JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.53.138

104.207.53.138 was found in our database!

This IP was reported 133 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.53.138

Whois 104.207.53.138

IP Abuse Reports for 104.207.53.138:

This IP address has been reported a total of 133 times from 15 distinct sources. 104.207.53.138 was first reported on June 5th 2024, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇮 inlink.ltd	2026-05-23 18:18:08 (3 weeks ago)	Known malicious PHP file or CMS probe	Web App Attack
🇩🇪 F242	2026-01-02 13:44:24 (5 months ago)	Wordpress Login or XMLRPC abuse	Web App Attack
🇦🇺 MAGIC	2025-12-28 03:03:44 (5 months ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇺🇸 TPI-Abuse	2025-11-27 21:44:11 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.53.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.53.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 27 16:44:05.080098 2025] [security2:error] [pid 9755:tid 9755] [client 104.207.53.138:46359] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "frelsburg.com"] [uri "/.svn/wc.db"] [unique_id "aSjGJXYztHK8wBqPqnTZZgAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 09:24:10 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.53.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.53.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 04:24:04.688196 2025] [security2:error] [pid 9287:tid 9287] [client 104.207.53.138:9723] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.walkerweb.walkerweb.com"] [uri "/.svn/wc.db"] [unique_id "aSbHNOxB74dgvmLQ4xHz4AAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-26 05:56:24 (6 months ago)	Web App Attack	Brute-Force Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 05:47:42 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.53.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.53.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 00:47:38.035604 2025] [security2:error] [pid 4623:tid 4623] [client 104.207.53.138:13667] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.shortprovincegirl.michaelsabbey.org"] [uri "/.env"] [unique_id "aSaUetPN-n2EDBjWCZrSagAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 03:49:09 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.53.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.53.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 22:49:03.218043 2025] [security2:error] [pid 20519:tid 20519] [client 104.207.53.138:52357] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "medicare.waggonerfinancial.com"] [uri "/.svn/wc.db"] [unique_id "aSZ4rxGNEzpdNkcp3P5NGgAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 00:53:37 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.53.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.53.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 19:53:34.083350 2025] [security2:error] [pid 5895:tid 5895] [client 104.207.53.138:56905] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.allautousa.com"] [uri "/.svn/wc.db"] [unique_id "aSZPjraJ8lNr7xXL4tuYWwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 03:16:28 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 104.207.53.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 104.207.53.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:16:21.732777 2025] [security2:error] [pid 27727:tid 27749] [client 104.207.53.138:42315] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|unitedonegroup.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "unitedonegroup.com"] [uri "/1.sql"] [unique_id "aSUfhfeXMnwYTnmV60PfRwAAANQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 09:45:20 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.53.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.53.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:45:12.780226 2025] [security2:error] [pid 5433:tid 5433] [client 104.207.53.138:10983] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.berklie.com"] [uri "/.svn/wc.db"] [unique_id "aSQpKIpp4ueJXz7G05NzJAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 09:18:41 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.53.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.53.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:18:37.406752 2025] [security2:error] [pid 22646:tid 22646] [client 104.207.53.138:20291] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.jewelrybuyers.net"] [uri "/.env"] [unique_id "aSQi7Z8PIdRVm7KZDiO4BAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 oncord	2025-10-22 00:05:34 (7 months ago)	Form spam	Web Spam
🇦🇺 oncord	2025-10-09 13:08:21 (8 months ago)	Form spam	Web Spam
🇺🇸 oncord	2025-10-07 21:54:58 (8 months ago)	Form spam	Web Spam

Showing 1 to 15 of 133 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.56

🇺🇸 64.62.156.204

🇨🇦 54.39.152.82

🇳🇱 45.148.10.183

🇺🇸 45.8.19.47

🇧🇪 34.76.184.140

🇺🇸 216.194.174.116

🇬🇧 194.50.235.145

🇸🇬 101.47.50.118

🇮🇹 94.176.212.216

🇩🇪 69.5.169.176

🇹🇷 5.25.183.16

🇨🇳 220.197.14.60

🇩🇪 217.160.104.158

🇺🇸 209.172.2.130

🇷🇺 185.208.195.210

🇺🇸 167.99.119.225

🇨🇳 115.191.6.58

🇸🇬 101.47.50.102

🇳🇱 45.148.10.141