JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.52.254

104.207.52.254 was found in our database!

This IP was reported 131 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.52.254

Whois 104.207.52.254

IP Abuse Reports for 104.207.52.254:

This IP address has been reported a total of 131 times from 13 distinct sources. 104.207.52.254 was first reported on June 6th 2024, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇳 Genhost	2026-05-06 11:33:07 (1 month ago)	SCANNING OF PHP SHELL FILES	Brute-Force SSH
🇪🇸 librebit	2026-04-06 12:55:46 (2 months ago)	Brute force	Brute-Force
🇧🇷 SOC Blue Team	2026-01-16 17:48:26 (4 months ago)	Tatic: TA0006 \| Technique: T1110 \| Source: TAP \| Country Destination: BR	Brute-Force
🇺🇸 TPI-Abuse	2025-12-28 02:12:25 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 21:12:21.810616 2025] [security2:error] [pid 30695:tid 30695] [client 104.207.52.254:39917] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "deanfountain.com"] [uri "/.git/HEAD"] [unique_id "aVCSBVRKVHJnmVcDeWNxAgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-28 01:28:10 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 20:28:04.542691 2025] [security2:error] [pid 7616:tid 7616] [client 104.207.52.254:10681] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bitcoinsquaretrader.com"] [uri "/.svn/wc.db"] [unique_id "aVCHpMznozae_xdGJyAewQAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-27 20:46:45 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 15:46:41.837989 2025] [security2:error] [pid 28631:tid 28631] [client 104.207.52.254:48733] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thekingofweed.com"] [uri "/.svn/wc.db"] [unique_id "aVBFsX3Og6-jDbDUt7IqcgAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-27 20:18:18 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 27 15:18:09.768234 2025] [security2:error] [pid 32358:tid 32358] [client 104.207.52.254:60381] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "zodiacgate.com"] [uri "/.git/HEAD"] [unique_id "aVA_AUufj7-C9iT4hS8QcAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 06:27:13 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 01:27:04.940092 2025] [security2:error] [pid 29075:tid 29075] [client 104.207.52.254:44835] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.lynellejonsson.com"] [uri "/.git/HEAD"] [unique_id "aSVMOOpAwH-U2kS4ifHorgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:23:55 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:23:53.319105 2025] [security2:error] [pid 20236:tid 20236] [client 104.207.52.254:15265] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.ostarek.com"] [uri "/.env"] [unique_id "aSUvWUejD3PQJQJrgZfkzgAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:02:50 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:02:40.358981 2025] [security2:error] [pid 24386:tid 24386] [client 104.207.52.254:36267] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.lorendata.net"] [uri "/.git/HEAD"] [unique_id "aSUqYDfaPtJ3ntfrfUmXygAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 03:47:38 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:47:31.233440 2025] [security2:error] [pid 29308:tid 29308] [client 104.207.52.254:12213] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.partybussantafe.com"] [uri "/.svn/wc.db"] [unique_id "aSUm0wR12eNiU_P2FXJcdwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 03:01:59 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:01:53.424441 2025] [security2:error] [pid 17396:tid 17396] [client 104.207.52.254:58797] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.donnysimonton.com"] [uri "/.env"] [unique_id "aSUcIXRnezO7_l7eZa4WBwAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 00:52:29 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.52.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.52.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 19:52:26.963485 2025] [security2:error] [pid 14951:tid 14951] [client 104.207.52.254:32057] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.thetopsportsbooks.com"] [uri "/.svn/wc.db"] [unique_id "aST9ygQ9J6gxWT75PJ0XbwAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 voormedia	2025-11-07 16:56:18 (6 months ago)	Accessed trap at '/wp-login.php'	Web App Attack
Anonymous	2025-10-11 07:14:33 (7 months ago)	Attempted brute force login to web vpn 92 time(s); last attempt for 2025.10.11 is noted in report ti ... show more Attempted brute force login to web vpn 92 time(s); last attempt for 2025.10.11 is noted in report timestamp show less	Hacking Brute-Force

Showing 1 to 15 of 131 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 176.65.139.254

🇳🇱 176.65.139.64

🇵🇰 175.107.3.212

🇨🇳 106.75.26.244

🇮🇳 103.174.102.204

🇫🇷 91.160.102.202

🇨🇦 85.217.149.58

🇫🇮 45.154.244.2

🇳🇱 45.148.10.141

🇲🇽 189.173.42.116

🇧🇷 179.48.110.251

🇨🇳 115.190.230.82

🇺🇸 104.234.53.242

🇷🇺 195.9.52.194

🇳🇱 176.65.149.45

🇨🇳 101.126.22.12

🇺🇸 65.49.1.43

🇹🇭 49.49.220.17

🇳🇱 45.148.10.147

🇺🇸 37.19.199.142