JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.56.220

104.207.56.220 was found in our database!

This IP was reported 125 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.56.220

Whois 104.207.56.220

IP Abuse Reports for 104.207.56.220:

This IP address has been reported a total of 125 times from 15 distinct sources. 104.207.56.220 was first reported on June 11th 2024, and the most recent report was 2 months ago.

Old Reports: The most recent abuse report for this IP address is from 2 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 mind5t0rm	2026-04-24 10:49:48 (2 months ago)	(XMLRPC,WPLOGIN) Login failure/trigger from 104.207.56.220 (DE/Germany/-): 3 in the last 3600 secs; ... show more (XMLRPC,WPLOGIN) Login failure/trigger from 104.207.56.220 (DE/Germany/-): 3 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 104.207.56.220 - - [24/Apr/2026:17:49:25 +0700] "GET /wp-login.php HTTP/2.0" 200 3112 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 13_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15" 104.207.56.220 - - [24/Apr/2026:17:49:26 +0700] "POST /xmlrpc.php HTTP/2.0" 403 154 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0" 104.207.56.220 - - [24/Apr/2026:17:49:46 +0700] "GET /wp-login.php HTTP/2.0" 200 3112 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.207 Safari/537.36" show less	Port Scan
🇺🇸 stechusa	2026-03-20 07:43:52 (3 months ago)	[Askari] country=DE \| ASN=3xK Tech GmbH \| Sequential facet path walking detected (5 paths in order) ... show more [Askari] country=DE \| ASN=3xK Tech GmbH \| Sequential facet path walking detected (5 paths in order) \| Sequential facet path walking detected (6 paths in order) \| Sequential facet path walking detected (7 paths in order) \| Signals: sequential_path_walk, facet_crawling, velocity_acceleration, single_page_type, suspicious_first_request show less	Web App Attack Hacking Web Spam
🇺🇸 stechusa	2026-03-20 07:43:52 (3 months ago)	country=DE \| ASN=3xK Tech GmbH \| Sequential facet path walking detected (5 paths in order) \| Sequent ... show more country=DE \| ASN=3xK Tech GmbH \| Sequential facet path walking detected (5 paths in order) \| Sequential facet path walking detected (6 paths in order) \| Sequential facet path walking detected (7 paths in order) show less	Web App Attack Hacking Web Spam
Anonymous	2026-02-08 04:07:02 (4 months ago)	Banned by SPAMHAUS ASN-DROP list (ASN: 200373)	DDoS Attack Hacking Bad Web Bot Web App Attack
🇪🇸 10dencehispahard SL	2026-01-23 07:37:10 (5 months ago)	Wordpress probing for vulnerabilities	Hacking Exploited Host
🇧🇪 madeit	2025-11-27 12:12:44 (6 months ago)		Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 06:45:14 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.220 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.220 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 01:45:08.753867 2025] [security2:error] [pid 19321:tid 19321] [client 104.207.56.220:60367] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "execsandtechs.com"] [uri "/.svn/wc.db"] [unique_id "aSVQdMMDVS_nQFZvQitYegAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 06:16:58 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.220 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.220 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 01:16:45.520066 2025] [security2:error] [pid 14226:tid 14327] [client 104.207.56.220:14277] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.2291106.com"] [uri "/.env"] [unique_id "aSVJzZF6HRvJfyrmJlm6ZwAAAE8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 08:06:30 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.220 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.220 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 03:06:22.916023 2025] [security2:error] [pid 23150:tid 23150] [client 104.207.56.220:27461] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.mympizzas.com.mx"] [uri "/.env"] [unique_id "aSQR_ubP5FfG_aEKe3EVYgAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 07:33:52 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.220 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.220 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 02:33:43.935315 2025] [security2:error] [pid 28358:tid 28358] [client 104.207.56.220:39161] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.starfrontiers.com"] [uri "/.env"] [unique_id "aSQKVxWHSZSpBaGOn7o1wQAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 06:35:02 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.220 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.220 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 01:34:55.793636 2025] [security2:error] [pid 21711:tid 21711] [client 104.207.56.220:53507] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.winformation.us"] [uri "/.svn/wc.db"] [unique_id "aSP8j_38fXFrmnfE-ETRPwAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 04:43:30 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.220 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.220 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:43:25.770324 2025] [security2:error] [pid 3476:tid 3476] [client 104.207.56.220:24349] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.jensen.silsby.com"] [uri "/.svn/wc.db"] [unique_id "aSPibas1_yvWGGWAJJNfHwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2025-10-25 18:38:30 (7 months ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 21-38.104.207.56.220.web-spamm ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 21-38.104.207.56.220.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack
Anonymous	2025-10-19 20:16:24 (8 months ago)	Attempted brute force login to web vpn 18 time(s); last attempt for 2025.10.19 is noted in report ti ... show more Attempted brute force login to web vpn 18 time(s); last attempt for 2025.10.19 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-10-18 22:17:05 (8 months ago)	Attempted brute force login to web vpn 126 time(s); last attempt for 2025.10.18 is noted in report t ... show more Attempted brute force login to web vpn 126 time(s); last attempt for 2025.10.18 is noted in report timestamp show less	Hacking Brute-Force

Showing 1 to 15 of 125 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇪 213.66.196.11

🇳🇱 195.178.110.30

🇻🇳 165.154.221.175

🇸🇾 185.225.41.192

🇺🇸 172.253.0.20

🇩🇪 69.5.169.92

🇧🇪 207.175.15.119

🇲🇽 187.191.48.4

🇧🇷 186.216.88.94

🇩🇪 185.254.75.28

🇮🇳 182.78.69.178

🇮🇩 157.15.40.77

🇺🇸 144.172.103.103

🇨🇳 113.57.186.201

🇷🇴 89.40.222.58

🇺🇸 45.79.207.129

🇺🇸 44.242.147.130

🇯🇵 20.89.60.120

🇺🇸 216.73.161.203

🇰🇷 211.178.247.182