times from 21 distinct sources. 104.207.41.231 was first reported on June 4th 2024, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 librebit	2026-05-17 03:38:17 (3 weeks ago)	Brute force	Brute-Force
🇪🇸 el-brujo	2026-05-10 11:28:02 (4 weeks ago)	Cloudflare WAF: Request Path: /.env Request Query: Host: elhacker.net userAgent: Mozilla/5.0 (iPhon ... show more Cloudflare WAF: Request Path: /.env Request Query: Host: elhacker.net userAgent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1 Action: block Source: firewallManaged ASN Description: 3xK Tech GmbH Country: US Method: GET Timestamp: 2026-05-10T11:28:02Z ruleId: 23548ee2b36547a1be09bb2c0550c529. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 03:46:30 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.231 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.231 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 17 22:46:26.278031 2026] [security2:error] [pid 21022:tid 21022] [client 104.207.41.231:49185] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "robertanders.com"] [uri "/.env.production"] [unique_id "aZU2EuVlkVsuGBLFYtDPGgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 00:47:39 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.231 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.231 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 17 19:47:34.902885 2026] [security2:error] [pid 31091:tid 31117] [client 104.207.41.231:41837] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pattinauction.com"] [uri "/v2/.git/config"] [unique_id "aZUMJlmpIVOMEZymcU1ezAAAANU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-12-31 00:58:16 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇬🇧 openstrike.co.uk	2025-12-21 12:09:21 (5 months ago)	9 packets to port 2083	Port Scan
🇳🇱 GabrielJST	2025-12-16 04:41:11 (5 months ago)	Port Scan detected from 104.207.41.231 (US/United States/-).	Port Scan
Anonymous	2025-12-01 09:15:54 (6 months ago)	botnet	DDoS Attack
🇺🇸 TPI-Abuse	2025-11-26 03:05:26 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.231 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.231 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 22:05:23.138324 2025] [security2:error] [pid 18920:tid 18920] [client 104.207.41.231:39835] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.jodstar.com"] [uri "/.git/HEAD"] [unique_id "aSZuczF87PvPlOqorwk52QAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 02:12:05 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.231 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.231 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 21:12:00.158310 2025] [security2:error] [pid 22479:tid 22479] [client 104.207.41.231:34697] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.kirklandplumbing.ca"] [uri "/.git/HEAD"] [unique_id "aSZh8NT5Mv0fQm9BCFV3iwAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 01:15:54 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.231 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.231 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 20:15:49.122667 2025] [security2:error] [pid 797:tid 862] [client 104.207.41.231:19877] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.julianositalianrestaurant.com"] [uri "/.svn/wc.db"] [unique_id "aSZUxbvbTVXiKk5sQ0YIWQAAAFg"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2025-11-25 23:01:32 (6 months ago)	Auto-ban: >3000 req/min op 2025-11-25	Hacking Web App Attack SSH
🇱🇻 garmtech.com	2025-11-25 22:30:44 (6 months ago)	Attempted access to sensitive endpoint (/.env) detected. Automated scan or unauthorized probing.	Web App Attack
🇮🇹 main.ows	2025-11-25 18:52:04 (6 months ago)	[25/Nov/2025:19:52:03.714206 +0100] aSX60lLstet7peXnuKGtxgAAAE4 104.207.41.231 36428 217.61.13.167 7 ... show more [25/Nov/2025:19:52:03.714206 +0100] aSX60lLstet7peXnuKGtxgAAAE4 104.207.41.231 36428 217.61.13.167 7080 ... show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 06:11:47 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.231 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.231 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 01:11:40.740604 2025] [security2:error] [pid 21122:tid 21122] [client 104.207.41.231:10823] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.bhsp.org"] [uri "/.env"] [unique_id "aSVInBdPV60JbH2MeCBcSQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 143 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇷 141.11.1.134

🇮🇳 125.16.27.190

🇨🇳 120.85.182.245

🇮🇳 103.55.89.5

🇺🇸 91.230.168.127

🇷🇺 89.175.252.170

🇺🇸 52.128.40.94

🇮🇳 43.241.66.87

🇸🇬 34.21.251.115

🇮🇳 14.140.218.210

🇺🇸 2602:fb54:1400::2f

🇺🇸 216.75.132.108

🇧🇷 187.0.238.73

🇨🇳 182.201.244.26

🇺🇸 150.136.214.177

🇨🇳 220.197.78.59

🇺🇸 144.172.94.169

🇺🇸 143.198.73.73

🇰🇷 122.202.250.160

🇷🇴 80.94.92.171