JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.54.11

104.207.54.11 was found in our database!

This IP was reported 81 times. Confidence of Abuse is 12%: ?

12%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.54.11

Whois 104.207.54.11

IP Abuse Reports for 104.207.54.11:

This IP address has been reported a total of 81 times from 15 distinct sources. 104.207.54.11 was first reported on June 8th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇲🇽 octageeks.com	2026-06-01 04:09:24 (1 week ago)	Wordpress malicious attack:[octaflood]	Web App Attack
🇫🇷 ELYAZ	2026-05-31 23:37:53 (1 week ago)	(y4) Failed scan -byebye- from 104.207.54.11 (DE/Germany/-): (CF_ENABLE)	Hacking
🇲🇽 octageeks.com	2026-05-28 04:12:40 (2 weeks ago)	Wordpress malicious attack:[octaflood]	Web App Attack
🇺🇸 TPI-Abuse	2026-03-05 08:29:22 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.11 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 05 03:29:17.315267 2026] [security2:error] [pid 5953:tid 6031] [client 104.207.54.11:9155] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.howardhallis.com"] [uri "/.git/objects/3c/4df81e65c606b9d75db2efd8c1e2241daf894f"] [unique_id "aak-3e9_LUubsM0EwzySxwAAAcc"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 [email protected]	2026-03-04 00:26:31 (3 months ago)	104.207.54.11 - - [04/Mar/2026:00:24:32 +0000] "GET /.git/objects/25/cf42af27fcfd240ecd897dc840b31d2 ... show more 104.207.54.11 - - [04/Mar/2026:00:24:32 +0000] "GET /.git/objects/25/cf42af27fcfd240ecd897dc840b31d2ea10cc5 HTTP/1.1" 404 332 "http://academy.scotland-excel.org.uk/.git/objects/25/cf42af27fcfd240ecd897dc840b31d2ea10cc5" "Go-http-client/1.1" 104.207.54.11 - - [04/Mar/2026:00:24:49 +0000] "GET /.git/objects/a5/36b197d46ef0e26f86cfc36957a9c3cd983ece HTTP/1.1" 404 332 "http://academy.scotland-excel.org.uk/.git/objects/a5/36b197d46ef0e26f86cfc36957a9c3cd983ece" "Go-http-client/1.1" 104.207.54.11 - - [04/Mar/2026:00:26:31 +0000] "GET /.git/objects/aa/2df0b3fbd9c3462d15507b0a3218409e2e340e HTTP/1.1" 404 332 "http://academy.scotland-excel.org.uk/.git/objects/aa/2df0b3fbd9c3462d15507b0a3218409e2e340e" "Go-http-client/1.1" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-01-13 12:34:35 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.11 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 13 07:34:30.320400 2026] [security2:error] [pid 28618:tid 28618] [client 104.207.54.11:27115] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mtshastaconcerts.com"] [uri "/.git/HEAD"] [unique_id "aWY71ltHs3B4KtNuoOguPQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-01-03 13:30:50 (5 months ago)	Attempted brute force login to web vpn 18 time(s); last attempt for 2026.01.03 is noted in report ti ... show more Attempted brute force login to web vpn 18 time(s); last attempt for 2026.01.03 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-11-27 13:19:54 (6 months ago)	Attempted brute force login to web vpn 1189 time(s); last attempt for 2025.11.27 is noted in report ... show more Attempted brute force login to web vpn 1189 time(s); last attempt for 2025.11.27 is noted in report timestamp show less	Hacking Brute-Force
🇺🇸 TPI-Abuse	2025-11-26 03:10:29 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.11 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 22:10:24.517149 2025] [security2:error] [pid 14388:tid 14388] [client 104.207.54.11:25239] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.intermixx.net"] [uri "/.svn/wc.db"] [unique_id "aSZvoNh5OyLKHo6rAECLqQAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 01:32:51 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.11 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 20:32:45.966080 2025] [security2:error] [pid 17023:tid 17069] [client 104.207.54.11:11365] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "charlottesville.windowtailors.com"] [uri "/.env"] [unique_id "aSUHPb1hG8E8_fObGRhtJgAAAQc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 08:50:24 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.11 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 03:50:15.854317 2025] [security2:error] [pid 11215:tid 11215] [client 104.207.54.11:35075] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.postermodelsworldwideinc.com"] [uri "/.git/HEAD"] [unique_id "aSQcR4-Pkpk2VWH7z4WwfgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 05:01:00 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.11 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 00:00:51.698399 2025] [security2:error] [pid 16162:tid 16162] [client 104.207.54.11:38521] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.terazon.net"] [uri "/.git/HEAD"] [unique_id "aSPmgyrojfx2jLIJTgYKoAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 10dencehispahard SL	2025-11-19 07:09:18 (6 months ago)	WP probing for vulnerabilities	Hacking Exploited Host
Anonymous	2025-11-18 23:59:59 (6 months ago)	Attempted brute force login to web vpn 279 time(s); last attempt for 2025.11.18 is noted in report t ... show more Attempted brute force login to web vpn 279 time(s); last attempt for 2025.11.18 is noted in report timestamp show less	Hacking Brute-Force
🇺🇸 TPI-Abuse	2025-11-17 03:04:36 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 104.207.54.11 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 104.207.54.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 16 22:04:28.701385 2025] [security2:error] [pid 6814:tid 6814] [client 104.207.54.11:19469] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.directsat.gulftelecom.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.directsat.gulftelecom.com"] [uri "/s3cmd.ini"] [unique_id "aRqQvG0lCPdafOR2CTZz-QAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 81 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇭🇰 152.32.239.90

🇨🇳 115.203.234.94

🇺🇸 216.169.136.151

🇺🇸 162.216.149.180

🇷🇴 85.121.245.186

🇷🇺 46.158.215.211

🇺🇦 178.212.243.18

🇺🇸 165.154.254.143

🇰🇷 112.216.129.27

🇷🇴 80.94.92.182

🇳🇱 45.198.224.143

🇧🇷 45.4.151.119

🇳🇱 5.187.35.142

🇧🇷 187.49.63.41

🇭🇰 185.216.119.190

🇬🇧 165.232.111.136

🇮🇳 103.199.123.104

🇫🇷 91.231.89.41

🇫🇷 85.217.140.41

🇫🇷 54.38.241.200