JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.41.238

104.207.41.238 was found in our database!

This IP was reported 147 times. Confidence of Abuse is 23%: ?

23%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.41.238

Whois 104.207.41.238

IP Abuse Reports for 104.207.41.238:

This IP address has been reported a total of 147 times from 17 distinct sources. 104.207.41.238 was first reported on June 4th 2024, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 Jason Howell	2026-06-16 03:23:57 (1 day ago)	104.207.41.238 - - [15/Jun/2026:21:13:34 -0500] "POST /wp-login.php HTTP/1.1" 200 6312 "https://tatp ... show more 104.207.41.238 - - [15/Jun/2026:21:13:34 -0500] "POST /wp-login.php HTTP/1.1" 200 6312 "https://tatpl-traffic.com/wp-login.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" 104.207.41.238 - - [15/Jun/2026:21:37:32 -0500] "GET /wp-login.php HTTP/1.1" 200 5919 "https://www.google.com" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" 104.207.41.238 - - [15/Jun/2026:21:37:33 -0500] "POST /wp-login.php HTTP/1.1" 200 6310 "https://tatpl-traffic.com/wp-login.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" 104.207.41.238 - - [15/Jun/2026:22:23:52 -0500] "GET /wp-login.php HTTP/1.1" 200 5919 "https://www.google.com" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" 104.207.41.238 - - [15/Jun/2026:22:23:56 -0500] "POST /wp-login.php HTTP/1.1" 200 6295 "https://tatpl-traf ... show less	Web App Attack
🇨🇭 4server	2026-05-21 09:37:23 (3 weeks ago)	[ThuMay2111:37:16.4809702026][security2:error][pid3310419:tid3310443][client104.207.41.238:0]ModSecu ... show more [ThuMay2111:37:16.4809702026][security2:error][pid3310419:tid3310443][client104.207.41.238:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"www.cybertelgroup.com\"][uri\"/\"][unique_id\"ag7STDaotVFcmL22qy7NVQAAABY\"] show less	Hacking Web App Attack
🇩🇪 big-cloud.nl	2026-05-11 17:01:09 (1 month ago)	Try to access /.aws/credentials	Web App Attack
🇺🇸 knock	2026-04-30 20:27:16 (1 month ago)	Knock-Knock honeypot brute-force: proto8 (1 total hits)	Brute-Force
🇺🇸 TPI-Abuse	2026-04-28 13:42:17 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 104.207.41.238 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 104.207.41.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 28 09:42:09.801596 2026] [security2:error] [pid 26215:tid 26215] [client 104.207.41.238:16365] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|puckerbikinis.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "puckerbikinis.com"] [uri "/s3cmd.ini"] [unique_id "afC5MfZqvVMR442Z5yhr1AAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2026-04-20 18:22:57 (1 month ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 21-22.104.207.41.238.web-spamm ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 21-22.104.207.41.238.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack
Anonymous	2026-04-02 10:22:02 (2 months ago)	Forum/form spam	Web Spam
🇺🇸 TPI-Abuse	2026-03-05 08:14:42 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.238 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 05 03:14:35.932769 2026] [security2:error] [pid 5953:tid 6046] [client 104.207.41.238:26693] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.howardhallis.com"] [uri "/.git/objects/77/ddb4d888043c1600bf392f95699c3880c27e5e"] [unique_id "aak7a-9_LUubsM0EwzyOoQAAAdY"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 [email protected]	2026-03-04 00:27:27 (3 months ago)	104.207.41.238 - - [04/Mar/2026:00:26:25 +0000] "GET /.git/objects/ab/bc392e7e55273223257370c6f28ed3 ... show more 104.207.41.238 - - [04/Mar/2026:00:26:25 +0000] "GET /.git/objects/ab/bc392e7e55273223257370c6f28ed392357cdb HTTP/1.1" 404 332 "http://academy.scotland-excel.org.uk/.git/objects/ab/bc392e7e55273223257370c6f28ed392357cdb" "Go-http-client/1.1" 104.207.41.238 - - [04/Mar/2026:00:27:07 +0000] "GET /.git/objects/83/29fd94b02bfa3767f057bfacb4aed8fa21054f HTTP/1.1" 404 332 "http://academy.scotland-excel.org.uk/.git/objects/83/29fd94b02bfa3767f057bfacb4aed8fa21054f" "Go-http-client/1.1" 104.207.41.238 - - [04/Mar/2026:00:27:26 +0000] "GET /.git/objects/3c/8cfe293c09599865775a15273e0c435e9fb7e4 HTTP/1.1" 404 332 "http://academy.scotland-excel.org.uk/.git/objects/3c/8cfe293c09599865775a15273e0c435e9fb7e4" "Go-http-client/1.1" ... show less	Web App Attack
🇫🇷 mrcrassi	2026-02-15 07:07:45 (4 months ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (POST meth ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (POST method) Endpoint: /wp-login.php UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-02-11 17:14:26 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.238 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 11 12:14:20.868987 2026] [security2:error] [pid 21595:tid 21595] [client 104.207.41.238:46307] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aquatech-ind.com"] [uri "/v2/.git/config"] [unique_id "aYy47CsfgVGdoOou3oZyrgAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-10 05:37:23 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.238 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 10 00:37:19.915673 2026] [security2:error] [pid 12843:tid 12871] [client 104.207.41.238:43087] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "koalacogs.com"] [uri "/.git/config"] [unique_id "aYrED_A-0hoRFyiKDvyuaAAAARA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 big-cloud.nl	2026-02-10 04:42:29 (4 months ago)	Try to access /app/.env	Web App Attack
🇬🇧 myintarweb	2026-02-10 02:53:01 (4 months ago)	104.207.41.238 - - [10/Feb/2026:02:53:00 +0000] 80 "GET /.env HTTP/1.1" 301 1633 "-" "Mozilla/5.0 (W ... show more 104.207.41.238 - - [10/Feb/2026:02:53:00 +0000] 80 "GET /.env HTTP/1.1" 301 1633 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" ... show less	Hacking Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-10 00:48:42 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.238 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 19:48:34.339915 2026] [security2:error] [pid 2644:tid 2644] [client 104.207.41.238:20343] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "keystonebrass.com"] [uri "/admin/.env"] [unique_id "aYqAYhMUo-lFYWoHv98v1QAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 147 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 195.184.76.218

🇺🇸 191.102.174.130

🇮🇳 182.95.233.86

🇺🇸 172.214.209.153

🇰🇷 112.175.29.94

🇱🇹 81.30.98.158

🇵🇱 74.248.112.30

🇨🇳 27.153.157.138

🇬🇧 167.71.136.93

🇫🇷 64.204.13.251

🇨🇳 36.133.208.182

🇸🇬 34.126.128.245

🇧🇪 34.76.107.251

🇺🇸 34.58.169.33

🇺🇸 170.130.187.18

🇨🇳 47.98.173.211

🇺🇸 38.34.175.146

🇺🇸 216.25.89.114

🇲🇰 188.44.20.24

🇻🇳 171.244.37.97