JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.54.111

104.207.54.111 was found in our database!

This IP was reported 131 times. Confidence of Abuse is 11%: ?

11%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.54.111

Whois 104.207.54.111

IP Abuse Reports for 104.207.54.111:

This IP address has been reported a total of 131 times from 14 distinct sources. 104.207.54.111 was first reported on June 6th 2024, and the most recent report was 32 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇷 setupgr	2026-06-14 12:20:25 (32 minutes ago)	(mod_security) mod_security (id:900001) triggered by 104.207.54.111: 1 in the last 86400 secs; Ports ... show more (mod_security) mod_security (id:900001) triggered by 104.207.54.111: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Sun Jun 14 15:20:22.362018 2026] [security2:error] [pid 921871:tid 922053] [client 104.207.54.111:32321] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|sea-sound\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "74"] [id "900001"] [msg "Blocked WP Login attempt on domain: mail.fashionfragonard.gr"] [severity "CRITICAL"] [tag "security"] [hostname "mail.fashionfragonard.gr"] [uri "/wp-login.php"] [unique_id "ai6chu2clReoPvlJKlgO6wAAANc"], referer: https://mail.fashionfragonard.gr/wp-login.php show less	Port Scan
🇫🇷 solution.it	2026-06-13 20:49:00 (16 hours ago)	[Sat Jun 13 22:48:59.368990 2026] [php7:error] [pid 3477368:tid 3477368] [client 104.207.54.111:3716 ... show more [Sat Jun 13 22:48:59.368990 2026] [php7:error] [pid 3477368:tid 3477368] [client 104.207.54.111:37167] script '/var/www/html/blog.solution.it/wp-login.php' not found or unable to stat, referer: https://blog.solution.it/wp-login.php show less	Web App Attack
🇬🇷 setupgr	2026-06-12 15:36:54 (1 day ago)	(mod_security) mod_security (id:900001) triggered by 104.207.54.111: 1 in the last 86400 secs; Ports ... show more (mod_security) mod_security (id:900001) triggered by 104.207.54.111: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Fri Jun 12 18:36:51.018289 2026] [security2:error] [pid 351529:tid 351574] [client 104.207.54.111:62531] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|sea-sound\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "74"] [id "900001"] [msg "Blocked WP Login attempt on domain: mail.pankoskal.gr"] [severity "CRITICAL"] [tag "security"] [hostname "mail.pankoskal.gr"] [uri "/wp-login.php"] [unique_id "aiwnk2m9gdo9fuJjoHgWggAAAVI"], referer: https://mail.pankoskal.gr/wp-login.php show less	Port Scan
🇩🇪 big-cloud.nl	2026-03-27 00:29:06 (2 months ago)	Try to access /backup/.git/config	Web App Attack
🇮🇩 Burayot	2026-03-27 00:17:59 (2 months ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 104.207.54.111 (DE/Germany/-): 1 in ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 104.207.54.111 (DE/Germany/-): 1 in the last 3600 secs show less	Web App Attack
🇺🇸 TPI-Abuse	2025-12-09 07:02:39 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.111 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.111 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 09 02:02:34.389088 2025] [security2:error] [pid 11315:tid 11315] [client 104.207.54.111:26389] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kulprid.com"] [uri "/.svn/wc.db"] [unique_id "aTfJioTu0WyRy98adpK84AAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-06 12:27:58 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.111 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.111 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 06 07:27:50.990898 2025] [security2:error] [pid 12110:tid 12110] [client 104.207.54.111:23911] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "roy-s.net"] [uri "/.svn/wc.db"] [unique_id "aTQhRv1KanWuNIMpRAv22QAAACY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 11:49:53 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.111 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.111 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 06:49:48.416893 2025] [security2:error] [pid 4093:tid 4118] [client 104.207.54.111:15141] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rubenluis.com"] [uri "/.env"] [unique_id "aTLG3NdLWVSCqCkPv_tQJQAAAFY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 02:19:40 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.111 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.111 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 04 21:19:33.236430 2025] [security2:error] [pid 7603:tid 7603] [client 104.207.54.111:44347] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kildarafarms.com"] [uri "/.svn/wc.db"] [unique_id "aTJBNWdsj2LDJj7tAW3wcAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 00:27:50 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.111 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.111 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 04 19:27:45.075138 2025] [security2:error] [pid 6864:tid 6864] [client 104.207.54.111:20893] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ibeautyexchange.com"] [uri "/.git/HEAD"] [unique_id "aTInAfokkomg5goLUS7xCAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-27 13:42:47 (6 months ago)	Attempted brute force login to web vpn 1173 time(s); last attempt for 2025.11.27 is noted in report ... show more Attempted brute force login to web vpn 1173 time(s); last attempt for 2025.11.27 is noted in report timestamp show less	Hacking Brute-Force
🇺🇸 TPI-Abuse	2025-11-25 05:29:12 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.111 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.111 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 00:29:07.426436 2025] [security2:error] [pid 415:tid 415] [client 104.207.54.111:51355] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.fnavarro.com"] [uri "/.svn/wc.db"] [unique_id "aSU-o1aBv5e8E1LS8Z-hXQAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:39:52 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.111 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.111 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:39:45.032695 2025] [security2:error] [pid 22973:tid 22973] [client 104.207.54.111:42513] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.alexscollay.com"] [uri "/.git/HEAD"] [unique_id "aSUzEdiWNNKztxD4aWC4fAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 03:40:59 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.111 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.111 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:40:49.663675 2025] [security2:error] [pid 28390:tid 28390] [client 104.207.54.111:58045] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.portraitartisans.com"] [uri "/.env"] [unique_id "aSUlQaikyjRZjidTBqZuDQAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 03:16:37 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.111 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.111 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:16:34.081006 2025] [security2:error] [pid 25371:tid 25371] [client 104.207.54.111:11239] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.vanemby.com"] [uri "/.git/HEAD"] [unique_id "aSUfkqIV1_rmHy5NhD2AFgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 131 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 185.242.3.195

🇩🇪 176.65.132.22

🇩🇪 69.5.169.243

🇺🇸 52.159.226.2

🇬🇧 35.203.210.234

🇺🇸 3.16.166.217

🇷🇴 2.57.122.177

🇻🇳 160.250.246.153

🇧🇬 79.124.62.126

🇧🇬 78.128.114.58

🇺🇸 74.207.253.22

🇺🇸 73.8.54.174

🇩🇪 69.5.169.228

🇺🇸 66.132.186.141

🇳🇱 51.136.107.220

🇳🇱 45.142.193.161

🇳🇱 34.32.246.40

🇮🇳 34.14.186.255

🇺🇸 193.56.116.200

🇺🇸 172.210.81.91