JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.56.39

104.207.56.39 was found in our database!

This IP was reported 130 times. Confidence of Abuse is 3%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.56.39

Whois 104.207.56.39

IP Abuse Reports for 104.207.56.39:

This IP address has been reported a total of 130 times from 13 distinct sources. 104.207.56.39 was first reported on June 21st 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 oncord	2026-05-24 21:03:53 (1 week ago)	Form spam	Web Spam
🇦🇺 oncord	2026-04-09 22:30:30 (1 month ago)	Form spam	Web Spam
🇮🇹 VHosting	2026-04-02 17:45:11 (2 months ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇫🇷 tilellit.pro	2026-03-14 01:07:46 (2 months ago)	Fail2Ban banned 104.207.56.39 for security violations in jail nginx-aggressive. Log: 2026/03/14 01:0 ... show more Fail2Ban banned 104.207.56.39 for security violations in jail nginx-aggressive. Log: 2026/03/14 01:07:46 [error] FastCGI sent in stderr: "Primary script unknown" , client: 104.207.56.39, server: [REDACTED], request: "POST /wp-admin/xmlrpc.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED] 2026/03/14 01:07:46 [error] FastCGI sent in stderr: "Primary script unknown" , client: 104.207.56.39, server: [REDACTED], request: "POST /wp-admin/xmlrpc.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED] ... show less	Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2025-11-26 22:59:04 (6 months ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2025-11-25. show less	Hacking Web App Attack SSH
🇳🇱 homeshowdomain.nl	2025-11-25 23:02:45 (6 months ago)	Auto-ban: >3000 req/min op 2025-11-25	Hacking Web App Attack SSH
🇺🇸 TPI-Abuse	2025-11-25 07:18:30 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.39 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.39 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 02:18:22.107774 2025] [security2:error] [pid 30219:tid 30219] [client 104.207.56.39:53665] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.sarcd.com"] [uri "/.git/HEAD"] [unique_id "aSVYPmCdsFNfxbFe0ylrpwAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 06:19:36 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.39 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.39 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 01:19:31.408924 2025] [security2:error] [pid 29625:tid 29625] [client 104.207.56.39:57747] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.needtoorderprinting.com"] [uri "/.git/HEAD"] [unique_id "aSVKc0NBDJKxYt6QrJQimgAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 03:42:46 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.39 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.39 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:42:39.855572 2025] [security2:error] [pid 28823:tid 28823] [client 104.207.56.39:21535] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.campcirclestar.com"] [uri "/.env"] [unique_id "aSUlr3fvgKUWweyq7Emv_wAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 03:24:13 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.39 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.39 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:24:07.512868 2025] [security2:error] [pid 14557:tid 14557] [client 104.207.56.39:41485] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "desarrollosdecolima.com"] [uri "/.env"] [unique_id "aSUhV7kXOV9bzGKRxC9LOgAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 02:06:53 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.39 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.39 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 21:06:48.497872 2025] [security2:error] [pid 18338:tid 18338] [client 104.207.56.39:31767] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.drpeppard.com"] [uri "/.svn/wc.db"] [unique_id "aSUPOPZD_Rb1aTe-5uzD4gAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 01:11:16 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.39 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.39 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 20:11:11.007351 2025] [security2:error] [pid 31678:tid 31678] [client 104.207.56.39:59947] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.stormstrips.info"] [uri "/.env"] [unique_id "aSUCL4Wr-Uqwm4cHHwszLQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 00:39:50 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.39 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.39 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 19:39:42.184031 2025] [security2:error] [pid 4143:tid 4143] [client 104.207.56.39:47283] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "workshop.modelengines.info"] [uri "/.git/HEAD"] [unique_id "aST6zgeWmtj9srkBJt9VnAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 00:20:22 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.39 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.39 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 19:20:01.001652 2025] [security2:error] [pid 4311:tid 4341] [client 104.207.56.39:22589] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.onenessrecords.com"] [uri "/.git/HEAD"] [unique_id "aST2MaO7-HhXDlACxWo2_gAAAJA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-12 12:50:17 (6 months ago)	Attempted brute force login to web vpn 72 time(s); last attempt for 2025.11.12 is noted in report ti ... show more Attempted brute force login to web vpn 72 time(s); last attempt for 2025.11.12 is noted in report timestamp show less	Hacking Brute-Force

Showing 1 to 15 of 130 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 162.216.150.160

🇳🇱 192.42.116.64

🇩🇪 185.91.127.85

🇷🇺 185.63.197.177

🇮🇶 169.224.104.153

🇫🇷 141.11.1.134

🇨🇳 123.124.24.114

🇰🇷 112.217.188.122

🇻🇳 103.172.236.15

🇨🇦 85.217.149.68

🇱🇹 85.206.68.80

🇷🇺 46.147.113.91

🇳🇱 45.148.10.151

🇬🇲 41.76.9.206

🇯🇵 34.146.217.105

🇺🇸 208.75.123.198

🇧🇿 190.197.31.203

🇺🇸 166.62.41.190

🇺🇸 146.88.241.155

🇺🇸 134.33.73.107