JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.41.66

104.207.41.66 was found in our database!

This IP was reported 161 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.41.66

Whois 104.207.41.66

IP Abuse Reports for 104.207.41.66:

This IP address has been reported a total of 161 times from 21 distinct sources. 104.207.41.66 was first reported on June 6th 2024, and the most recent report was 3 months ago.

Old Reports: The most recent abuse report for this IP address is from 3 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇹🇷 rtbh.com.tr	2026-02-25 20:11:49 (3 months ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
🇹🇷 rtbh.com.tr	2026-02-24 20:11:44 (3 months ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
🇺🇸 TPI-Abuse	2026-02-20 15:39:53 (3 months ago)	(mod_security) mod_security (id:225170) triggered by 104.207.41.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 104.207.41.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 20 10:39:48.289003 2026] [security2:error] [pid 17685:tid 17685] [client 104.207.41.66:22409] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|radiointernational.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "radiointernational.net"] [uri "/wp-json/wp/v2/users"] [unique_id "aZiARO1Gv9B7-W2XWjstUQAAAAw"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-19 04:45:19 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 23:45:12.407637 2026] [security2:error] [pid 22455:tid 22455] [client 104.207.41.66:27423] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kofcasamblea442.org"] [uri "/api/.env"] [unique_id "aZaVWJZidaC4LGIlavEIOAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Baking333	2026-02-19 04:07:50 (3 months ago)	[redacted] 104.207.41.66 - - [19/Feb/2026:05:07:49 +0100] "GET /.[redacted] HTTP/1.1" 302 5273 0/402 ... show more [redacted] 104.207.41.66 - - [19/Feb/2026:05:07:49 +0100] "GET /.[redacted] HTTP/1.1" 302 5273 0/40231 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" [redacted] 104.207.41.66 - - [19/Feb/2026:05:07:49 +0100] "GET /api/.env HTTP/1.1" 302 1576 0/38832 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-19 03:13:42 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 22:13:36.866489 2026] [security2:error] [pid 16642:tid 16650] [client 104.207.41.66:55009] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.com"] [uri "/.git/config"] [unique_id "aZZ_4HacsSfoPZBQxAMHsQAAAEQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 poundawebsiteltd	2026-02-19 02:10:26 (3 months ago)	Web App Attack (ModSecurity Block). Evidence: [REDACTED_DOMAIN]:80 104.207.41.66 - - [19/Feb/2026:02 ... show more Web App Attack (ModSecurity Block). Evidence: [REDACTED_DOMAIN]:80 104.207.41.66 - - [19/Feb/2026:02:10:23 +0000] GET /v2/.git/config HTTP/1.1 403 214 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 show less	Web App Attack
🇮🇩 Burayot	2026-02-19 00:04:37 (3 months ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 104.207.41.66 (US/United States/-): ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 104.207.41.66 (US/United States/-): 1 in the last 3600 secs show less	Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 23:06:08 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 18:06:01.485669 2026] [security2:error] [pid 14121:tid 14257] [client 104.207.41.66:56971] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "velatorioslucenses.com"] [uri "/.env.production"] [unique_id "aZZF2SBz6hLu1EMeLix9rQAAAJY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-02-18 21:18:10 (3 months ago)	Fuzzing/Looking for credentials files.	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 20:15:18 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 15:15:12.053598 2026] [security2:error] [pid 32458:tid 32458] [client 104.207.41.66:10061] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "transparentforest.com"] [uri "/wp/.git/config"] [unique_id "aZYd0MeUOYp2Ar1xMueUmwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-02-18 19:43:02 (3 months ago)	Bot / scanning and/or hacking attempts: GET /.env.production HTTP/1.1, GET /config/.env HTTP/1.1, GE ... show more Bot / scanning and/or hacking attempts: GET /.env.production HTTP/1.1, GET /config/.env HTTP/1.1, GET /wp/.git/config HTTP/1.1, GET /backup/.git/config HTTP/1.1, GET /.env.local HTTP/1.1, GET /backend/.env HTTP/1.1, GET /new/.git/config HTTP/1.1, GET /site/.git/config HTTP/1.1, GET /admin/.git/config HTTP/1.1, GET /frontend/.env HTTP/1.1, GET /dev/.git/config HTTP/1.1, GET /v2/.git/config HTTP/1.1, GET /.env.save HTTP/1.1, GET /admin/.env HTTP/1.1, GET /test/.git/config HTTP/1.1, GET /.git/config HTTP/1.1, GET /api/.git/config HTTP/1.1, GET /.aws/credentials HTTP/1.1, GET /app/.env HTTP/1.1, GET /app/.git/config HTTP/1.1 show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 18:50:35 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 13:50:29.835837 2026] [security2:error] [pid 3322:tid 3322] [client 104.207.41.66:47163] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "threewillowsfarm.com"] [uri "/admin/.env"] [unique_id "aZYJ9flDTxmHDnZNRewm6wAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 iNetWorker	2026-02-18 13:30:23 (3 months ago)	trolling for resource vulnerabilities	Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 12:20:41 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.41.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.41.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 07:20:37.379529 2026] [security2:error] [pid 18894:tid 18894] [client 104.207.41.66:39345] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "weavergroup.us"] [uri "/.env.production"] [unique_id "aZWulcwwb1Mvt994BMGtSwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 161 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 185.223.235.51

🇺🇸 162.216.150.60

🇺🇸 162.216.149.170

🇺🇸 24.144.94.172

🇰🇷 218.156.93.202

🇷🇺 178.178.194.136

🇺🇸 159.65.65.144

🇮🇳 125.23.183.142

🇰🇷 112.162.18.150

🇳🇱 91.92.243.238

🇬🇧 82.32.162.214

🇱🇹 81.30.98.158

🇮🇪 80.233.77.136

🇺🇸 64.23.183.80

🇩🇪 46.101.137.127

🇳🇱 5.61.209.224

🇹🇷 5.11.135.25

🇬🇧 138.68.166.30

🇸🇬 138.2.98.41

🇨🇳 111.198.53.188