JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.55.140

104.207.55.140 was found in our database!

This IP was reported 137 times. Confidence of Abuse is 16%: ?

16%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.55.140

Whois 104.207.55.140

IP Abuse Reports for 104.207.55.140:

This IP address has been reported a total of 137 times from 20 distinct sources. 104.207.55.140 was first reported on June 11th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇱🇻 garmtech.com	2026-05-30 06:25:35 (1 week ago)	IM360 WAF: Old style account creation and modification in Joomla! MV:registration	Web App Attack
🇨🇭 4server	2026-05-13 12:41:21 (3 weeks ago)	[WedMay1314:41:16.5375472026][security2:error][pid2688707:tid2688761][client104.207.55.140:0]ModSecu ... show more [WedMay1314:41:16.5375472026][security2:error][pid2688707:tid2688761][client104.207.55.140:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"supporto-ticino.ch\"][uri\"/.aws/credentials\"][unique_id\"agRxbIDzrUtT-VRZJ0m04wAAAFM\"] show less	Hacking Web App Attack
🇩🇪 big-cloud.nl	2026-04-26 04:39:34 (1 month ago)	Try to access /xmlrpc.php	Web App Attack
🇺🇸 TPI-Abuse	2026-02-11 20:41:21 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.55.140 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.55.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 11 15:41:18.243428 2026] [security2:error] [pid 3892:tid 3892] [client 104.207.55.140:20547] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arctic-sea.com"] [uri "/new/.git/config"] [unique_id "aYzpbrUfRwk1TArdSYfnrAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2026-02-10 22:59:31 (3 months ago)	Auto-ban: >3000 req/min op 2026-02-10	Hacking Web App Attack SSH
🇳🇿 FaB Property Group	2026-02-10 11:45:07 (3 months ago)	Requested file: webapp/server/tests/test.env	Web App Attack
🇺🇸 myagent.site	2026-02-10 03:58:33 (3 months ago)	Blocking for trying to access an exploit file: /admin/.git/config	Hacking
🇺🇸 TPI-Abuse	2026-02-10 03:21:37 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.55.140 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.55.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 22:21:32.224503 2026] [security2:error] [pid 26580:tid 26580] [client 104.207.55.140:55501] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "maerynray.com"] [uri "/new/.git/config"] [unique_id "aYqkPOKH9DNb-wMxCriyDgAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-10 02:16:35 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.55.140 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.55.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 21:16:28.444511 2026] [security2:error] [pid 1036081:tid 1036193] [client 104.207.55.140:46309] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "killasgarage.bike"] [uri "/config/.env"] [unique_id "aYqU_M__7REXY7sHL-BiXwAAAc8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-10 01:34:17 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.55.140 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.55.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 20:34:09.615667 2026] [security2:error] [pid 1033:tid 1033] [client 104.207.55.140:57447] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "khovanov.com"] [uri "/.env.production"] [unique_id "aYqLEbpJvKr3SQua1Oew7wAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 23:01:18 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.55.140 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.55.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 18:01:15.106970 2026] [security2:error] [pid 32305:tid 32305] [client 104.207.55.140:40803] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "howtogetcoolstuffforfree.com"] [uri "/wp/.git/config"] [unique_id "aYpnO08NmGhhlR3omUf2mgAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 10dencehispahard SL	2026-01-28 06:51:08 (4 months ago)	Wordpress probing for vulnerabilities	Hacking Exploited Host
🇫🇷 tilellit.pro	2026-01-20 02:04:18 (4 months ago)	Fail2Ban banned 104.207.55.140 for security violations in jail wp-armour. Log: 2026/01/20 02:04:17 [ ... show more Fail2Ban banned 104.207.55.140 for security violations in jail wp-armour. Log: 2026/01/20 02:04:17 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 104.207.55.140 \| Target: wplogin" , client: 104.207.55.140, server: [REDACTED], request: "POST /wp-login.php HTTP/2.0", upstream: [REDACTED], host: [REDACTED], referrer: "https://comerciogallego.es/wp-login.php" ... show less	Web Spam
🇺🇸 myagent.site	2026-01-15 08:39:46 (4 months ago)	Blocking for trying to access an exploit file: /.env	Hacking
🇺🇸 TPI-Abuse	2026-01-14 19:51:43 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.55.140 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.55.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 14 14:51:35.966435 2026] [security2:error] [pid 566:tid 566] [client 104.207.55.140:54245] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ssion.com"] [uri "/.env"] [unique_id "aWfzx9Pkm8IR4Syv9u3IkAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 137 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇬 2404:6800:4003:c22::12a

🇨🇳 223.95.25.251

🇳🇱 195.178.110.30

🇧🇼 168.167.81.169

🇩🇪 167.94.145.26

🇫🇮 147.185.133.185

🇧🇷 129.121.54.208

🇰🇷 121.162.19.163

🇲🇲 103.59.163.132

🇮🇪 86.42.18.7

🇺🇸 72.241.40.148

🇩🇪 43.228.157.170

🇬🇧 35.203.210.192

🇺🇸 20.228.193.165

🇺🇸 20.168.120.227

🇳🇱 176.65.148.189

🇺🇸 107.167.34.125

🇺🇸 75.190.176.225

🇺🇸 73.70.24.82

🇺🇸 65.49.1.111