JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.43.189

104.207.43.189 was found in our database!

This IP was reported 135 times. Confidence of Abuse is 9%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.43.189

Whois 104.207.43.189

IP Abuse Reports for 104.207.43.189:

This IP address has been reported a total of 135 times from 17 distinct sources. 104.207.43.189 was first reported on June 5th 2024, and the most recent report was 4 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 4 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 PeravixGroup	2026-05-13 04:33:30 (4 weeks ago)	Honeypot detection: Elasticsearch unauthorized access / data leak attempt on port 9200. Severity: ME ... show more Honeypot detection: Elasticsearch unauthorized access / data leak attempt on port 9200. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇨🇭 4server	2026-05-12 18:09:05 (1 month ago)	[TueMay1220:08:59.1080972026][security2:error][pid2870990:tid2871175][client104.207.43.189:0]ModSecu ... show more [TueMay1220:08:59.1080972026][security2:error][pid2870990:tid2871175][client104.207.43.189:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"hosting-ticino-svizzera.ch\"][uri\"/.aws/credentials\"][unique_id\"agNsu-5LObcKq0OkX8TZIgAAAFM\"] show less	Hacking Web App Attack
🇩🇪 4server	2026-05-12 17:39:59 (1 month ago)	[TueMay1219:39:54.7959942026][security2:error][pid379599:tid379639][client104.207.43.189:0]ModSecuri ... show more [TueMay1219:39:54.7959942026][security2:error][pid379599:tid379639][client104.207.43.189:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"farmaciaferrari.ch\"][uri\"/.git/HEAD\"][unique_id\"agNl6rht5Aj9-hCnblC8wgAAAEM\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 fbarela	2026-01-25 04:01:48 (4 months ago)	FortiGate SSL VPN login failures.	Hacking Brute-Force
🇩🇪 Packets-Decreaser.NET	2025-11-30 13:09:59 (6 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-11-24 07:16:58 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.43.189 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.43.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 02:16:50.235783 2025] [security2:error] [pid 12715:tid 12715] [client 104.207.43.189:53825] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.gisresults.com"] [uri "/.svn/wc.db"] [unique_id "aSQGYsTO4XGjFsoky7T2QgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-15 11:31:48 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 104.207.43.189 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 104.207.43.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 15 06:31:42.008045 2025] [security2:error] [pid 13539:tid 13539] [client 104.207.43.189:49173] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.rphenry.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.rphenry.com"] [uri "/s3cmd.ini"] [unique_id "aRhknoWk15Sg_XxDVpY-6AAAACE"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 wil.com	2025-10-15 16:29:23 (7 months ago)	GlobalProtect login attempts with user hlear.	VPN IP Brute-Force
🇬🇧 D3monite	2025-10-08 16:31:12 (8 months ago)	Attempted Brute Force (cpaneld)	Brute-Force
Anonymous	2025-10-04 10:30:45 (8 months ago)	Attempted brute force login to web vpn 25 time(s); last attempt for 2025.10.04 is noted in report ti ... show more Attempted brute force login to web vpn 25 time(s); last attempt for 2025.10.04 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-10-03 12:12:42 (8 months ago)	Attempted brute force login to web vpn 2 time(s); last attempt for 2025.10.03 is noted in report tim ... show more Attempted brute force login to web vpn 2 time(s); last attempt for 2025.10.03 is noted in report timestamp show less	Hacking Brute-Force
🇬🇧 Nick Lewis	2025-10-02 08:50:08 (8 months ago)	104.207.43.189 (KR/South Korea/-), 5 distributed sshd attacks on account [redacted]	Brute-Force SSH
Anonymous	2025-09-30 07:13:59 (8 months ago)	Attempted brute force login to web vpn 1 time(s); last attempt for 2025.09.30 is noted in report tim ... show more Attempted brute force login to web vpn 1 time(s); last attempt for 2025.09.30 is noted in report timestamp show less	Hacking Brute-Force
🇧🇷 hostseries	2025-09-30 01:15:19 (8 months ago)	Trigger: LF_DISTATTACK	Brute-Force
🇺🇸 hostseries	2025-09-27 11:16:37 (8 months ago)	Trigger: LF_DISTATTACK	Brute-Force

Showing 1 to 15 of 135 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 15.204.211.98

🇨🇳 223.150.176.137

🇫🇮 147.185.133.225

🇷🇴 92.118.39.214

🇫🇮 87.120.107.170

🇱🇹 77.90.185.16

🇳🇱 51.158.205.47

🇺🇸 44.254.194.48

🇹🇼 198.235.24.103

🇸🇬 194.5.82.161

🇺🇸 178.128.144.168

🇺🇸 147.185.132.249

🇹🇭 134.236.124.190

🇺🇸 52.161.201.88

🇩🇪 51.75.149.221

🇧🇷 45.174.235.102

🇨🇳 223.73.144.97

🇺🇦 176.120.39.28

🇺🇸 172.178.119.19

🇩🇪 167.94.146.70