JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.55.149

104.207.55.149 was found in our database!

This IP was reported 129 times. Confidence of Abuse is 36%: ?

36%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.55.149

Whois 104.207.55.149

IP Abuse Reports for 104.207.55.149:

This IP address has been reported a total of 129 times from 20 distinct sources. 104.207.55.149 was first reported on June 5th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 FeG Deutschland	2026-05-29 12:59:15 (1 week ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
Anonymous	2026-05-29 01:37:36 (1 week ago)	[ns65.kdns.gr] httpd-login-spray-site: sites=villafleria.gr; logs=/var/log/httpd/domains/villafleria ... show more [ns65.kdns.gr] httpd-login-spray-site: sites=villafleria.gr; logs=/var/log/httpd/domains/villafleria.gr.log; samples=site_wide=true \| distinct_ips=14 \| /wp-login.php show less	Hacking Web App Attack
🇫🇷 pm33	2026-05-25 23:05:16 (1 week ago)	Wordpress login attempts	Brute-Force
🇩🇪 iNetWorker	2026-05-25 22:44:25 (1 week ago)	trolling for resource vulnerabilities	Web App Attack
🇲🇽 octageeks.com	2026-05-24 04:13:27 (1 week ago)	Wordpress malicious attack:[octaflood]	Web App Attack
🇺🇸 lostswordfish.com	2026-05-23 09:42:04 (1 week ago)	Wordfence waf block on secure	Web App Attack
🇵🇱 dcnet	2026-03-08 00:00:00 (2 months ago)	SSL VPN brute force credential stuffing on FortiGate 100F - unknown user login attempts	Hacking Brute-Force
🇲🇹 Malta	2026-01-30 03:43:10 (4 months ago)	104.207.55.149 - - [30/Jan/2026:04:43:10 +0100] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows ... show more 104.207.55.149 - - [30/Jan/2026:04:43:10 +0100] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.207 Safari/537.36" show less	VPN IP Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-12-09 21:09:44 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.55.149 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.55.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 09 16:09:37.670802 2025] [security2:error] [pid 15367:tid 15367] [client 104.207.55.149:15215] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webuychesterfieldhouses.com"] [uri "/.env"] [unique_id "aTiQEeYSxtzO7XYTvoediQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-08 07:56:03 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.55.149 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.55.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 08 02:55:56.636575 2025] [security2:error] [pid 8947:tid 8983] [client 104.207.55.149:21717] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "coloradospringsmohs.com"] [uri "/.env"] [unique_id "aTaEjFOXRoWzqdX3ccZX3gAAAcc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 11:27:48 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.55.149 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.55.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 06:27:43.577911 2025] [security2:error] [pid 25240:tid 25240] [client 104.207.55.149:56217] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "f4fbbs.com"] [uri "/.env"] [unique_id "aTLBr3Rbg0FTafu19J_6fAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 05:35:26 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.55.149 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.55.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 00:35:23.588270 2025] [security2:error] [pid 16326:tid 16326] [client 104.207.55.149:49807] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jmarkcapital.com"] [uri "/.svn/wc.db"] [unique_id "aTJvG5rFpFq_mFUpSEu9ZAAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 MAGIC	2025-11-19 03:22:56 (6 months ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
Anonymous	2025-11-10 21:02:48 (6 months ago)	2025-11-10T23:02:48.423678+02:00 zanati wp(www.sahpa.co.za)[2464708]: Blocked authentication attempt ... show more 2025-11-10T23:02:48.423678+02:00 zanati wp(www.sahpa.co.za)[2464708]: Blocked authentication attempt for [email protected] from 104.207.55.149 ... show less	Web App Attack
🇩🇪 formality	2025-10-19 06:42:33 (7 months ago)	Invalid user admin from 104.207.55.149 port 12717	Brute-Force SSH

Showing 1 to 15 of 129 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇬 193.24.211.107

🇺🇸 147.185.132.28

🇱🇹 81.30.98.158

🇳🇱 45.198.224.143

🇳🇱 45.156.87.34

🇧🇪 34.62.89.229

🇩🇪 2620:171:f8:f0:9999::206

🇺🇸 162.216.149.167

🇻🇳 160.250.186.97

🇭🇰 101.36.109.176

🇷🇴 80.94.92.184

🇨🇳 39.154.5.175

🇳🇱 5.255.122.176

🇧🇴 190.181.44.194

🇺🇸 144.202.92.17

🇷🇴 92.118.39.236

🇯🇵 92.113.142.203

🇺🇸 73.80.120.88

🇺🇸 70.120.203.193

🇮🇳 27.123.104.142