JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.52.134

104.207.52.134 was found in our database!

This IP was reported 169 times. Confidence of Abuse is 13%: ?

13%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.52.134

Whois 104.207.52.134

IP Abuse Reports for 104.207.52.134:

This IP address has been reported a total of 169 times from 21 distinct sources. 104.207.52.134 was first reported on June 8th 2024, and the most recent report was 4 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 4 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇭 4server	2026-05-05 21:56:34 (4 weeks ago)	[TueMay0523:56:30.2664022026][security2:error][pid285417:tid285725][client104.207.52.134:0]ModSecuri ... show more [TueMay0523:56:30.2664022026][security2:error][pid285417:tid285725][client104.207.52.134:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"367\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"prodotti.comarcosa.com\"][uri\"/xmlrpc.php\"][unique_id\"afpnjvuJA0sbJb7D0Ckr8gAAARE\"] show less	Hacking Web App Attack
🇨🇭 4server	2026-05-03 01:21:37 (1 month ago)	[SunMay0303:21:34.6451552026][security2:error][pid2207012:tid2207359][client104.207.52.134:0]ModSecu ... show more [SunMay0303:21:34.6451552026][security2:error][pid2207012:tid2207359][client104.207.52.134:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"367\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"giuristifriburgo.ch\"][uri\"/xmlrpc.php\"][unique_id\"afajHuCdWVZrcb-jc2kCjwAAARQ\"] show less	Hacking Web App Attack
🇫🇷 masterguru	2026-05-02 15:58:15 (1 month ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.52.134 (GB/United Kingdom/-): 1 in the ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.52.134 (GB/United Kingdom/-): 1 in the last 3600 secs (0-195) show less	Hacking
🇱🇻 garmtech.com	2026-05-01 10:03:35 (1 month ago)	IM360 WAF: WordPress plugin/theme auto install block	Web App Attack
🇫🇷 masterguru	2026-04-19 12:38:36 (1 month ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.52.134 (GB/United Kingdom/-): 1 in the ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.52.134 (GB/United Kingdom/-): 1 in the last 3600 secs (0-193) show less	Hacking
🇩🇪 Bedios GmbH	2026-02-19 02:11:23 (3 months ago)	Login credentials theft attempt	Hacking
🇺🇸 mnsf	2026-02-19 01:05:38 (3 months ago)	Scanning/Probing (24)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-02-19 00:13:09 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.134 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.134 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 19:13:00.353599 2026] [security2:error] [pid 25280:tid 25280] [client 104.207.52.134:17603] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "vittaria.com"] [uri "/site/.git/config"] [unique_id "aZZVjNuA1lqevkabhszqbgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 22:51:16 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.134 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.134 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 17:51:13.719712 2026] [security2:error] [pid 22485:tid 22485] [client 104.207.52.134:16969] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "vandromme.net"] [uri "/.env.production"] [unique_id "aZZCYY2AfIZxEp6zolxObAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 22:32:45 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.134 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.134 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 17:32:39.986647 2026] [security2:error] [pid 28495:tid 28495] [client 104.207.52.134:25223] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "uswebforce.com"] [uri "/v2/.git/config"] [unique_id "aZY-B3KXbwE7QHk2M0LEiAAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇺 DZBOT	2026-02-18 21:06:35 (3 months ago)	Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 19:57:09 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.134 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.134 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 14:57:04.070740 2026] [security2:error] [pid 1288110:tid 1288115] [client 104.207.52.134:14005] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "toughcatcompany.com"] [uri "/.env"] [unique_id "aZYZkO9F_c7x5Ag_cn9YWwAAAUE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 18:32:32 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.134 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.134 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 13:32:23.427805 2026] [security2:error] [pid 27869:tid 27869] [client 104.207.52.134:61763] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thewanderingwoods.quest"] [uri "/backup/.git/config"] [unique_id "aZYFt9MqTCoQu45oFjA-6wAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 13:47:51 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.134 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.134 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 08:47:47.904297 2026] [security2:error] [pid 1292754:tid 1292754] [client 104.207.52.134:18495] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "wonboyn.com"] [uri "/test/.git/config"] [unique_id "aZXDA27GQqchCtaiDe36BQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-02-18 13:27:02 (3 months ago)	Bot / scanning and/or hacking attempts: GET /.git/config HTTP/1.1, GET /app/.git/config HTTP/1.1, GE ... show more Bot / scanning and/or hacking attempts: GET /.git/config HTTP/1.1, GET /app/.git/config HTTP/1.1, GET /api/.env HTTP/1.1, GET /.env.local HTTP/1.1, GET /backend/.env HTTP/1.1, GET /.env.production HTTP/1.1, HEAD / HTTP/1.1, GET /site/.git/config HTTP/1.1, GET /.env.save HTTP/1.1, GET /admin/.git/config HTTP/1.1, GET /new/.git/config HTTP/1.1, GET /wp/.git/config HTTP/1.1 show less	Hacking Web App Attack

Showing 1 to 15 of 169 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 2a06:4880:6000::7e

🇮🇳 2406:7400:11d:91ea:d121:b592:72a8:9dda

🇺🇸 162.216.150.207

🇨🇲 154.126.167.59

🇮🇳 117.196.95.185

🇧🇷 179.234.58.184

🇹🇷 176.234.89.89

🇺🇸 172.253.9.146

🇨🇳 123.13.41.128

🇯🇵 111.238.174.6

🇨🇳 111.59.196.211

🇺🇸 67.207.84.8

🇺🇸 67.205.189.163

🇳🇱 45.198.224.5

🇮🇩 43.173.1.69

🇨🇳 223.109.252.235

🇧🇷 201.80.194.82

🇲🇽 187.251.123.104

🇺🇸 172.71.31.45

🇸🇪 138.124.71.25