JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.57.2

104.207.57.2 was found in our database!

This IP was reported 84 times. Confidence of Abuse is 27%: ?

27%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.57.2

Whois 104.207.57.2

IP Abuse Reports for 104.207.57.2:

This IP address has been reported a total of 84 times from 20 distinct sources. 104.207.57.2 was first reported on June 4th 2024, and the most recent report was 9 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 ELYAZ	2026-06-15 22:14:58 (9 hours ago)	(y4) Failed scan -byebye- from 104.207.57.2 (DE/Germany/-): (CF_ENABLE)	Hacking
🇺🇦 URAN Publishing Service	2026-06-02 03:39:09 (2 weeks ago)	104.207.57.2 - - [02/Jun/2026:06:36:52 +0300] "POST /wp-login.php HTTP/1.1" 404 3312 "https://psysoc ... show more 104.207.57.2 - - [02/Jun/2026:06:36:52 +0300] "POST /wp-login.php HTTP/1.1" 404 3312 "https://psysocwork.onu.edu.ua/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; rv:119.0) Gecko/20100101 Firefox/119.0" 104.207.57.2 - - [02/Jun/2026:06:39:08 +0300] "POST /wp-login.php HTTP/1.1" 404 3311 "https://psysocwork.onu.edu.ua/wp-login.php" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" ... show less	Web App Attack
🇫🇷 ELYAZ	2026-06-01 11:29:55 (2 weeks ago)	(y4) Failed scan -byebye- from 104.207.57.2 (DE/Germany/-): (CF_ENABLE)	Hacking
🇫🇷 Hippoline	2026-05-31 17:02:05 (2 weeks ago)	May 31 19:02:04 local wp(senioren.lu)[32324]: Authentication attempt for unknown user administrator ... show more May 31 19:02:04 local wp(senioren.lu)[32324]: Authentication attempt for unknown user administrator from 104.207.57.2 ... show less	Brute-Force Web App Attack
Anonymous	2026-05-31 04:58:21 (2 weeks ago)	[server.tmg.gr] httpd-login-spray-site: sites=add2021.gr; logs=/var/log/httpd/domains/add2021.gr.log ... show more [server.tmg.gr] httpd-login-spray-site: sites=add2021.gr; logs=/var/log/httpd/domains/add2021.gr.log; samples=site_wide=true \| distinct_ips=12 \| /wp-login.php show less	Hacking Web App Attack
Anonymous	2026-05-26 06:50:07 (3 weeks ago)	[osotir.org] httpd-login-spray-site: sites=osotir.org; logs=/var/log/httpd/domains/osotir.org.log; s ... show more [osotir.org] httpd-login-spray-site: sites=osotir.org; logs=/var/log/httpd/domains/osotir.org.log; samples=site_wide=true \| distinct_ips=29 \| /wp-login.php show less	Hacking Web App Attack
🇬🇧 Aetherweb Ark	2026-05-01 22:21:37 (1 month ago)	(mod_security) mod_security (id:949110) triggered by 104.207.57.2 (DE/Germany/-): N in the last X se ... show more (mod_security) mod_security (id:949110) triggered by 104.207.57.2 (DE/Germany/-): N in the last X secs show less	Web App Attack
🇫🇷 tilellit.pro	2026-02-11 14:39:49 (4 months ago)	Fail2Ban banned 104.207.57.2 for security violations in jail wp-armour. Log: 2026/02/11 14:39:49 [er ... show more Fail2Ban banned 104.207.57.2 for security violations in jail wp-armour. Log: 2026/02/11 14:39:49 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 104.207.57.2 \| Target: wplogin" , client: 104.207.57.2, server: [REDACTED], request: "POST /wp-login.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED], referrer: "https://comerciogallego.es/wp-login.php" ... show less	Web Spam
🇫🇷 tilellit.pro	2026-02-10 07:28:23 (4 months ago)	Fail2Ban banned 104.207.57.2 for security violations in jail wp-armour. Log: 2026/02/10 07:28:23 [er ... show more Fail2Ban banned 104.207.57.2 for security violations in jail wp-armour. Log: 2026/02/10 07:28:23 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 104.207.57.2 \| Target: wplogin" , client: 104.207.57.2, server: [REDACTED], request: "POST /wp-login.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED], referrer: "https://comerciogallego.es/wp-login.php" ... show less	Web Spam
🇫🇮 Shaik Sai Meera	2025-12-09 22:15:10 (6 months ago)	IM360 WAF: Hidden file access	Brute-Force
🇺🇸 TPI-Abuse	2025-12-08 00:06:09 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.57.2 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.207.57.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 19:06:06.434447 2025] [security2:error] [pid 3455:tid 3531] [client 104.207.57.2:47993] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nothingwithoutwater.com"] [uri "/.git/HEAD"] [unique_id "aTYWbk1YB7Zhe-lVWiUxXwAAAJA"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 jjnxpct	2025-12-07 04:54:53 (6 months ago)	Automated security incident from hosting server. ModSecurity blocked suspicious request targeting UR ... show more Automated security incident from hosting server. ModSecurity blocked suspicious request targeting URI: /.env (Rule ID: 930130) - Restricted File Access Attempt [Suspicious: .env found within REQUEST_FILENAME: /.env] show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-12-06 19:11:33 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.57.2 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.207.57.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 06 14:11:29.661206 2025] [security2:error] [pid 9460:tid 9460] [client 104.207.57.2:51711] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "houseofbates.net"] [uri "/.env"] [unique_id "aTR_4fMsTyv382rUZVwuXgAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-06 18:07:16 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.57.2 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.207.57.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 06 13:07:10.860934 2025] [security2:error] [pid 30352:tid 30352] [client 104.207.57.2:13353] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lajoyadelmar.net"] [uri "/.env"] [unique_id "aTRwzkd_npZxeYVre2jUuwAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-06 13:29:42 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.57.2 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 104.207.57.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 06 08:29:33.774187 2025] [security2:error] [pid 16120:tid 16120] [client 104.207.57.2:12233] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dougwong.net"] [uri "/.git/HEAD"] [unique_id "aTQvvW_Qb6T2WSfOa7RlgAAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 84 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2607:f8b0:4001:c61::125

🇷🇸 212.200.235.62

🇨🇳 180.125.231.80

🇩🇪 148.251.122.90

🇺🇸 143.198.133.137

🇨🇳 139.155.150.142

🇨🇳 118.145.238.115

🇫🇷 85.217.140.50

🇮🇷 78.38.26.45

🇩🇪 43.228.157.121

🇭🇰 20.255.61.0

🇺🇸 2600:1900:4120:e3fb:0:3e::

🇨🇳 223.64.21.39

🇷🇺 217.118.177.195

🇧🇷 201.71.147.137

🇮🇳 168.144.147.141

🇺🇸 165.154.182.124

🇺🇸 137.184.69.175

🇺🇸 136.41.5.20

🇮🇳 106.214.8.124