JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.52.139

104.207.52.139 was found in our database!

This IP was reported 135 times. Confidence of Abuse is 15%: ?

15%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.52.139

Whois 104.207.52.139

IP Abuse Reports for 104.207.52.139:

This IP address has been reported a total of 135 times from 16 distinct sources. 104.207.52.139 was first reported on June 21st 2024, and the most recent report was 12 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 lostswordfish.com	2026-06-10 07:52:06 (12 hours ago)	Wordfence waf block on kcuar	Web App Attack
🇩🇪 LRob.fr	2026-06-10 01:00:15 (19 hours ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇩🇪 kranem	2026-02-25 06:01:52 (3 months ago)	Triggered Cloudflare WAF from DE. Action taken: BLOCK ASN: 200373 (DREI-K-TECH-GMBH) Protocol: HTTP/ ... show more Triggered Cloudflare WAF from DE. Action taken: BLOCK ASN: 200373 (DREI-K-TECH-GMBH) Protocol: HTTP/2 (GET method) Endpoint: /auth/login Timestamp: 2026-02-25T04:53:39Z User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 13_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15 show less	Bad Web Bot
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:02:02 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-12-08 06:21:04 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.139 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 08 01:20:38.554460 2025] [security2:error] [pid 21112:tid 21112] [client 104.207.52.139:24513] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ladymfashion.com"] [uri "/.env"] [unique_id "aTZuNnnC1bBuX4RdMiBqLAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-07 16:21:51 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.139 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 11:21:43.756410 2025] [security2:error] [pid 13303:tid 13303] [client 104.207.52.139:32725] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "austinbiblestudents.org"] [uri "/.svn/wc.db"] [unique_id "aTWpl5b8Nf46k6iDcnpMdgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-07 15:31:41 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.139 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 10:31:32.998013 2025] [security2:error] [pid 26939:tid 26939] [client 104.207.52.139:37097] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "universitydental.org"] [uri "/.git/HEAD"] [unique_id "aTWd1FU7rr9eAEi02d99iwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-06 17:00:55 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.139 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 06 12:00:48.124084 2025] [security2:error] [pid 26958:tid 26958] [client 104.207.52.139:26691] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aboutahome.net"] [uri "/.svn/wc.db"] [unique_id "aTRhQNsfcEPFKty1yXxRcgAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2025-12-06 12:03:36 (6 months ago)	Blocking for trying to access an exploit file: /.env	Hacking
🇺🇸 TPI-Abuse	2025-12-05 06:53:58 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.139 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 01:53:55.118910 2025] [security2:error] [pid 21954:tid 21954] [client 104.207.52.139:42555] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "airtechconsulting.com"] [uri "/.env"] [unique_id "aTKBg8LuMfM7fYQk_Yx_IAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 03:56:56 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.139 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 04 22:56:49.588039 2025] [security2:error] [pid 12713:tid 12713] [client 104.207.52.139:44455] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rejuvenationsystems.com"] [uri "/.svn/wc.db"] [unique_id "aTJYAfgGad9Jp0MBc8knbQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-28 20:56:41 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.139 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 28 15:56:31.746635 2025] [security2:error] [pid 27074:tid 27074] [client 104.207.52.139:47449] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aavondalervstorage.com"] [uri "/.env.bak"] [unique_id "aSoMfyahZYpgfRZQi30KGQAAACA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-28 08:36:44 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.139 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 28 03:36:38.050447 2025] [security2:error] [pid 32446:tid 32446] [client 104.207.52.139:41511] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "97201.com"] [uri "/wp-config.php"] [unique_id "aSlfFhlMlkhiMP-5K-vjVQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2025-11-24 09:33:53 (6 months ago)	Attempted access to sensitive endpoint (/.git/HEAD) detected. Automated scan or unauthorized probing ... show more Attempted access to sensitive endpoint (/.git/HEAD) detected. Automated scan or unauthorized probing. show less	Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 08:15:18 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.139 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.139 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 03:15:06.902232 2025] [security2:error] [pid 12103:tid 12144] [client 104.207.52.139:36185] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.super-8mm.com"] [uri "/.env"] [unique_id "aSQUCud3pxroRSWDTtp_vwAAAMs"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 135 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 206.42.8.243

🇨🇳 106.115.115.7

🇳🇵 103.163.182.142

🇳🇱 85.11.167.232

🇮🇩 69.5.20.232

🇨🇳 61.151.249.194

🇯🇵 58.98.197.137

🇺🇸 47.251.5.136

🇳🇱 45.148.10.121

🇳🇱 45.142.193.10

🇫🇮 34.88.74.41

🇧🇪 104.155.29.73

🇺🇸 104.131.69.242

🇮🇳 103.108.5.219

🇧🇬 78.128.114.58

🇸🇦 66.118.148.238

🇨🇳 60.16.210.240

🇭🇰 45.192.97.6

🇻🇳 14.183.237.63

🇦🇷 186.122.177.140