JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.56.209

104.207.56.209 was found in our database!

This IP was reported 134 times. Confidence of Abuse is 39%: ?

39%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.56.209

Whois 104.207.56.209

IP Abuse Reports for 104.207.56.209:

This IP address has been reported a total of 134 times from 19 distinct sources. 104.207.56.209 was first reported on June 3rd 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇲🇽 octageeks.com	2026-06-04 04:13:56 (1 week ago)	Wordpress malicious attack:[octaflood]	Web App Attack
🇩🇪 FeG Deutschland	2026-06-02 03:05:53 (1 week ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇲🇹 Malta	2026-06-01 07:59:23 (1 week ago)	104.207.56.209 - - [01/Jun/2026:09:59:23 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows ... show more 104.207.56.209 - - [01/Jun/2026:09:59:23 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows NT 11.0; Win64; x64; rv:118.0) Gecko/20100101 Firefox/118.0" Brute-force password attempt show less	Hacking Web App Attack Brute-Force
🇫🇷 ELYAZ	2026-05-31 00:18:11 (1 week ago)	(y4) Failed scan -byebye- from 104.207.56.209 (DE/Germany/-): (CF_ENABLE)	Hacking
🇺🇸 cwytech	2026-05-30 04:39:33 (2 weeks ago)	Fleet-wide ban from the Ghostfleet 👻. Triggered by scenario: cwy/wp-us-login-only-high.	Bad Web Bot Web App Attack
🇩🇪 iNetWorker	2026-05-27 05:16:48 (2 weeks ago)	trolling for resource vulnerabilities	Web App Attack
Anonymous	2026-05-27 01:20:47 (2 weeks ago)	Web attack blocked by Wordfence on cuypersinvalkenburg.nl (1 hit). Reported by CRMON.	Web App Attack
🇨🇳 ThreatBook.io	2026-05-05 01:06:09 (1 month ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/104.207.56.209 2026-05-04 1 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/104.207.56.209 2026-05-04 18:15:51 /api/0/organizations/ show less	Web App Attack
🇧🇪 madeit	2025-11-27 12:18:22 (6 months ago)		Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 07:16:45 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.209 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.209 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 02:16:41.549770 2025] [security2:error] [pid 12917:tid 12917] [client 104.207.56.209:18867] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.rudiscreations.com"] [uri "/.svn/wc.db"] [unique_id "aSapWQjIFWbM9Y3Fk1VC_QAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-26 05:19:03 (6 months ago)	Fuzzing/Looking for credentials files.	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 02:16:31 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.209 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.209 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 21:16:27.134604 2025] [security2:error] [pid 27287:tid 27287] [client 104.207.56.209:13441] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.gospectre.com"] [uri "/.git/HEAD"] [unique_id "aSURe_K_cniN0V_AS2nQaQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 00:52:15 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.209 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.209 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 19:52:08.091697 2025] [security2:error] [pid 30033:tid 30033] [client 104.207.56.209:46909] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.ferrarapanent.com"] [uri "/.git/HEAD"] [unique_id "aST9uDserfYxJj2Xsnv13wAAAGo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 00:21:29 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.209 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.209 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 19:21:22.304096 2025] [security2:error] [pid 23204:tid 23204] [client 104.207.56.209:12933] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.hal.dance"] [uri "/.svn/wc.db"] [unique_id "aST2gpGo__Rst2TIsng8WAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 09:11:44 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.209 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.209 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:11:23.032189 2025] [security2:error] [pid 3764154:tid 3764154] [client 104.207.56.209:32219] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.mw-creations.com"] [uri "/.svn/wc.db"] [unique_id "aSQhO9i8Wxui4zAWlzsHXgAAABU"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 134 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇪 2607:fdc0:202:3:9999::214

🇺🇸 71.6.146.186

🇺🇸 66.132.195.39

🇨🇳 60.13.6.224

🇩🇪 3.121.214.123

🇧🇷 205.210.31.252

🇮🇩 202.51.208.195

🇺🇸 104.207.41.81

🇩🇪 69.5.169.77

🇺🇸 47.150.58.241

🇳🇱 45.148.10.183

🇺🇸 2602:80d:1008::5d

🇩🇪 213.209.159.11

🇧🇷 209.14.88.118

🇫🇷 188.130.26.65

🇳🇱 45.148.10.141

🇮🇷 86.57.18.35

🇺🇸 66.132.172.40

🇺🇸 50.201.58.218

🇸🇬 43.134.167.218