JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.56.166

104.207.56.166 was found in our database!

This IP was reported 143 times. Confidence of Abuse is 32%: ?

32%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.56.166

Whois 104.207.56.166

IP Abuse Reports for 104.207.56.166:

This IP address has been reported a total of 143 times from 26 distinct sources. 104.207.56.166 was first reported on June 7th 2024, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 pm33	2026-05-31 19:37:50 (5 days ago)	Wordpress login attempts	Brute-Force
Anonymous	2026-05-31 11:11:51 (6 days ago)	[server.tmg.gr] httpd-login-spray-site: sites=tmg.gr.forms; logs=/var/log/httpd/domains/tmg.gr.forms ... show more [server.tmg.gr] httpd-login-spray-site: sites=tmg.gr.forms; logs=/var/log/httpd/domains/tmg.gr.forms.log; samples=site_wide=true \| distinct_ips=12 \| /wp-login.php show less	Hacking Web App Attack
🇩🇪 iNetWorker	2026-05-30 07:11:33 (1 week ago)	trolling for resource vulnerabilities	Web App Attack
🇺🇸 lostswordfish.com	2026-05-29 18:46:03 (1 week ago)	Wordfence waf block on wp20190711M4	Web App Attack
🇩🇪 Spiderpiggy	2026-05-27 10:15:34 (1 week ago)	Automatically reported via Blackhole honeypot on games4you.be. Attempted access to restricted endpoi ... show more Automatically reported via Blackhole honeypot on games4you.be. Attempted access to restricted endpoint: /wp-login.php show less	Brute-Force Bad Web Bot SSH
🇦🇺 RedBear IT	2026-03-26 10:00:37 (2 months ago)	"DDoS against public endpoint"	DDoS Attack
🇺🇸 TPI-Abuse	2026-02-13 08:05:25 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.166 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 13 03:05:21.598686 2026] [security2:error] [pid 23230:tid 23316] [client 104.207.56.166:24541] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "la.productions"] [uri "/.env.production"] [unique_id "aY7bQU0qaNF2Fp_hMVdPqQAAAcA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 DocNetzwerk	2026-02-13 08:03:54 (3 months ago)	(mod_security) mod_security triggered on hostname [redacted] 104.207.56.166 (DE/Germany/-)	SQL Injection
Anonymous	2026-02-13 05:07:03 (3 months ago)	Bot / scanning and/or hacking attempts: GET /.env.save HTTP/1.1, GET /admin/.env HTTP/1.1, GET /dev/ ... show more Bot / scanning and/or hacking attempts: GET /.env.save HTTP/1.1, GET /admin/.env HTTP/1.1, GET /dev/.git/config HTTP/1.1, GET /admin/.git/config HTTP/1.1, GET /v2/.git/config HTTP/1.1, GET /.aws/credentials HTTP/1.1, GET /app/.env HTTP/1.1, GET /config/.env HTTP/1.1, GET /backup/.git/config HTTP/1.1, GET /new/.git/config HTTP/1.1, GET /.git/config HTTP/1.1, GET /.env.local HTTP/1.1, GET /test/.git/config HTTP/1.1, GET /site/.git/config HTTP/1.1, GET /frontend/.env HTTP/1.1, GET /wp/.git/config HTTP/1.1, GET /app/.git/config HTTP/1.1, GET /api/.git/config HTTP/1.1, GET /backend/.env HTTP/1.1 show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-02-12 17:35:45 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.166 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 12:35:39.171359 2026] [security2:error] [pid 27837:tid 27837] [client 104.207.56.166:16743] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "billdavidow.com"] [uri "/.env"] [unique_id "aY4PawHkQL8pQkuax4FYiQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-12 15:49:02 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.166 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 10:48:55.225738 2026] [security2:error] [pid 16502:tid 16502] [client 104.207.56.166:57419] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bikiniwatersports.com"] [uri "/.git/config"] [unique_id "aY32Z8vc-EKqXBtaCUTEXAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-12 14:56:37 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.166 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 09:56:33.452553 2026] [security2:error] [pid 24607:tid 24607] [client 104.207.56.166:27433] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "austintrauma.com"] [uri "/.git/config"] [unique_id "aY3qIXLfnPoSDXk1Ap_XIAAAACA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-12 13:32:12 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.166 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 08:32:04.708193 2026] [security2:error] [pid 8471:tid 8471] [client 104.207.56.166:21565] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "123clearmyticket.com"] [uri "/dev/.git/config"] [unique_id "aY3WVJzReERjTELgZ3hdcAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-11 12:24:57 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.166 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 11 07:24:52.867377 2026] [security2:error] [pid 5736:tid 5736] [client 104.207.56.166:44935] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "brianknudsen.com"] [uri "/dev/.git/config"] [unique_id "aYx1FFDuUKltytCGBUXKzwAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-11 03:29:37 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.166 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 10 22:29:34.696766 2026] [security2:error] [pid 20916:tid 20916] [client 104.207.56.166:57745] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "corinthianscruise.org"] [uri "/config/.env"] [unique_id "aYv3noUUDy6s9XxEvFvvpwAAABA"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 143 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 193.163.125.69

🇺🇸 162.216.150.215

🇨🇳 139.9.191.197

🇺🇸 138.124.123.129

🇨🇳 112.239.121.232

🇫🇷 91.231.89.237

🇫🇷 91.231.89.93

🇺🇸 54.162.56.149

🇺🇸 45.39.115.140

🇰🇷 211.254.212.59

🇬🇧 191.101.59.86

🇮🇳 122.181.121.142

🇨🇳 120.216.239.91

🇳🇱 77.83.39.95

🇺🇸 75.127.15.105

🇸🇬 23.111.14.186

🇬🇧 193.163.125.149

🇩🇪 165.232.125.188

🇳🇱 45.156.87.253

🇰🇷 39.113.81.59