JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.234.32.80

104.234.32.80 was found in our database!

This IP was reported 65 times. Confidence of Abuse is 33%: ?

33%

ISP	AS206092 Internet Utilities Europe and Asia Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	abuseradar.com
Country	🇺🇸 United States of America
City	Chicago, Illinois

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.234.32.80

Whois 104.234.32.80

IP Abuse Reports for 104.234.32.80:

This IP address has been reported a total of 65 times from 44 distinct sources. 104.234.32.80 was first reported on September 27th 2024, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 integrantservices.com	2026-06-05 22:48:35 (2 days ago)	(wordpress) Failed wordpress login from 104.234.32.80 (US/United States/-)	Brute-Force
🇺🇸 nyt	2026-05-23 04:39:58 (2 weeks ago)	Repeated WordPress login POSTs blocked by WAF (3 in 6h)	Brute-Force Web App Attack
🇩🇪 Oakley	2026-05-23 03:12:53 (2 weeks ago)	(confirmed_bot_sig) Confirmed bot	Hacking
🇺🇸 TPI-Abuse	2026-04-27 03:43:20 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 104.234.32.80 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.234.32.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 26 23:43:14.128780 2026] [security2:error] [pid 15160:tid 15160] [client 104.234.32.80:46705] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.mathewsdental.com"] [uri "/.env.original"] [unique_id "ae7bUhNbyMR2Od3shasb5gAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-27 02:58:40 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 104.234.32.80 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.234.32.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 26 22:58:32.641346 2026] [security2:error] [pid 15520:tid 15639] [client 104.234.32.80:25701] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "unitedonegroup.com"] [uri "/.env.old"] [unique_id "ae7Q2Gm2_2j4UemuGNHsQAAAAdU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-27 02:38:32 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 104.234.32.80 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.234.32.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 26 22:38:21.462849 2026] [security2:error] [pid 6620:tid 6620] [client 104.234.32.80:60553] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "southtncardio.com"] [uri "/.env.copy"] [unique_id "ae7MHeW7GsY8k4rEElTKEQAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-27 01:18:53 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 104.234.32.80 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.234.32.80 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 26 21:18:42.691542 2026] [security2:error] [pid 27485:tid 27485] [client 104.234.32.80:64673] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.nancyscafeandcatering.com"] [uri "/.env.old"] [unique_id "ae65cr0u0hMViF-PKnpgzAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 raph	2026-04-27 00:32:43 (1 month ago)	[DOT FILES] crawler .env, .git, .config, etc.	Bad Web Bot Web App Attack
🇬🇧 CrystalMaker	2026-04-27 00:24:35 (1 month ago)	PHP vulnerability scan - GET /config.php.bak	Web App Attack
🇧🇪 voormedia	2026-04-26 23:58:01 (1 month ago)	Accessed trap at '/.env'	Web App Attack
🇫🇮 misfit	2026-04-13 15:33:00 (1 month ago)	Web scan (4 x 404). Org: AS206092 F.N.S. HOLDINGS LIMITED, Chicago, US.	Brute-Force Web App Attack SSH
Anonymous	2026-04-10 22:41:48 (1 month ago)	2026-04-10T22:41:48.256004+00:00 caddy caddy[81692]: {"level":"info","ts":1775860908.255847,"logger" ... show more 2026-04-10T22:41:48.256004+00:00 caddy caddy[81692]: {"level":"info","ts":1775860908.255847,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"104.234.32.80","remote_port":"26439","client_ip":"104.234.32.80","proto":"HTTP/1.1","method":"GET","host":"142.132.232.19","uri":"/.DS_Store","headers":{"Accept":["/"],"Connection":["keep-alive"],"User-Agent":["python-requests/2.32.4"],"Accept-Encoding":["gzip, deflate"]}},"bytes_read":0,"user_id":"","duration":0.000073841,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://142.132.232.19/.DS_Store"],"Content-Type":[]}} ... show less	Hacking Web App Attack
🇩🇪 big-cloud.nl	2026-04-10 13:50:32 (1 month ago)	Try to access /enviroments/.env	Web App Attack
Anonymous	2026-04-09 20:11:08 (1 month ago)	104.234.32.80 - - [09/Apr/2026:22:11:07 +0200] "GET /back/.env HTTP/1.1" 301 169 "-" "Mozilla/5.0 (W ... show more 104.234.32.80 - - [09/Apr/2026:22:11:07 +0200] "GET /back/.env HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" show less	Web App Attack
🇩🇪 georgengelmann	2026-03-30 10:38:13 (2 months ago)	Failed login attempt for yanz@123457	Brute-Force Web App Attack

Showing 1 to 15 of 65 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 64.62.156.146

🇨🇳 220.202.112.177

🇧🇷 187.120.73.79

🇺🇸 185.92.182.129

🇧🇷 177.101.0.11

🇻🇳 165.154.137.186

🇺🇸 107.173.197.132

🇺🇸 47.77.229.178

🇩🇪 193.124.20.227

🇧🇷 189.36.251.188

🇵🇭 158.62.6.22

🇳🇱 104.28.163.192

🇮🇳 103.44.136.115

🇵🇰 45.194.15.168

🇺🇸 34.170.121.237

🇻🇳 14.187.11.175

🇭🇰 199.45.155.72

🇶🇦 176.202.63.144

🇳🇱 176.65.139.140

🇻🇳 171.244.143.209