JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.52.28

104.207.52.28 was found in our database!

This IP was reported 118 times. Confidence of Abuse is 16%: ?

16%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.52.28

Whois 104.207.52.28

IP Abuse Reports for 104.207.52.28:

This IP address has been reported a total of 118 times from 12 distinct sources. 104.207.52.28 was first reported on June 13th 2024, and the most recent report was 21 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-06 19:42:26 (21 hours ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 15:41:55.901235 2026] [security2:error] [pid 10462:tid 10462] [client 104.207.52.28:45815] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.trafficstopper.com"] [uri "/.env"] [unique_id "aiR4A55ZbYDThl1PUAPPNwAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-06-06 06:06:01 (1 day ago)	Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [ice01,ice02,wa01]	Bad Web Bot Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-06-06 04:07:01 (1 day ago)	Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [wa02]	Bad Web Bot Web App Attack
🇨🇭 filou812	2026-02-10 07:07:51 (3 months ago)	url tried is "/dev/.git/config"	Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 20:07:15 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 15:06:54.030531 2026] [security2:error] [pid 9830:tid 9830] [client 104.207.52.28:29771] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "galaxyretro.com"] [uri "/v2/.git/config"] [unique_id "aYo-Xub8UDWMmmIx-UshkwAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 18:56:03 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 13:55:51.742937 2026] [security2:error] [pid 19151:tid 19151] [client 104.207.52.28:25711] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fydelitybags.com"] [uri "/app/.git/config"] [unique_id "aYott0N9uka4wuVvaybC-gAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 16:42:06 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 11:41:56.685186 2026] [security2:error] [pid 18571:tid 18571] [client 104.207.52.28:57525] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fuegolounge813.com"] [uri "/backup/.git/config"] [unique_id "aYoOVICI46tEltcjgJFq_wAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 12:41:09 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 07:40:58.429728 2026] [security2:error] [pid 11127:tid 11127] [client 104.207.52.28:20065] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gamepart.com"] [uri "/.env.local"] [unique_id "aYnV2v1BoZUHiy6vTnXkiQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 08:23:25 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 03:23:16.987545 2026] [security2:error] [pid 26610:tid 26610] [client 104.207.52.28:12283] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fxztrader.com"] [uri "/.env.save"] [unique_id "aYmZdIFbGu5I6nk0cF5_2gAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-27 20:33:37 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 27 15:33:32.308483 2025] [security2:error] [pid 1167:tid 1186] [client 104.207.52.28:14569] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "chelseyrae.com"] [uri "/.svn/wc.db"] [unique_id "aSi1nDv8R3mcUxP2htsbDAAAAM8"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-26 21:54:33 (6 months ago)	Malicious activity detected	Hacking Web App Attack
🇩🇪 Marc	2025-10-29 20:20:14 (7 months ago)		Brute-Force
Anonymous	2025-10-09 12:44:24 (7 months ago)	...	Brute-Force SSH
Anonymous	2025-04-06 23:53:02 (1 year ago)	Attempted brute force login to web vpn 6 time(s); last attempt for 2025.04.06 is noted in report tim ... show more Attempted brute force login to web vpn 6 time(s); last attempt for 2025.04.06 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-04-05 18:12:17 (1 year ago)	Attempted brute force login to web vpn 3 time(s); last attempt for 2025.04.05 is noted in report tim ... show more Attempted brute force login to web vpn 3 time(s); last attempt for 2025.04.05 is noted in report timestamp show less	Hacking Brute-Force

Showing 1 to 15 of 118 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇯🇵 156.227.233.77

🇫🇷 104.249.37.63

🇪🇨 45.224.97.241

🇺🇸 40.77.167.32

🇫🇷 2001:41d0:203:ab8e::1

🇺🇸 185.92.182.129

🇳🇱 158.140.210.14

🇨🇴 152.200.205.179

🇧🇩 103.190.132.219

🇦🇪 91.73.252.136

🇮🇶 45.157.53.66

🇳🇱 155.117.6.32

🇻🇳 116.110.154.100

🇱🇹 81.30.98.158

🇺🇸 18.116.170.14

🇷🇴 2.57.121.112

🇺🇸 205.210.31.6

🇩🇪 176.121.109.23

🇨🇳 106.13.46.38

🇨🇳 101.76.248.214