JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.51.4

104.207.51.4 was found in our database!

This IP was reported 78 times. Confidence of Abuse is 11%: ?

11%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.51.4

Whois 104.207.51.4

IP Abuse Reports for 104.207.51.4:

This IP address has been reported a total of 78 times from 14 distinct sources. 104.207.51.4 was first reported on June 22nd 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 PeravixGroup	2026-05-22 13:20:20 (1 week ago)	Honeypot detection: Elasticsearch unauthorized access / data leak attempt on port 9200. Severity: ME ... show more Honeypot detection: Elasticsearch unauthorized access / data leak attempt on port 9200. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇨🇳 ThreatBook.io	2026-05-10 00:27:26 (3 weeks ago)	ThreatBook Intelligence: http_proxy,Gateway more details on https://threatbook.io/ip/104.207.51.4 20 ... show more ThreatBook Intelligence: http_proxy,Gateway more details on https://threatbook.io/ip/104.207.51.4 2026-05-09 17:50:24 /nacos/v1/auth/users?search=accurate&pageNo=1&pageSize=99 show less	Web App Attack
🇺🇸 TPI-Abuse	2026-02-24 11:21:43 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.51.4 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.207.51.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 24 06:21:38.889796 2026] [security2:error] [pid 22529:tid 22529] [client 104.207.51.4:38019] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "deviswijf.jbaydeliveries.com"] [uri "/.git/config"] [unique_id "aZ2Jwg8x5pfMmjcVKPJx0AAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 ALPHANET	2026-02-23 20:16:10 (3 months ago)	web exploits	Hacking Exploited Host Web App Attack
🇨🇳 ThreatBook.io	2026-01-22 00:54:39 (4 months ago)	ThreatBook Intelligence: http_proxy,Zombie more details on https://threatbook.io/ip/104.207.51.4 202 ... show more ThreatBook Intelligence: http_proxy,Zombie more details on https://threatbook.io/ip/104.207.51.4 2026-01-21 12:48:25 /geoserver/rest.html show less	Web App Attack
🇺🇸 myagent.site	2026-01-15 08:39:31 (4 months ago)	Blocking for trying to access an exploit file: /.env	Hacking
🇩🇪 Vegascosmetics	2026-01-14 22:50:55 (4 months ago)	Kingcopy(AI-IDS):IP does Multiple AWS Environment Abuse	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-01-13 12:35:07 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.51.4 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.207.51.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 13 07:35:03.189103 2026] [security2:error] [pid 13035:tid 13035] [client 104.207.51.4:21231] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tonytremblayauthor.com"] [uri "/.svn/wc.db"] [unique_id "aWY794zdgB62RKEUzngvVAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2025-12-24 00:26:08 (5 months ago)	ThreatBook Intelligence: http_proxy,Zombie more details on https://threatbook.io/ip/104.207.51.4 202 ... show more ThreatBook Intelligence: http_proxy,Zombie more details on https://threatbook.io/ip/104.207.51.4 2025-12-23 05:56:16 /special/index.php?c=search&catid=23%20and%20(select%201%20from%20(select%20count(),concat(md5(1),floor(rand(0)2))x%20from%20information_schema.tables%20group%20by%20x)a) show less	Web App Attack
🇺🇸 TPI-Abuse	2025-12-09 04:16:40 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.51.4 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.207.51.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 08 23:16:34.712482 2025] [security2:error] [pid 2869:tid 2869] [client 104.207.51.4:40539] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "captainquirks.com"] [uri "/.git/HEAD"] [unique_id "aTeior3ID0VSDjSvhPPxPAAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-07 20:41:52 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.51.4 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.207.51.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 15:41:46.331770 2025] [security2:error] [pid 3242:tid 3253] [client 104.207.51.4:50917] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "clinicadelparabrisas.com"] [uri "/.env"] [unique_id "aTXmiheAGBZ60qCidA6y_QAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-07 12:12:30 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.51.4 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.207.51.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 07:12:26.477214 2025] [security2:error] [pid 15338:tid 15338] [client 104.207.51.4:52509] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "americancryonics.org"] [uri "/.svn/wc.db"] [unique_id "aTVvKjbX6PfHj-VwKknulQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-06 11:47:33 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.51.4 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.207.51.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 06 06:47:27.791930 2025] [security2:error] [pid 27184:tid 27184] [client 104.207.51.4:14539] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "castlewelding.net"] [uri "/.svn/wc.db"] [unique_id "aTQXz381034pT-tdcswfhgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 13:31:29 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.51.4 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.207.51.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 08:31:26.649554 2025] [security2:error] [pid 7596:tid 7618] [client 104.207.51.4:29469] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hobfl.com"] [uri "/.svn/wc.db"] [unique_id "aTLerhEqLlODRlDzgQHPfQAAAVA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 12:45:02 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.51.4 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.207.51.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 07:44:56.411107 2025] [security2:error] [pid 9868:tid 9868] [client 104.207.51.4:43695] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "district7vote.com"] [uri "/.svn/wc.db"] [unique_id "aTLTyBc-XfGKKp9n_L-qJQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 78 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 212.132.120.41

🇲🇦 196.92.7.249

🇬🇧 193.176.29.4

🇨🇳 115.191.79.153

🇺🇸 66.132.195.115

🇬🇧 5.226.140.98

🇷🇴 2.57.121.25

🇲🇦 196.92.7.247

🇺🇸 157.245.190.121

🇭🇰 152.32.135.217

🇺🇸 100.29.192.32

🇷🇴 89.47.53.19

🇫🇷 85.204.70.106

🇧🇷 45.71.123.226

🇨🇳 221.226.232.44

🇺🇸 191.101.33.114

🇨🇳 180.167.128.203

🇳🇱 176.65.148.215

🇺🇸 157.245.244.250

🇨🇳 116.228.233.93