JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.53.22

104.207.53.22 was found in our database!

This IP was reported 102 times. Confidence of Abuse is 36%: ?

36%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.53.22

Whois 104.207.53.22

IP Abuse Reports for 104.207.53.22:

This IP address has been reported a total of 102 times from 24 distinct sources. 104.207.53.22 was first reported on June 5th 2024, and the most recent report was 13 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 solution.it	2026-06-29 03:45:45 (13 hours ago)	[Mon Jun 29 05:45:32.619966 2026] [php7:error] [pid 3692126:tid 3692126] [client 104.207.53.22:56297 ... show more [Mon Jun 29 05:45:32.619966 2026] [php7:error] [pid 3692126:tid 3692126] [client 104.207.53.22:56297] script '/var/www/html/blog.solution.it/wp-login.php' not found or unable to stat, referer: https://solution.it/wp-login.php show less	Web App Attack
Anonymous	2026-06-28 20:59:16 (20 hours ago)	[ssd1.kdns.gr] httpd-login-spray-site: sites=me-meraki.gr; logs=/var/log/httpd/domains/me-meraki.gr. ... show more [ssd1.kdns.gr] httpd-login-spray-site: sites=me-meraki.gr; logs=/var/log/httpd/domains/me-meraki.gr.log; samples=site_wide=true \| distinct_ips=23 \| /wp-login.php show less	Hacking Web App Attack
🇲🇽 octageeks.com	2026-06-28 04:15:41 (1 day ago)	Wordpress malicious attack:[octaflood]	Web App Attack
🇫🇷 pm33	2026-06-27 09:47:15 (2 days ago)	Wordpress login attempts	Brute-Force
🇺🇸 cwytech	2026-06-25 16:20:40 (4 days ago)	Fleet-wide ban from the Ghostfleet 👻. Triggered by scenario: cwy/wordpress-login-lockdown-high.	Bad Web Bot Web App Attack
🇫🇮 Erpelstolz	2026-01-05 18:16:49 (5 months ago)	external host: 104.207.53.22 - - [05/Jan/2026:19:16:49 +0100] "HEAD /wp-includes/ HTTP/1.1" 404 180 ... show more external host: 104.207.53.22 - - [05/Jan/2026:19:16:49 +0100] "HEAD /wp-includes/ HTTP/1.1" 404 180 "-" "python-requests/2.25.1" show less	Web App Attack
Anonymous	2026-01-04 10:04:15 (5 months ago)		Bad Web Bot Web App Attack
🇮🇹 VHosting	2025-12-18 08:50:10 (6 months ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 06:13:29 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.53.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.53.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 01:13:23.044691 2025] [security2:error] [pid 13110:tid 13110] [client 104.207.53.22:32483] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.trinidadlimo.com"] [uri "/.env"] [unique_id "aSVJAyf0tBqvHx__mcGZgwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:11:34 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.53.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.53.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:11:27.688973 2025] [security2:error] [pid 774783:tid 774783] [client 104.207.53.22:38089] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.yellowbrickfoundation.com"] [uri "/.env"] [unique_id "aSUsb79X1NChZMchZNQZzwAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 03:51:33 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.53.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.53.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:51:09.895424 2025] [security2:error] [pid 7226:tid 7226] [client 104.207.53.22:60117] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.mothersdaybouquet.net"] [uri "/.env"] [unique_id "aSUnreZuZbPvOc7V_DBVJwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 01:52:37 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.53.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.53.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 20:52:30.260160 2025] [security2:error] [pid 9606:tid 9606] [client 104.207.53.22:19091] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.notimallinckrodt.com.ar"] [uri "/.svn/wc.db"] [unique_id "aSUL3vUcqmcBCjB5OEvV7AAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 01:37:20 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.53.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.53.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 20:37:15.598027 2025] [security2:error] [pid 31911:tid 31911] [client 104.207.53.22:47899] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kittendream.mykelmilur.com"] [uri "/.svn/wc.db"] [unique_id "aSUIS0fVJqmIFz9ebF2_egAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 oncord	2025-10-20 00:27:57 (8 months ago)	Form spam	Web Spam
Anonymous	2025-10-11 08:26:11 (8 months ago)	Attempted brute force login to web vpn 54 time(s); last attempt for 2025.10.11 is noted in report ti ... show more Attempted brute force login to web vpn 54 time(s); last attempt for 2025.10.11 is noted in report timestamp show less	Hacking Brute-Force

Showing 1 to 15 of 102 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 178.16.53.241

🇵🇱 74.248.36.50

🇺🇸 65.49.1.193

🇺🇸 216.218.206.97

🇫🇷 195.154.55.188

🇬🇧 185.161.7.188

🇩🇪 69.5.169.248

🇺🇸 64.62.156.95

🇺🇸 64.62.156.78

🇺🇸 64.62.156.75

🇨🇳 60.255.231.61

🇷🇺 213.108.251.83

🇺🇸 198.98.62.211

🇧🇷 170.238.160.191

🇫🇷 103.110.160.226

🇩🇪 91.192.10.179

🇳🇱 91.92.40.5

🇺🇸 64.62.156.66

🇺🇸 64.62.156.41

🇺🇸 64.62.156.32