JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.52.56

104.207.52.56 was found in our database!

This IP was reported 137 times. Confidence of Abuse is 10%: ?

10%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.52.56

Whois 104.207.52.56

IP Abuse Reports for 104.207.52.56:

This IP address has been reported a total of 137 times from 20 distinct sources. 104.207.52.56 was first reported on June 11th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 PeravixGroup	2026-06-09 21:17:58 (1 week ago)	Honeypot detection: Apache CouchDB unauthorized access / exploitation attempt on port 5984. Severity ... show more Honeypot detection: Apache CouchDB unauthorized access / exploitation attempt on port 5984. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇬🇧 PeravixGroup	2026-05-07 10:05:43 (1 month ago)	Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severit ... show more Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇨🇳 ThreatBook.io	2026-05-07 01:09:56 (1 month ago)	ThreatBook Intelligence: http_proxy,Gateway more details on https://threatbook.io/ip/104.207.52.56 2 ... show more ThreatBook Intelligence: http_proxy,Gateway more details on https://threatbook.io/ip/104.207.52.56 2026-05-06 16:46:18 / show less	Web App Attack
🇦🇺 RedBear IT	2026-03-26 10:00:37 (2 months ago)	"DDoS against public endpoint"	DDoS Attack
🇧🇪 voormedia	2026-03-05 16:09:44 (3 months ago)	Accessed trap at '/.git/config'	Web App Attack
🇺🇸 TPI-Abuse	2026-03-05 08:06:45 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.56 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.56 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 05 03:06:39.285782 2026] [security2:error] [pid 2915:tid 2943] [client 104.207.52.56:28401] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.howardhallis.com"] [uri "/.git/objects/d2/9884446d5db2681d17d5a42ffe36201ad727ee"] [unique_id "aak5j2bdh7c6FWT9QFVLoQAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 MAGIC	2025-12-20 02:02:09 (5 months ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇺🇸 TPI-Abuse	2025-12-11 01:17:52 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.56 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.56 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 10 20:17:46.382008 2025] [security2:error] [pid 3571:tid 3571] [client 104.207.52.56:36827] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kinnairdenterprisesllc.com"] [uri "/.git/HEAD"] [unique_id "aTobug8vFBMeBOW8b_zXogAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-10 08:25:26 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.56 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.56 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 10 03:25:22.876404 2025] [security2:error] [pid 4395:tid 4395] [client 104.207.52.56:31971] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "manueltoren.com"] [uri "/.env"] [unique_id "aTkucn9KBIQL76v9F1MgsQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-09 17:59:05 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.56 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.56 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 09 12:58:57.625882 2025] [security2:error] [pid 13527:tid 13527] [client 104.207.52.56:47321] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "twogocamping.com"] [uri "/.svn/wc.db"] [unique_id "aThjYcTTfvrrP6lo73mUKwAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-07 14:58:37 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.56 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.56 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 09:58:34.322591 2025] [security2:error] [pid 20566:tid 20566] [client 104.207.52.56:45899] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "selfdirecteddiscovery.org"] [uri "/.git/HEAD"] [unique_id "aTWWGtfeLZM_cAdTEjgxjAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 05:58:07 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.56 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.56 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 00:58:01.168753 2025] [security2:error] [pid 18537:tid 18537] [client 104.207.52.56:32521] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "curryfirm.com"] [uri "/.env"] [unique_id "aTJ0abukaXF-oC91wqkT5QAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 03:51:06 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.56 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.56 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 04 22:50:58.461390 2025] [security2:error] [pid 16026:tid 16026] [client 104.207.52.56:21115] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sonnyandkaren.com"] [uri "/.svn/wc.db"] [unique_id "aTJWotcwm6A2g5ls011PdgAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-10-30 14:20:02 (7 months ago)	WordPress Brute Force	Brute-Force
🇩🇪 Marc	2025-10-29 20:43:07 (7 months ago)		Brute-Force

Showing 1 to 15 of 137 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇴 205.188.111.178

🇮🇩 163.7.6.41

🇵🇰 110.93.224.226

🇳🇱 45.148.10.183

🇨🇳 14.103.115.225

🇨🇳 182.140.196.244

🇺🇸 162.216.150.55

🇳🇱 91.92.40.5

🇱🇹 81.30.98.142

🇩🇪 45.135.141.9

🇬🇧 35.203.211.115

🇨🇦 24.77.105.16

🇧🇷 205.210.31.136

🇹🇼 198.235.24.43

🇨🇳 180.153.236.87

🇸🇬 165.154.29.93

🇺🇸 162.216.150.180

🇳🇱 159.223.2.137

🇸🇬 129.226.88.44

🇮🇳 122.162.145.165