JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.56.95

104.207.56.95 was found in our database!

This IP was reported 138 times. Confidence of Abuse is 3%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.56.95

Whois 104.207.56.95

IP Abuse Reports for 104.207.56.95:

This IP address has been reported a total of 138 times from 21 distinct sources. 104.207.56.95 was first reported on June 5th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇪 cmbplf	2026-06-02 01:26:44 (1 week ago)	3.943 requests with url.path */xmlrpc.php 3.943 requests with url.path //xmlrpc.php	Brute-Force Bad Web Bot
🇬🇧 consul.to	2026-02-15 12:49:19 (3 months ago)	Web attack/malicious scanning detected	Web App Attack
🇩🇪 BlueWire Hosting	2026-02-15 12:20:57 (3 months ago)	Probing websites for vulnerabilities	SQL Injection Web App Attack
Anonymous	2026-02-15 12:13:03 (3 months ago)	Bot / scanning and/or hacking attempts: GET /admin/.git/config HTTP/1.1, GET /backend/.env HTTP/1.1, ... show more Bot / scanning and/or hacking attempts: GET /admin/.git/config HTTP/1.1, GET /backend/.env HTTP/1.1, GET /.env.save HTTP/1.1, GET /new/.git/config HTTP/1.1, GET /.env.production HTTP/1.1, GET /site/.git/config HTTP/1.1, GET /app/.git/config HTTP/1.1, GET /api/.env HTTP/1.1, GET /wp/.git/config HTTP/1.1 show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 11:43:23 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.95 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.95 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 06:43:19.039977 2026] [security2:error] [pid 4115:tid 4115] [client 104.207.56.95:41331] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tcjohnston.com"] [uri "/backend/.env"] [unique_id "aZGxV16asfDc0ZMYir4MigAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 04:56:31 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.95 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.95 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 23:56:23.308124 2026] [security2:error] [pid 2167:tid 2217] [client 104.207.56.95:64453] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sujugada.com"] [uri "/.env.staging"] [unique_id "aZFR9yZIRZBCB3DKHleeOQAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 03:50:53 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.95 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.95 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 22:50:49.554697 2026] [security2:error] [pid 27805:tid 27805] [client 104.207.56.95:38375] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "steveyett.com"] [uri "/.env.production"] [unique_id "aZFCmeqSms3vNA2pBIS9OwAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 03:12:07 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.95 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.95 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 22:12:01.068746 2026] [security2:error] [pid 26194:tid 26194] [client 104.207.56.95:25893] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "stananddana.com"] [uri "/api/.env"] [unique_id "aZE5gdo8MqiY2hu6y1MTCgAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-02-15 03:05:38 (3 months ago)	Too many Status 40X (12) Scanning/Probing (15)	Brute-Force Web App Attack
🇨🇭 Origon	2026-02-15 02:44:30 (3 months ago)	http-sensitive-files - IP: 104.207.56.95 - time="2026-02-15T03:44:30+01:00" level=info msg="(555f66 ... show more http-sensitive-files - IP: 104.207.56.95 - time="2026-02-15T03:44:30+01:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-sensitive-files by ip 104.207.56.95 (DE/200373) : 4h ban on Ip 104.207.56.95" module=db show less	Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 01:20:42 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.95 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.95 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 20:20:38.936111 2026] [security2:error] [pid 17993:tid 17993] [client 104.207.56.95:16805] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mundanestudies.org"] [uri "/.env.local"] [unique_id "aZEfZmPRCKSIurqTZwye5wAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 00:34:51 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.95 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.95 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 19:34:45.837563 2026] [security2:error] [pid 28454:tid 28454] [client 104.207.56.95:42845] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mountainchristmascards.com"] [uri "/api/.env"] [unique_id "aZEUpQfQGF7yUxcg0OVifwAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-14 23:46:09 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.95 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.95 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 18:46:01.095364 2026] [security2:error] [pid 17926:tid 17926] [client 104.207.56.95:33081] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lockyers.com"] [uri "/backup/.git/config"] [unique_id "aZEJOTc1TRSmGUEiSOTjwwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-14 23:05:18 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.95 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.95 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 18:05:11.628552 2026] [security2:error] [pid 522:tid 522] [client 104.207.56.95:48789] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "literarylights.com"] [uri "/admin/.env"] [unique_id "aZD_p_hLHVa1ZJ3nZRjkoQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-14 22:49:58 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.56.95 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.56.95 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 17:49:53.955985 2026] [security2:error] [pid 869853:tid 869853] [client 104.207.56.95:31023] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lingafelt.com"] [uri "/test/.git/config"] [unique_id "aZD8EUcYCQSATWn1li5ewAAAABI"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 138 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.25.89.109

🇯🇵 203.25.124.79

🇧🇷 200.216.172.182

🇰🇷 116.123.155.102

🇦🇹 89.144.195.89

🇳🇱 80.82.77.139

🇩🇪 69.5.169.182

🇯🇵 203.25.124.13

🇬🇧 198.244.226.219

🇮🇶 185.158.23.150

🇩🇪 154.195.27.146

🇫🇮 147.185.133.215

🇷🇸 77.105.37.219

🇬🇧 37.156.64.172

🇺🇸 34.16.244.224

🇩🇪 195.230.103.245

🇺🇸 195.184.76.179

🇮🇩 157.15.40.1

🇨🇳 115.190.173.110

🇧🇷 177.85.3.99