JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.41.5

104.207.41.5 was found in our database!

This IP was reported 88 times. Confidence of Abuse is 1%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.41.5

Whois 104.207.41.5

IP Abuse Reports for 104.207.41.5:

This IP address has been reported a total of 88 times from 20 distinct sources. 104.207.41.5 was first reported on June 13th 2024, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 PeravixGroup	2026-05-14 08:11:54 (3 weeks ago)	Honeypot detection: FTP brute-force or anonymous access attempt on port 21. Severity: MEDIUM. Aaran. ... show more Honeypot detection: FTP brute-force or anonymous access attempt on port 21. Severity: MEDIUM. Aaran.cloud show less	FTP Brute-Force Brute-Force
🇺🇸 TPI-Abuse	2026-01-21 13:36:44 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.5 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.5 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 21 08:36:36.854719 2026] [security2:error] [pid 8913:tid 8913] [client 104.207.41.5:19567] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "exners.com"] [uri "/.svn/wc.db"] [unique_id "aXDWZMmqRsWBi8FK7XOZlAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-21 10:30:25 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.5 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.5 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 21 05:30:17.895329 2026] [security2:error] [pid 15189:tid 15189] [client 104.207.41.5:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "antitribu.com"] [uri "/.env"] [unique_id "aXCqubN1XSB1GOpPz7qcsgAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-20 23:06:33 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.5 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.5 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 20 18:06:27.552192 2026] [security2:error] [pid 18624:tid 18624] [client 104.207.41.5:39023] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "diuana.com"] [uri "/.env"] [unique_id "aXAKczfDQC_cVwSCEohXlAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 backslash	2026-01-20 06:05:03 (4 months ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
🇺🇸 mashamal	2026-01-10 10:09:57 (4 months ago)	Vulnerability Probe ...	Web App Attack
🇺🇸 TPI-Abuse	2026-01-08 12:26:33 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.5 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.5 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 08 07:26:29.604777 2026] [security2:error] [pid 29481:tid 29481] [client 104.207.41.5:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cloudex.click"] [uri "/.svn/wc.db"] [unique_id "aV-idaDGZPtJEdHGdesHGQAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 000rosiu	2026-01-07 20:55:26 (5 months ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK ASN: 200373 (DREI-K-TECH-GMBH ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK ASN: 200373 (DREI-K-TECH-GMBH) Protocol: HTTP/1.1 (GET method) Endpoint: /.env Timestamp: 2026-01-07T20:52:59Z Ray ID: 9ba657909c8dd6dc UA: Mozilla/5.0 (iPhone; CPU iPhone OS 17_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1 Report generated by Cloudflare-WAF-To-AbuseIPDB: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇮🇹 VHosting	2026-01-02 12:45:14 (5 months ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
Anonymous	2025-12-30 08:26:44 (5 months ago)	"GET /.git/HEAD HTTP/1.1"	Hacking Web App Attack
Anonymous	2025-12-11 04:48:37 (5 months ago)	botnet	DDoS Attack
Anonymous	2025-11-14 01:48:52 (6 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
🇳🇿 billyborsht	2025-10-27 06:12:25 (7 months ago)	2025-10-27T19:12:24.954940+13:00 southern wordpress(leanpolicy.org)[486968]: Authentication attempt ... show more 2025-10-27T19:12:24.954940+13:00 southern wordpress(leanpolicy.org)[486968]: Authentication attempt for unknown user leanpolicy.org from 104.207.41.5 ... show less	Hacking Web App Attack
Anonymous	2025-10-17 18:46:41 (7 months ago)	2025-10-17T20:46:39.801210 localhost.localdomain sshd[708873]: Failed password for root from 104.207 ... show more 2025-10-17T20:46:39.801210 localhost.localdomain sshd[708873]: Failed password for root from 104.207.41.5 port 38261 ssh2 2025-10-17T20:46:40.756880 localhost.localdomain sshd[708873]: Connection closed by authenticating user root 104.207.41.5 port 38261 [preauth] ... show less	Brute-Force SSH
Anonymous	2025-10-17 14:12:20 (7 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack

Showing 1 to 15 of 88 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇻🇳 118.71.17.12

🇮🇳 103.67.152.201

🇵🇰 36.255.33.159

🇧🇪 34.38.143.207

🇹🇷 2a09:bac1:72a0:f00::150:e5

🇻🇳 171.251.234.152

🇧🇩 103.171.69.87

🇻🇳 103.75.183.177

🇷🇺 89.204.93.93

🇳🇱 81.19.216.68

🇷🇺 46.165.56.242

🇳🇱 45.86.200.26

🇮🇳 188.241.62.83

🇺🇸 165.227.62.247

🇻🇳 123.20.138.216

🇺🇸 113.20.0.58

🇺🇸 64.62.197.107

🇹🇭 49.231.192.36

🇪🇨 45.239.48.125

🇺🇸 2607:f8b0:4001:c13::122