JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.51.203

104.207.51.203 was found in our database!

This IP was reported 146 times. Confidence of Abuse is 15%: ?

15%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.51.203

Whois 104.207.51.203

IP Abuse Reports for 104.207.51.203:

This IP address has been reported a total of 146 times from 24 distinct sources. 104.207.51.203 was first reported on June 18th 2024, and the most recent report was 14 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇩 zam	2026-06-11 20:08:51 (14 hours ago)	104.207.51.203 - - [11/Jun/2026:20:08:22 +0000] "POST /wp-login.php HTTP/1.1" 301 277	Web App Attack
🇨🇭 4server	2026-06-09 21:45:03 (2 days ago)	[TueJun0923:44:56.3278172026][security2:error][pid3048656:tid3048915][client104.207.51.203:0]ModSecu ... show more [TueJun0923:44:56.3278172026][security2:error][pid3048656:tid3048915][client104.207.51.203:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"367\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"support-ticino.ch\"][uri\"/xmlrpc.php\"][unique_id\"aiiJWCwk8C5c4uqiZCP3iAAAAQ4\"]\,referer:https://www.facebook.com/ show less	Hacking Web App Attack
🇳🇱 jjnxpct	2026-02-16 04:54:52 (3 months ago)	Automated security incident from hosting server. ModSecurity blocked suspicious request targeting UR ... show more Automated security incident from hosting server. ModSecurity blocked suspicious request targeting URI: /dev/.git/config (Rule ID: 930130) - Restricted File Access Attempt show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 12:33:03 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.51.203 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.51.203 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 07:32:57.779746 2026] [security2:error] [pid 10120:tid 10120] [client 104.207.51.203:39969] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "partnersforaccess.net"] [uri "/frontend/.env"] [unique_id "aZG8-ZHo5I3D-y510iEp2AAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇴 INTEQ	2026-02-15 11:48:47 (3 months ago)	Web attack from 104.207.51.203	Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 11:47:48 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.51.203 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.51.203 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 06:47:41.060795 2026] [security2:error] [pid 1862:tid 1862] [client 104.207.51.203:19869] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "paguilar.com"] [uri "/api/.env"] [unique_id "aZGyXSvg0qh2w-3pxVkowgAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Swiptly	2026-02-15 06:37:18 (3 months ago)	Bot scanning for environment files .env .env/\* ...	Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 06:26:29 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.51.203 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.51.203 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 01:26:20.582305 2026] [security2:error] [pid 15026:tid 15026] [client 104.207.51.203:60351] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "scoretopicturenetwork.com"] [uri "/.env"] [unique_id "aZFnDPcbQiLsGdC0yhPKxAAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-02-15 06:06:48 (3 months ago)	Scanning/Probing (11)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 05:20:40 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.51.203 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.51.203 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 00:20:34.273569 2026] [security2:error] [pid 22629:tid 22635] [client 104.207.51.203:31683] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "princesscastlebunkbed.com"] [uri "/admin/.git/config"] [unique_id "aZFXogJ9g84SRFWq5rKDyAAAAME"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 Origon	2026-02-15 05:11:40 (3 months ago)	http-sensitive-files - IP: 104.207.51.203 - time="2026-02-15T06:11:40+01:00" level=info msg="(555f6 ... show more http-sensitive-files - IP: 104.207.51.203 - time="2026-02-15T06:11:40+01:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-sensitive-files by ip 104.207.51.203 (GB/200373) : 4h ban on Ip 104.207.51.203" module=db show less	Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 05:03:29 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.51.203 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.51.203 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 00:03:22.739892 2026] [security2:error] [pid 886286:tid 886286] [client 104.207.51.203:50269] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sargentandco.com"] [uri "/api/.git/config"] [unique_id "aZFTmt3_B7vrTjx6jp3HbgAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 04:32:12 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.51.203 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.51.203 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 23:32:06.448559 2026] [security2:error] [pid 1326320:tid 1326320] [client 104.207.51.203:47487] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nutandboltguy.com"] [uri "/backend/.env"] [unique_id "aZFMRrZPvwJ1m1c8VYzVLAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 04:07:59 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.51.203 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.51.203 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 23:07:51.381360 2026] [security2:error] [pid 314087:tid 314101] [client 104.207.51.203:49419] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "salvoni.com"] [uri "/.env.local"] [unique_id "aZFGl-YxiADdM-D-ZqVJ4gAAAEs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 02:29:19 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.51.203 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.51.203 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 21:29:09.556936 2026] [security2:error] [pid 2171:tid 2296] [client 104.207.51.203:31471] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nextlevelpsych.com"] [uri "/api/.env"] [unique_id "aZEvdRdun7oDywmMCK4Q5AAAAQ8"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 146 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.56

🇱🇾 165.16.39.207

🇫🇮 147.185.133.92

🇪🇸 93.176.176.72

🇺🇸 66.132.172.145

🇰🇷 59.12.160.91

🇧🇷 205.210.31.169

🇺🇿 195.158.14.232

🇲🇽 187.141.71.166

🇮🇩 180.243.252.155

🇺🇸 172.252.125.150

🇷🇺 91.211.236.106

🇮🇶 62.201.228.210

🇨🇳 171.114.231.111

🇫🇮 147.185.133.123

🇺🇸 100.50.17.159

🇬🇧 80.194.254.218

🇧🇬 79.124.40.166

🇧🇬 78.128.113.74

🇩🇪 217.160.0.70