JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.56.119

104.207.56.119 was found in our database!

This IP was reported 135 times. Confidence of Abuse is 19%: ?

19%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.56.119

Whois 104.207.56.119

IP Abuse Reports for 104.207.56.119:

This IP address has been reported a total of 135 times from 27 distinct sources. 104.207.56.119 was first reported on June 5th 2024, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Sklurk	2026-06-19 16:44:59 (4 days ago)	Web App Attack	Web App Attack
🇪🇸 pipeline.es	2026-06-07 02:54:01 (2 weeks ago)	Web scanning / probing for vulnerable paths	Port Scan Web App Attack
🇪🇸 pipeline.es	2026-06-07 02:21:43 (2 weeks ago)	Web scanning / probing for vulnerable paths \| URL: //cms/wp-includes/wlwmanifest.xml \| Evidence: qwa ... show more Web scanning / probing for vulnerable paths \| URL: //cms/wp-includes/wlwmanifest.xml \| Evidence: qwaytravel.com 104.207.56.119 - - [07/Jun/2026:04:21:24 +0200] \"GET //cms/wp-includes/wlwmanifest.xml HTTP/1.1\" 404 29608 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36\" GEOIP_COUNTRY_CODE=DE \| ASN: 3xK Tech GmbH \| Country: DE show less	Port Scan Web App Attack
🇨🇭 4server	2026-06-06 10:44:24 (2 weeks ago)	[SatJun0612:44:19.2480312026][security2:error][pid1742910:tid1743043][client104.207.56.119:0]ModSecu ... show more [SatJun0612:44:19.2480312026][security2:error][pid1742910:tid1743043][client104.207.56.119:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".svn\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"364\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"www.4server.ch\"][uri\"/.svn/wc.db\"][unique_id\"aiP6A2NhedWup7o0JjeyswAAABA\"] show less	Hacking Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:52 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇧🇪 madeit	2025-11-27 12:21:21 (6 months ago)		Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 09:41:08 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.119 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.119 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:40:53.700771 2025] [security2:error] [pid 442:tid 442] [client 104.207.56.119:31527] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.jolka.org"] [uri "/.env"] [unique_id "aSQoJd3Or3nD3Voq5HR17QAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 04:01:09 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.119 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.119 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:00:58.818847 2025] [security2:error] [pid 3965260:tid 3965362] [client 104.207.56.119:16569] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.councilofforeignministers.com"] [uri "/.git/HEAD"] [unique_id "aSPYeqyiyKH59MCrZuH0jAAAAgo"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 10dencehispahard SL	2025-11-19 07:11:34 (7 months ago)	WP probing for vulnerabilities	Hacking Exploited Host
🇺🇸 TPI-Abuse	2025-11-15 05:34:22 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.119 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.119 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 15 00:34:15.920856 2025] [security2:error] [pid 28847:tid 28847] [client 104.207.56.119:23153] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.tnthandy.com"] [uri "/.env"] [unique_id "aRgQ15OELe1j4YEBchdxfwAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-14 13:04:07 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.119 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.119 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 14 08:04:01.203379 2025] [security2:error] [pid 7962:tid 7962] [client 104.207.56.119:60431] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.pleasefixmycomputer.com"] [uri "/.env"] [unique_id "aRcowWamMUJ0P6NDSnMuxAAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 sefinek.net	2025-11-03 08:18:53 (7 months ago)	Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: / UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 OPR/89.0.4447.51 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 Rip	2025-11-02 21:11:00 (7 months ago)	CIDR 104.207.32.0/19 150 distinct hosts from the subnet, each performing low-count POST /xmlrpc.ph ... show more CIDR 104.207.32.0/19 150 distinct hosts from the subnet, each performing low-count POST /xmlrpc.php probes. Requests alternate Android and legacy IE user agents, standard for headless brute scripts. PCRE-limit errors confirm payload complexity, matching WordPress RCE or XML-RPC pingback amplification attempts. 1197 probes across two days. show less	DDoS Attack Brute-Force
🇺🇸 Rip	2025-11-02 07:28:37 (7 months ago)	Authentication attack attempt. CMS Brute Force - Access Forbidden	Brute-Force Web App Attack
Anonymous	2025-11-01 20:11:14 (7 months ago)	[redacted] 104.207.56.119 - - [01/Nov/2025:21:11:01 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" " ... show more [redacted] 104.207.56.119 - - [01/Nov/2025:21:11:01 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" [redacted] 104.207.56.119 - - [01/Nov/2025:21:11:02 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13" [redacted] 104.207.56.119 - - [01/Nov/2025:21:11:03 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36" [redacted] 104.207.56.119 - - [01/Nov/2025:21:11:04 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0" [redacted] 104.207.56.119 - - [01/Nov/2025:21:11:05 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/4 ... show less	Hacking Web App Attack

Showing 1 to 15 of 135 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 222.108.100.117

🇺🇸 147.185.132.76

🇺🇸 130.65.254.8

🇨🇳 106.75.144.150

🇰🇷 101.36.114.198

🇫🇷 91.231.89.76

🇨🇳 14.103.118.194

🇩🇪 167.94.146.37

🇬🇧 35.203.210.130

🇫🇷 13.140.175.35

🇻🇳 171.244.60.35

🇸🇬 103.187.146.169

🇳🇱 91.92.241.87

🇭🇰 20.205.32.219

🇺🇸 162.216.149.115

🇫🇷 146.70.194.220

🇺🇸 44.252.54.208

🇰🇷 20.214.174.141

🇺🇸 136.118.204.221

🇮🇱 130.185.96.113