JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.56.138

104.207.56.138 was found in our database!

This IP was reported 126 times. Confidence of Abuse is 11%: ?

11%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.56.138

Whois 104.207.56.138

IP Abuse Reports for 104.207.56.138:

This IP address has been reported a total of 126 times from 18 distinct sources. 104.207.56.138 was first reported on June 4th 2024, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 mnsf	2026-06-09 13:06:12 (2 days ago)	Scanning/Probing (34)	Brute-Force Web App Attack
🇺🇸 mnsf	2026-06-05 16:05:31 (6 days ago)	Scanning/Probing (24)	Brute-Force Web App Attack
🇺🇸 mnsf	2026-06-01 13:07:55 (1 week ago)	Scanning/Probing (24)	Brute-Force Web App Attack
🇫🇷 tilellit.pro	2026-04-22 05:15:44 (1 month ago)	Fail2Ban banned 104.207.56.138 for security violations in jail nginx-aggressive. Log: 2026/04/22 05: ... show more Fail2Ban banned 104.207.56.138 for security violations in jail nginx-aggressive. Log: 2026/04/22 05:15:42 [error] FastCGI sent in stderr: "Primary script unknown" , client: 104.207.56.138, server: [REDACTED], request: "POST /wp-admin/xmlrpc.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED] 2026/04/22 05:15:44 [error] FastCGI sent in stderr: "Primary script unknown" , client: 104.207.56.138, server: [REDACTED], request: "POST /wp-admin/xmlrpc.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED] ... show less	Bad Web Bot Web App Attack
🇩🇪 Lino Project	2026-04-08 10:25:26 (2 months ago)	104.207.56.138 - - [08/Apr/2026:12:25:25 +0200] "GET /wp-admin/post-new.php HTTP/1.1" 403 6555 "http ... show more 104.207.56.138 - - [08/Apr/2026:12:25:25 +0200] "GET /wp-admin/post-new.php HTTP/1.1" 403 6555 "https://www.primobio.it/mio-account/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" ... show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-01-05 20:35:10 (5 months ago)	Attempted brute force login to web vpn 9 time(s); last attempt for 2026.01.05 is noted in report tim ... show more Attempted brute force login to web vpn 9 time(s); last attempt for 2026.01.05 is noted in report timestamp show less	Hacking Brute-Force
🇫🇷 COMAITE	2026-01-02 03:58:21 (5 months ago)	Suspicious URL access.	Web App Attack
🇺🇸 TPI-Abuse	2025-12-23 22:12:53 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 23 17:12:45.575453 2025] [security2:error] [pid 19361:tid 19361] [client 104.207.56.138:22451] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "adlc18.org"] [uri "/wp-config.php"] [unique_id "aUsT3Vxio7rgGumZSjDF1gAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 sefinek.net	2025-12-13 13:05:30 (5 months ago)	Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: /genshin-stella-mod UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 nowyouknow	2025-11-28 06:11:05 (6 months ago)	(From [email protected]) Boost your search engine rankings, improve your online exposure and build ... show more (From [email protected]) Boost your search engine rankings, improve your online exposure and build powerful backlinks! BonusBacklinks.com - we build daily backlinks and drive organic visits to your site EVERY DAY: + Use 85% OFF + Strong daily seo backlinks + Real website traffic + Prices only from $1 + Bonus discount codes https://tiny.cc/BonusBacklinks-Offers BonusBacklinks.com - daily seo backlinks and organic clicks to improve your website every day show less	Phishing Web Spam
🇵🇱 sefinek.net	2025-11-24 23:24:51 (6 months ago)	Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: /genshin-stella-mod UA: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Vivaldi/5.3.2679.68 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2025-11-24 09:18:20 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:18:12.659612 2025] [security2:error] [pid 20003:tid 20003] [client 104.207.56.138:17217] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.mumawvickers.com"] [uri "/.svn/wc.db"] [unique_id "aSQi1DDy_NNUZ38mpIzb4QAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 04:51:54 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:51:47.319192 2025] [security2:error] [pid 18325:tid 18343] [client 104.207.56.138:38191] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.yorkbaitcompany.com"] [uri "/.git/HEAD"] [unique_id "aSPkY7ibCkDUtlE56PAm6QAAAFA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-21 06:41:05 (6 months ago)	Forum/form spam	Web Spam
Anonymous	2025-10-27 01:28:34 (7 months ago)	Forum/form spam	Web Spam

Showing 1 to 15 of 126 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 43.157.53.115

🇺🇸 207.254.40.89

🇨🇳 116.171.27.248

🇳🇱 45.148.10.183

🇺🇸 40.122.152.175

🇺🇸 35.185.62.54

🇺🇸 20.96.179.87

🇧🇷 170.238.160.191

🇩🇿 105.96.13.6

🇷🇴 80.94.95.242

🇨🇳 58.221.233.121

🇺🇸 162.217.165.54

🇻🇳 103.68.68.121

🇳🇱 45.156.128.104

🇷🇴 2.57.121.25

🇮🇩 210.79.142.221

🇹🇭 184.22.172.184

🇺🇸 147.185.132.210

🇰🇷 114.203.87.250

🇨🇳 183.191.28.188