JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.53.125

104.207.53.125 was found in our database!

This IP was reported 157 times. Confidence of Abuse is 31%: ?

31%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.53.125

Whois 104.207.53.125

IP Abuse Reports for 104.207.53.125:

This IP address has been reported a total of 157 times from 28 distinct sources. 104.207.53.125 was first reported on June 8th 2024, and the most recent report was 12 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇲🇽 octageeks.com	2026-06-30 04:24:47 (12 hours ago)	Wordpress malicious attack:[octaflood]	Web App Attack
🇩🇪 iNetWorker	2026-06-29 22:31:14 (18 hours ago)	trolling for resource vulnerabilities	Web App Attack
🇭🇺 bcsaba	2026-06-29 14:04:56 (1 day ago)	CMS (WordPress or Joomla) login attempt. 104.207.53.125 - - [29/Jun/2026:16:04:51 +0200] "POST /wp-l ... show more CMS (WordPress or Joomla) login attempt. 104.207.53.125 - - [29/Jun/2026:16:04:51 +0200] "POST /wp-login.php HTTP/1.1" 200 3521 "https://REDACTED/wp-login.php" "Mozilla/5.0 (X11; Linux x86_64; rv:118.0) Gecko/20100101 Firefox/118.0" show less	Hacking Brute-Force Web App Attack
🇫🇷 pm33	2026-06-27 09:47:17 (3 days ago)	Wordpress login attempts	Brute-Force
Anonymous	2026-02-15 13:05:06 (4 months ago)	WAF repeated trigger detected by Fail2Ban	Web App Attack
Anonymous	2026-02-15 12:13:02 (4 months ago)	Bot / scanning and/or hacking attempts: GET /site/.git/config HTTP/1.1, GET /.env.production HTTP/1. ... show more Bot / scanning and/or hacking attempts: GET /site/.git/config HTTP/1.1, GET /.env.production HTTP/1.1, GET /v2/.git/config HTTP/1.1, GET /api/.env HTTP/1.1, GET /app/.git/config HTTP/1.1, GET /.aws/credentials HTTP/1.1, GET /config/.env HTTP/1.1, GET /backup/.git/config HTTP/1.1, GET /test/.git/config HTTP/1.1, GET /wp/.git/config HTTP/1.1, GET /.env.save HTTP/1.1, GET /frontend/.env HTTP/1.1, GET /new/.git/config HTTP/1.1, GET /api/.git/config HTTP/1.1, GET /admin/.git/config HTTP/1.1, GET /.env HTTP/1.1 show less	Hacking Web App Attack
🇺🇸 mnsf	2026-02-15 12:05:23 (4 months ago)	Scanning/Probing (24)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 06:07:10 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.53.125 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.53.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 01:07:04.739735 2026] [security2:error] [pid 2737:tid 2737] [client 104.207.53.125:23569] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sylversheers.com"] [uri "/new/.git/config"] [unique_id "aZFiiG1Z9K1BY8-bO5HqQgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 sthoyer.de	2026-02-15 03:52:18 (4 months ago)	104.207.53.125 - - [15/Feb/2026:04:52:17 +0100] "GET /.env HTTP/1.1" 302 794 "-" "Mozilla/5.0 (Windo ... show more 104.207.53.125 - - [15/Feb/2026:04:52:17 +0100] "GET /.env HTTP/1.1" 302 794 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" 104.207.53.125 - - [15/Feb/2026:04:52:17 +0100] "GET /.env.production HTTP/1.1" 302 794 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" 104.207.53.125 - - [15/Feb/2026:04:52:17 +0100] "GET /.env.staging HTTP/1.1" 302 794 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 03:42:30 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.53.125 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.53.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 22:42:26.646958 2026] [security2:error] [pid 19686:tid 19686] [client 104.207.53.125:45489] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "step1nutrition.com"] [uri "/config/.env"] [unique_id "aZFAopX2Z8HodyWf7AtmXAAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 03:22:25 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.53.125 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.53.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 22:22:17.483432 2026] [security2:error] [pid 9402:tid 9402] [client 104.207.53.125:51173] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "starthreadingsalon.com"] [uri "/app/.env"] [unique_id "aZE76X_DKazKeJpulrZDvQAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 03:03:37 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.53.125 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.53.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 22:03:28.879830 2026] [security2:error] [pid 28142:tid 28142] [client 104.207.53.125:36355] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "st-maarten-fishing.com"] [uri "/.env"] [unique_id "aZE3gI6e4VDK3AU4_sW6NgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇩 Burayot	2026-02-15 02:46:36 (4 months ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 104.207.53.125 (GB/United Kingdom/- ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 104.207.53.125 (GB/United Kingdom/-): 1 in the last 3600 secs show less	Web App Attack
Anonymous	2026-02-15 02:45:33 (4 months ago)	104.207.53.125 - - [15/Feb/2026:03:45:32 +0100] "GET /site/.git/config HTTP/1.1" 301 169 "-" "Mozill ... show more 104.207.53.125 - - [15/Feb/2026:03:45:32 +0100] "GET /site/.git/config HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" show less	Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 02:26:16 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.53.125 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.53.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 21:26:09.903686 2026] [security2:error] [pid 5679:tid 5679] [client 104.207.53.125:12263] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mystudioinparis.com"] [uri "/.env.production"] [unique_id "aZEuwZ429kdrbzd5EsPC9AAAABE"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 157 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 216.226.76.10

🇺🇸 209.141.50.202

🇳🇱 195.178.110.30

🇻🇪 190.204.24.253

🇲🇽 187.174.238.116

🇺🇸 162.216.149.245

🇧🇬 78.128.112.215

🇺🇸 73.36.177.174

🇨🇳 14.103.112.114

🇺🇸 207.90.244.26

🇨🇦 198.50.197.28

🇫🇷 185.177.72.23

🇮🇶 169.224.20.103

🇫🇷 91.196.152.213

🇺🇸 66.132.186.190

🇸🇬 52.139.198.12

🇸🇬 47.84.102.180

🇳🇱 45.198.224.92

🇻🇳 14.227.193.11

🇺🇸 216.73.216.196