JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.49.254

104.207.49.254 was found in our database!

This IP was reported 169 times. Confidence of Abuse is 3%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.49.254

Whois 104.207.49.254

IP Abuse Reports for 104.207.49.254:

This IP address has been reported a total of 169 times from 31 distinct sources. 104.207.49.254 was first reported on June 5th 2024, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 dynamix	2026-06-09 20:45:12 (1 day ago)	WordPress wp-login.php Brute Force Attack	Brute-Force Web App Attack
🇳🇱 jjnxpct	2026-02-14 04:53:04 (3 months ago)	Automated security incident from hosting server. ModSecurity blocked suspicious request targeting UR ... show more Automated security incident from hosting server. ModSecurity blocked suspicious request targeting URI: /app/.env (Rule ID: 930130) - Restricted File Access Attempt [Suspicious: .env found within REQUEST_FILENAME: /app/.env] show less	Hacking Web App Attack
🇳🇱 homeshowdomain.nl	2026-02-13 22:59:09 (3 months ago)	Auto-ban: >3000 req/min op 2026-02-13	Hacking Web App Attack SSH
🇺🇸 OceanTreasure	2026-02-13 13:15:45 (3 months ago)	tcp/443; Environment file access attempt: "GET /backend/.env" @ 2026-02-13T13:11:45Z [proxy]	Web App Attack
🇨🇭 Origon	2026-02-13 12:38:28 (3 months ago)	http-sensitive-files - IP: 104.207.49.254 - time="2026-02-13T13:38:28+01:00" level=info msg="(555f6 ... show more http-sensitive-files - IP: 104.207.49.254 - time="2026-02-13T13:38:28+01:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-sensitive-files by ip 104.207.49.254 (BR/200373) : 4h ban on Ip 104.207.49.254" module=db show less	Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 08:03:00 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 13 03:02:53.297177 2026] [security2:error] [pid 2577340:tid 2577340] [client 104.207.49.254:35939] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "memelearning.net"] [uri "/.env"] [unique_id "aY7arRfr9EVF_uXKd6nDmwAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-02-13 07:05:58 (3 months ago)	Scanning/Probing (23)	Brute-Force Web App Attack
🇩🇪 big-cloud.nl	2026-02-13 06:02:11 (3 months ago)	Try to access /app/.env	Web App Attack
🇮🇩 Burayot	2026-02-13 06:01:06 (3 months ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 104.207.49.254 (BR/Brazil/-): 1 in ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 104.207.49.254 (BR/Brazil/-): 1 in the last 3600 secs show less	Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 06:00:33 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 13 01:00:30.035005 2026] [security2:error] [pid 2719765:tid 2719765] [client 104.207.49.254:32449] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "konzel.com"] [uri "/.git/config"] [unique_id "aY69_ttSegfPkvlVRz81qgAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 05:11:04 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 13 00:10:58.428287 2026] [security2:error] [pid 1275:tid 1275] [client 104.207.49.254:42367] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kmg365media.com"] [uri "/admin/.git/config"] [unique_id "aY6yYtDg0Gc5ZDEW4u3IewAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Bedios GmbH	2026-02-13 05:08:00 (3 months ago)	Login credentials theft attempt	Hacking
🇺🇸 TPI-Abuse	2026-02-13 04:16:08 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 23:16:00.206668 2026] [security2:error] [pid 13555:tid 13555] [client 104.207.49.254:9261] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kinnairdenterprisesllc.com"] [uri "/.env.staging"] [unique_id "aY6lgOZRXc-DmLi5_Onn2gAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2026-02-13 02:42:15 (3 months ago)	Blocking for trying to access an exploit file: /.env.save	Hacking
🇺🇸 TPI-Abuse	2026-02-13 02:23:08 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.49.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.49.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 21:23:01.960874 2026] [security2:error] [pid 2170:tid 2170] [client 104.207.49.254:24619] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "malta-boat-registration.com"] [uri "/.env"] [unique_id "aY6LBRDMV2GDmmfKAns_qwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 169 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 211.198.128.204

🇵🇰 202.47.55.76

🇫🇮 193.164.155.103

🇳🇱 176.65.139.247

🇯🇵 168.138.197.172

🇩🇪 167.94.146.73

🇺🇸 137.184.182.164

🇫🇷 82.66.180.86

🇳🇱 45.148.10.151

🇮🇳 223.228.34.96

🇺🇸 216.239.34.223

🇫🇷 207.180.208.177

🇻🇪 201.208.220.3

🇫🇮 147.185.133.146

🇨🇳 144.123.77.20

🇨🇳 116.207.112.197

🇭🇰 114.111.52.109

🇩🇪 45.133.74.53

🇷🇺 45.132.18.40

🇧🇪 34.62.180.193