JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.42.106

104.207.42.106 was found in our database!

This IP was reported 149 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.42.106

Whois 104.207.42.106

IP Abuse Reports for 104.207.42.106:

This IP address has been reported a total of 149 times from 26 distinct sources. 104.207.42.106 was first reported on June 6th 2024, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 PeravixGroup	2026-05-14 08:13:48 (1 month ago)	Honeypot detection: FTP brute-force or anonymous access attempt on port 21. Severity: MEDIUM. Aaran. ... show more Honeypot detection: FTP brute-force or anonymous access attempt on port 21. Severity: MEDIUM. Aaran.cloud show less	FTP Brute-Force Brute-Force
🇬🇧 PeravixGroup	2026-05-11 10:23:54 (1 month ago)	Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severit ... show more Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇱🇻 garmtech.com	2026-04-06 21:15:29 (2 months ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 00-15.104.207.42.106.web-spamm ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 00-15.104.207.42.106.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack
🇺🇸 fbarela	2026-01-24 22:00:21 (4 months ago)	FortiGate SSL VPN login failures.	Hacking Brute-Force
🇺🇸 TPI-Abuse	2026-01-17 01:25:54 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.42.106 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.42.106 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 20:25:49.347001 2026] [security2:error] [pid 10442:tid 10442] [client 104.207.42.106:20383] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.gowithevergreen.com"] [uri "/.env"] [unique_id "aWrlHRdd7ASTeygDhTpRsgAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-12-31 01:20:27 (5 months ago)	[redacted] 104.207.42.106 - - [31/Dec/2025:02:20:21 +0100] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" " ... show more [redacted] 104.207.42.106 - - [31/Dec/2025:02:20:21 +0100] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0" [redacted] 104.207.42.106 - - [31/Dec/2025:02:20:22 +0100] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" [redacted] 104.207.42.106 - - [31/Dec/2025:02:20:23 +0100] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0" [redacted] 104.207.42.106 - - [31/Dec/2025:02:20:24 +0100] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" [redacted] 104.207.42.106 - - [31/Dec/2025:02:20:26 +0100] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleW ... show less	Hacking Web App Attack
🇮🇹 VHosting	2025-12-23 22:10:03 (5 months ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇨🇭 backslash	2025-12-18 08:40:06 (6 months ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
🇫🇷 mrcrassi	2025-12-03 16:15:31 (6 months ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (POST meth ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (POST method) Endpoint: /wp-login.php UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
Anonymous	2025-12-01 21:44:17 (6 months ago)	botnet	DDoS Attack
🇩🇪 kjaerulff	2025-12-01 20:23:33 (6 months ago)	Failed Wordpress login using wp-login.php	Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 03:52:15 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.42.106 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.42.106 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:52:06.139386 2025] [security2:error] [pid 753943:tid 753943] [client 104.207.42.106:13147] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.bestnebraskadetective.com"] [uri "/.svn/wc.db"] [unique_id "aSUn5pDtOoPa3kYxke54gQAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 03:12:23 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.42.106 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.42.106 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:12:18.872760 2025] [security2:error] [pid 12716:tid 12732] [client 104.207.42.106:23929] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.fnaandpartners.com"] [uri "/.git/HEAD"] [unique_id "aSUektFyYQkDKh-KlDQkbgAAAIY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 02:10:56 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.42.106 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.42.106 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 21:10:27.538822 2025] [security2:error] [pid 27490:tid 27490] [client 104.207.42.106:23323] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.dougallbaillie.com"] [uri "/.svn/wc.db"] [unique_id "aSUQEz3DcHC8i9ziokhdhwAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 00:14:56 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.42.106 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.42.106 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 19:14:49.272496 2025] [security2:error] [pid 18808:tid 18808] [client 104.207.42.106:9187] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.thn.bz"] [uri "/.svn/wc.db"] [unique_id "aST0-bvu5NDZ8UcJyzdEeQAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 149 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇪 170.168.240.187

🇮🇳 125.20.210.182

🇳🇱 91.92.40.11

🇨🇳 27.24.141.111

🇺🇸 20.98.164.209

🇺🇸 172.217.46.151

🇻🇳 171.243.62.6

🇺🇸 150.107.38.202

🇬🇧 139.59.191.160

🇵🇰 119.73.107.42

🇺🇸 67.220.64.66

🇳🇱 45.156.87.119

🇺🇸 20.163.15.238

🇪🇸 194.146.92.151

🇺🇸 173.255.223.103

🇳🇱 109.236.86.20

🇩🇪 104.28.193.116

🇨🇳 49.234.207.151

🇱🇹 45.227.254.170

🇧🇩 43.250.81.203