JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.56.181

104.207.56.181 was found in our database!

This IP was reported 152 times. Confidence of Abuse is 9%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.56.181

Whois 104.207.56.181

IP Abuse Reports for 104.207.56.181:

This IP address has been reported a total of 152 times from 16 distinct sources. 104.207.56.181 was first reported on June 22nd 2024, and the most recent report was 4 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 4 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Axel	2026-05-09 18:22:42 (4 weeks ago)	[2026-05-09 18:22:42 UTC] Honeypot WebLogic connection attempt \| AXFRA HONEYPOT	Web App Attack
🇬🇧 PeravixGroup	2026-05-07 20:26:00 (1 month ago)	Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severit ... show more Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇺🇸 TPI-Abuse	2026-02-13 13:46:41 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 13 08:46:38.107514 2026] [security2:error] [pid 16808:tid 16808] [client 104.207.56.181:27531] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "leadinglogan.com"] [uri "/frontend/.env"] [unique_id "aY8rPiMWIHk5XL0MzllWawAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 0x44	2026-02-13 07:13:20 (3 months ago)	104.207.56.181 [13/Feb/2026] * Spam host detected, probing for vulnerabilities	Web Spam Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 04:54:43 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 23:54:37.535849 2026] [security2:error] [pid 9369:tid 9369] [client 104.207.56.181:20195] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "masterfulenlighteningfreestudies.org"] [uri "/app/.env"] [unique_id "aY6ujT0Umafr2e7m1aQ4eAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 SCHAPPY	2026-02-13 03:37:43 (3 months ago)	Critical web app attack detected. Restricted File Access Attempt	Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 03:02:06 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 22:01:58.578288 2026] [security2:error] [pid 9667:tid 9667] [client 104.207.56.181:53575] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "manvsfoodlocations.com"] [uri "/v2/.git/config"] [unique_id "aY6UJvNK3TjzBbwaOgBAGQAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 01:59:04 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 20:58:58.847194 2026] [security2:error] [pid 13729:tid 13729] [client 104.207.56.181:22597] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "makaelamakes.org"] [uri "/app/.env"] [unique_id "aY6FYryK5MLP8FrbZgkpjgAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 01:07:28 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 20:07:22.751219 2026] [security2:error] [pid 9870:tid 9888] [client 104.207.56.181:50793] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "madring.live"] [uri "/.env.save"] [unique_id "aY55St-7bgQI0GiYDZ_fvgAAAI8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 00:52:22 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 19:52:17.339982 2026] [security2:error] [pid 2968:tid 2968] [client 104.207.56.181:33211] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "macryder.com"] [uri "/.env.save"] [unique_id "aY51wa0P-liNVs-b3AiSVQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-12 17:31:29 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 12:29:18.216231 2026] [security2:error] [pid 1179541:tid 1179556] [client 104.207.56.181:39295] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "delapiazza.com"] [uri "/.env"] [unique_id "aY4N7gvMeIDAwpaY0ftl8gAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-12 16:06:04 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 11:05:58.192122 2026] [security2:error] [pid 14058:tid 14058] [client 104.207.56.181:24617] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "directnicvpn.com"] [uri "/.git/config"] [unique_id "aY36ZoqMuxQIutbElLyBSwAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 big-cloud.nl	2026-02-12 15:43:17 (3 months ago)	Try to access /.git/config	Web App Attack
🇺🇸 TPI-Abuse	2026-02-12 03:59:17 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 11 22:59:11.899871 2026] [security2:error] [pid 29970:tid 29970] [client 104.207.56.181:26939] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gayarab.com"] [uri "/backup/.git/config"] [unique_id "aY1QD7pHHfyHd27L9dzPowAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-02-12 00:36:49 (3 months ago)	104.207.56.181 - - [12/Feb/2026:00:36:47 +0000] "GET /backup/.git/config HTTP/1.1" 302 3410 "-" "Moz ... show more 104.207.56.181 - - [12/Feb/2026:00:36:47 +0000] "GET /backup/.git/config HTTP/1.1" 302 3410 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" ... show less	Bad Web Bot Web App Attack

Showing 1 to 15 of 152 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 198.235.24.52

🇺🇸 147.185.132.49

🇨🇦 138.197.163.192

🇺🇸 138.2.235.174

🇨🇳 113.195.163.59

🇧🇬 78.128.112.30

🇺🇸 2607:f8b0:4004:c1f::12e

🇧🇪 198.235.24.166

🇹🇿 197.250.101.13

🇲🇽 189.36.240.122

🇲🇽 187.174.238.116

🇨🇦 154.20.86.14

🇺🇸 152.32.183.27

🇺🇸 147.185.132.237

🇵🇰 137.59.230.145

🇳🇱 89.21.67.149

🇮🇳 223.233.85.174

🇧🇷 179.185.18.67

🇭🇰 165.154.22.130

🇨🇳 117.50.69.4