JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.42.19

104.207.42.19 was found in our database!

This IP was reported 105 times. Confidence of Abuse is 42%: ?

42%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.42.19

Whois 104.207.42.19

IP Abuse Reports for 104.207.42.19:

This IP address has been reported a total of 105 times from 26 distinct sources. 104.207.42.19 was first reported on June 12th 2024, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-06-01 21:59:03 (4 days ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-31. show less	Web App Attack SSH Hacking
Anonymous	2026-05-31 00:19:03 (6 days ago)	Bot / scanning and/or hacking attempts: GET /.git/config HTTP/1.1	Hacking Web App Attack
🇺🇸 mnsf	2026-05-31 00:05:42 (6 days ago)	Abuse Detected (1)	Brute-Force Web App Attack
🇳🇱 wlt-blocker	2026-05-30 23:03:56 (6 days ago)	Unauthorized access to webpage admin	Web App Attack
🇬🇧 pinguin	2026-05-30 22:47:15 (6 days ago)	Triggered Cloudflare WAF (firewallManaged) from US. Action taken: LOG Protocol: HTTP/1.1 (GET method ... show more Triggered Cloudflare WAF (firewallManaged) from US. Action taken: LOG Protocol: HTTP/1.1 (GET method) Endpoint: /.git/config UA: Mozilla/4.0 (PSP (PlayStation Portable); 2.00) This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇧🇪 cmbplf	2026-05-27 13:34:49 (1 week ago)	1.656 POST requests with url.path */wp-login.php	Brute-Force Bad Web Bot
🇯🇵 beon	2026-05-19 23:15:46 (2 weeks ago)	[DateTime=>2026-05-19T23:15:46Z (UTC)] , [404target=>/s3cmd.ini] , [total_Hit=>once] , [Keyword=>PHP ... show more [DateTime=>2026-05-19T23:15:46Z (UTC)] , [404target=>/s3cmd.ini] , [total_Hit=>once] , [Keyword=>PHP web shells] show less	Bad Web Bot Web App Attack
🇦🇺 RedBear IT	2026-03-26 10:00:37 (2 months ago)	"DDoS against public endpoint"	DDoS Attack
🇫🇷 tilellit.pro	2026-02-16 03:51:01 (3 months ago)	Fail2Ban banned 104.207.42.19 for security violations in jail wp-armour. Log: 2026/02/16 03:51:00 [e ... show more Fail2Ban banned 104.207.42.19 for security violations in jail wp-armour. Log: 2026/02/16 03:51:00 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 104.207.42.19 \| Target: wplogin" , client: 104.207.42.19, server: [REDACTED], request: "POST /wp-login.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED], referrer: "https://comerciogallego.es/wp-login.php" ... show less	Web Spam
Anonymous	2025-12-10 23:59:52 (5 months ago)	botnet	DDoS Attack
🇺🇸 TPI-Abuse	2025-11-26 06:13:22 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.42.19 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.42.19 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 01:13:13.032258 2025] [security2:error] [pid 13869:tid 13869] [client 104.207.42.19:48223] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gcigmbhcom.awani-partners.com"] [uri "/.svn/wc.db"] [unique_id "aSaaeRhhDxk-ZFDUNbDSsAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 05:49:11 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.42.19 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.42.19 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 00:49:05.175043 2025] [security2:error] [pid 3797:tid 3797] [client 104.207.42.19:23953] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.onlinebargainsuperstore.com"] [uri "/.svn/wc.db"] [unique_id "aSaU0RNZi8xbyV54GLERtgAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 02:07:12 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.42.19 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.42.19 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 21:07:08.378906 2025] [security2:error] [pid 32088:tid 32088] [client 104.207.42.19:34729] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.aliamus.com"] [uri "/.git/HEAD"] [unique_id "aSZgzIidnCNQ2LsUeATxUAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 01:18:06 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.42.19 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.42.19 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 20:17:58.583522 2025] [security2:error] [pid 885:tid 885] [client 104.207.42.19:9489] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.trailofcrumbs.com"] [uri "/.svn/wc.db"] [unique_id "aSZVRsDNtzYtqM8o-8q5SwAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 05:57:50 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.42.19 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.42.19 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 00:57:34.121441 2025] [security2:error] [pid 13873:tid 13873] [client 104.207.42.19:19877] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.stitchguild.com"] [uri "/.git/HEAD"] [unique_id "aSPzzqBO0tl_w42IyOCWEQAAABM"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 105 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 176.65.139.56

🇺🇸 137.184.217.238

🇺🇸 20.64.104.79

🇮🇳 117.213.202.34

🇺🇸 104.210.140.131

🇺🇸 91.230.168.125

🇺🇸 54.162.56.149

🇺🇸 35.188.174.36

🇹🇿 196.46.97.156

🇯🇵 138.2.38.49

🇺🇸 54.174.244.202

🇳🇱 45.148.10.121

🇲🇽 38.22.170.10

🇺🇸 20.65.193.176

🇵🇪 200.126.54.98

🇲🇽 187.190.35.163

🇸🇬 165.245.178.66

🇺🇸 104.210.140.129

🇮🇩 103.153.63.201

🇨🇦 99.240.219.1