JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.56.87

104.207.56.87 was found in our database!

This IP was reported 127 times. Confidence of Abuse is 2%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.56.87

Whois 104.207.56.87

IP Abuse Reports for 104.207.56.87:

This IP address has been reported a total of 127 times from 17 distinct sources. 104.207.56.87 was first reported on June 5th 2024, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 big-cloud.nl	2026-05-17 14:50:27 (2 weeks ago)	Try to access /xmlrpc.php?rsd	Web App Attack
🇱🇻 garmtech.com	2026-04-01 21:52:32 (2 months ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 00-52.104.207.56.87.web-spamme ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 00-52.104.207.56.87.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack
Anonymous	2025-12-30 20:36:22 (5 months ago)	"GET /.aws/credentials HTTP/1.1"	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-12-30 10:21:35 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.87 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.87 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 30 05:21:27.479505 2025] [security2:error] [pid 19061:tid 19061] [client 104.207.56.87:51265] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "trafficstopper.com"] [uri "/.svn/wc.db"] [unique_id "aVOnp3dMfCIQwDGej4MVMQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇷 hostseries	2025-12-24 05:41:00 (5 months ago)	Trigger: LF_DISTATTACK	Brute-Force
🇬🇧 openstrike.co.uk	2025-12-23 08:28:54 (5 months ago)	9 packets to port 2083	Port Scan
Anonymous	2025-11-27 13:38:59 (6 months ago)	Attempted brute force login to web vpn 1212 time(s); last attempt for 2025.11.27 is noted in report ... show more Attempted brute force login to web vpn 1212 time(s); last attempt for 2025.11.27 is noted in report timestamp show less	Hacking Brute-Force
🇺🇸 TPI-Abuse	2025-11-24 09:39:20 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.87 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.87 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:39:07.622801 2025] [security2:error] [pid 16365:tid 16365] [client 104.207.56.87:18667] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lkabookkeeping.cathrynn.com"] [uri "/.git/HEAD"] [unique_id "aSQnu4AQtoqGLClVWpyDDQAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 07:52:30 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.87 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.87 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 02:52:09.660573 2025] [security2:error] [pid 31077:tid 31077] [client 104.207.56.87:57845] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.electric-meat-grinder.com"] [uri "/.svn/wc.db"] [unique_id "aSQOqQqBNMjaM5ZagLq4twAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 07:16:54 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.87 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.87 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 02:16:47.683502 2025] [security2:error] [pid 4732:tid 4732] [client 104.207.56.87:11827] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.agrizel.com"] [uri "/.svn/wc.db"] [unique_id "aSQGX0nfOaPMMnHdNborBAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 05:10:20 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.87 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.87 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 00:10:14.267652 2025] [security2:error] [pid 7401:tid 7401] [client 104.207.56.87:44213] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.enperth.byles.net"] [uri "/.svn/wc.db"] [unique_id "aSPotgA_1g6tH5Sao0n9XgAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 04:21:29 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.87 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.87 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:21:14.848348 2025] [security2:error] [pid 16980:tid 16980] [client 104.207.56.87:13431] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.couturebikini.com"] [uri "/.git/HEAD"] [unique_id "aSPdOu_PPnTUyg6ubqJxFgAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-18 23:49:41 (6 months ago)	Attempted brute force login to web vpn 432 time(s); last attempt for 2025.11.18 is noted in report t ... show more Attempted brute force login to web vpn 432 time(s); last attempt for 2025.11.18 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-10-25 16:25:51 (7 months ago)	2025-10-25T18:25:48.128554 localhost.localdomain sshd[911048]: pam_unix(sshd:auth): authentication f ... show more 2025-10-25T18:25:48.128554 localhost.localdomain sshd[911048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.207.56.87 2025-10-25T18:25:50.510342 localhost.localdomain sshd[911048]: Failed password for invalid user pouvreauangelique16 from 104.207.56.87 port 31481 ssh2 ... show less	Brute-Force SSH
🇩🇪 cloudmax	2025-10-24 10:49:20 (7 months ago)	Cloudmax IPS Block - Suspicious activity. Possible port scanning, service reconnaissance, or vulnera ... show more Cloudmax IPS Block - Suspicious activity. Possible port scanning, service reconnaissance, or vulnerability probing show less	Port Scan

Showing 1 to 15 of 127 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇴 45.92.33.82

🇬🇧 2a02:4780:a:1757:0:2f00:5c03:1

🇰🇷 222.239.251.12

🇧🇪 198.235.24.249

🇧🇪 198.235.24.246

🇮🇳 135.235.138.43

🇬🇧 89.37.172.135

🇳🇱 89.21.67.152

🇰🇷 58.229.141.26

🇧🇷 45.172.253.203

🇩🇿 41.97.160.6

🇬🇧 31.14.254.51

🇬🇧 31.14.254.42

🇱🇹 213.252.244.11

🇧🇪 198.235.24.244

🇧🇪 198.235.24.242

🇧🇪 198.235.24.238

🇳🇱 185.223.235.61

🇺🇸 66.132.224.27

🇳🇱 45.198.224.5