JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.56.159

104.207.56.159 was found in our database!

This IP was reported 126 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.56.159

Whois 104.207.56.159

IP Abuse Reports for 104.207.56.159:

This IP address has been reported a total of 126 times from 13 distinct sources. 104.207.56.159 was first reported on June 12th 2024, and the most recent report was 2 months ago.

Old Reports: The most recent abuse report for this IP address is from 2 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 mawan	2026-03-12 15:53:37 (2 months ago)	Suspected of having performed illicit activity on LAX server.	Web App Attack
🇺🇸 TPI-Abuse	2026-02-21 01:54:57 (3 months ago)	(mod_security) mod_security (id:225170) triggered by 104.207.56.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 104.207.56.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 20 20:54:51.282933 2026] [security2:error] [pid 9234:tid 9234] [client 104.207.56.159:64337] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|chapa.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "chapa.net"] [uri "/wp-json/wp/v2/users"] [unique_id "aZkQa5E8rVWRItrEGeue9wAAAAM"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-28 03:26:22 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 22:26:16.022029 2025] [security2:error] [pid 10319:tid 10319] [client 104.207.56.159:35067] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tyning.com"] [uri "/.env"] [unique_id "aVCjWIpeQcSM5NUchvdtiwAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-12-27 18:14:45 (5 months ago)	"GET /.aws/credentials HTTP/1.1"	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-12-27 17:39:00 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 12:38:53.410501 2025] [security2:error] [pid 20079:tid 20079] [client 104.207.56.159:35743] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "wryemusings.com"] [uri "/.svn/wc.db"] [unique_id "aVAZrXcTmgaLCE8jhWACIAAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 01:15:22 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 20:15:12.298725 2025] [security2:error] [pid 4447:tid 4447] [client 104.207.56.159:18581] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.partiklezoo.com"] [uri "/.svn/wc.db"] [unique_id "aSZUoE6qxKaFAIRLMHGLUAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 00:29:25 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 19:29:19.868994 2025] [security2:error] [pid 29764:tid 29764] [client 104.207.56.159:12313] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.kemblebrothers.com"] [uri "/.svn/wc.db"] [unique_id "aSZJ34Rm_UeX5IAUM2uP3gAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 09:02:06 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:02:00.218978 2025] [security2:error] [pid 12390:tid 12390] [client 104.207.56.159:43025] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.lionheartpublications.com"] [uri "/.git/HEAD"] [unique_id "aSQfCFftfJXETVvscMK_xwAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 08:36:45 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 03:36:38.364339 2025] [security2:error] [pid 19018:tid 19018] [client 104.207.56.159:25739] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.bridgenevercrossed.com"] [uri "/.svn/wc.db"] [unique_id "aSQZFlXVPRFnlWr42Z2YswAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 08:15:21 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 03:15:14.528723 2025] [security2:error] [pid 28320:tid 28320] [client 104.207.56.159:47703] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.bayinsights.com"] [uri "/.env"] [unique_id "aSQUEsVzIsAV11_fqqe9JwAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 06:50:07 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 01:50:01.939266 2025] [security2:error] [pid 15756:tid 15756] [client 104.207.56.159:27717] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.michelehoop.com"] [uri "/.svn/wc.db"] [unique_id "aSQAGYrnOQZK63B7JR-UyQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 06:30:17 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 01:30:09.174507 2025] [security2:error] [pid 28860:tid 28860] [client 104.207.56.159:33283] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.vickiquint.com"] [uri "/.svn/wc.db"] [unique_id "aSP7cZxXtSHsk2siA3CIEgAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 05:27:40 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 00:27:31.807415 2025] [security2:error] [pid 7935:tid 7935] [client 104.207.56.159:23675] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.calveleyenterprises.com"] [uri "/.svn/wc.db"] [unique_id "aSPsw-VixCYXSaKjumIClwAAACA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 04:49:53 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:49:48.974920 2025] [security2:error] [pid 1395:tid 1395] [client 104.207.56.159:35951] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.kircali.net"] [uri "/.svn/wc.db"] [unique_id "aSPj7PGCgzSFMzjXrAenpgAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-18 04:15:05 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 17 23:14:56.907952 2025] [security2:error] [pid 3032:tid 3032] [client 104.207.56.159:23467] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.switchtool.iworklife.org"] [uri "/.env"] [unique_id "aRvywMFQD_1hgRWzD5PwJQAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 126 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 135.237.126.245

🇨🇳 124.164.251.88

🇺🇸 199.48.128.86

🇮🇳 125.20.210.182

🇨🇳 112.28.8.215

🇺🇸 104.237.132.65

🇺🇸 103.143.11.150

🇨🇳 39.154.5.255

🇺🇸 18.191.151.103

🇳🇱 5.61.209.33

🇺🇸 172.67.220.93

🇺🇸 154.92.22.13

🇧🇷 136.248.121.226

🇨🇳 121.225.55.155

🇨🇳 119.48.135.27

🇨🇳 118.250.105.210

🇮🇳 112.133.246.85

🇨🇳 59.52.179.214

🇮🇹 45.196.215.21

🇬🇧 8.208.34.88