JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 5.78.104.3

5.78.104.3 was found in our database!

This IP was reported 99 times. Confidence of Abuse is 0%: ?

ISP	Hetzner Online GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212317
Hostname(s)	static.3.104.78.5.clients.your-server.de
Domain Name	hetzner.com
Country	🇺🇸 United States of America
City	Hillsboro, Oregon

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 5.78.104.3

Whois 5.78.104.3

IP Abuse Reports for 5.78.104.3:

This IP address has been reported a total of 99 times from 52 distinct sources. 5.78.104.3 was first reported on March 5th 2026, and the most recent report was 3 months ago.

Old Reports: The most recent abuse report for this IP address is from 3 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇹🇷 rtbh.com.tr	2026-03-08 20:11:59 (3 months ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
🇫🇷 SpaceHost-Server	2026-03-07 23:44:36 (3 months ago)		Brute-Force Web App Attack
🇳🇱 homeshowdomain.nl	2026-03-07 22:59:35 (3 months ago)	Auto-ban: >3000 req/min op 2026-03-07	Web App Attack SSH Hacking
🇮🇩 Burayot	2026-03-07 12:52:29 (3 months ago)	LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 5.78.104.3 (US/United States/static. ... show more LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 5.78.104.3 (US/United States/static.3.104.78.5.clients.your-server.de): 1 in the last 3600 secs show less	Web App Attack
🇬🇧 CrystalMaker	2026-03-07 11:46:25 (3 months ago)	Vulnerability scan - GET /api/.env; GET /core/.env; GET /.env	Hacking
🇺🇸 jcbriar	2026-03-07 11:21:17 (3 months ago)	Searching for vulnerable scripts	Hacking Web App Attack
🇫🇷 Baking333	2026-03-07 07:21:44 (3 months ago)	[redacted] 5.78.104.3 - - [07/Mar/2026:08:21:43 +0100] "GET /.env HTTP/1.1" 302 5267 0/51921 "-" "Mo ... show more [redacted] 5.78.104.3 - - [07/Mar/2026:08:21:43 +0100] "GET /.env HTTP/1.1" 302 5267 0/51921 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" [redacted] 5.78.104.3 - - [07/Mar/2026:08:21:43 +0100] "GET /api/.env HTTP/1.1" 302 5299 0/76295 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" show less	Bad Web Bot Web App Attack
🇺🇸 etu brutus	2026-03-07 06:59:56 (3 months ago)	5.78.104.3 Blocked by [Attack Vector List] ...	Hacking Brute-Force Exploited Host
🇸🇬 securejdprop	2026-03-07 06:42:18 (3 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(🐾 - 🚨 Network 🕵 sc ... show more This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(🐾 - 🚨 Network 🕵 scan 🎩 Nuclei 👨‍💻). Ip 5.78.104.3 performed 'crowdsecurity/suricata-major-severity' (1 events over 0s) at 2026-03-07 06:42:18.295935488 +0000 UTC show less	Hacking Web App Attack
🇪🇸 masterguru	2026-03-07 05:14:28 (3 months ago)	Restricted File Access Attempt. Matched phrase "/.env" at REQUEST_FILENAME. (930130-122)	Hacking Web App Attack
🇺🇸 octageeks.com	2026-03-07 05:07:34 (3 months ago)	Wordpress malicious attack:[octablocked]	Web App Attack
🇳🇱 Eric	2026-03-07 04:56:39 (3 months ago)	[Sat Mar 07 04:56:38.931430 2026] [security2:error] [pid 1882499:tid 1882499] [client 5.78.104.3:0] ... show more [Sat Mar 07 04:56:38.931430 2026] [security2:error] [pid 1882499:tid 1882499] [client 5.78.104.3:0] [client 5.78.104.3] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pop-the-slots.com"] [uri "/api/.env"] [unique_id "aauwBnFrWZgNT917J77pFwAAABI"] [Sat Mar 07 04:56:38.934290 2026] [security2:error] [pid 1990576:tid 1990576] [client 5.78.104.3:0] [client 5.78.104.3] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITI ... show less	Hacking Web App Attack
🇩🇪 ReporTR	2026-03-07 04:09:59 (3 months ago)	Fail2Ban plesk-modsecurity: 3 attempts from 5.78.104.3 (Country: <country>, <rdns>)	Hacking Web App Attack
🇩🇪 on-com	2026-03-07 03:17:48 (3 months ago)	URL scan	Brute-Force Web App Attack
🇬🇧 consul.to	2026-03-07 03:17:34 (3 months ago)	Web attack/malicious scanning detected	Web App Attack

Showing 1 to 15 of 99 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 198.244.226.248

🇵🇰 124.29.193.114

🇨🇳 115.29.171.141

🇸🇬 8.219.200.1

🇭🇰 223.197.178.95

🇵🇰 223.123.72.65

🇹🇷 176.235.203.21

🇭🇰 101.36.111.119

🇺🇸 64.62.156.212

🇸🇬 35.198.217.155

🇬🇧 23.161.169.62

🇳🇱 20.31.232.59

🇺🇸 18.217.238.69

🇺🇸 3.18.221.149

🇮🇳 210.212.136.3

🇺🇸 198.199.76.156

🇨🇳 180.168.76.142

🇺🇸 68.220.58.1

🇳🇬 62.173.38.229

🇺🇸 44.219.179.156