JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.54.12

104.207.54.12 was found in our database!

This IP was reported 86 times. Confidence of Abuse is 8%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.54.12

Whois 104.207.54.12

IP Abuse Reports for 104.207.54.12:

This IP address has been reported a total of 86 times from 20 distinct sources. 104.207.54.12 was first reported on June 8th 2024, and the most recent report was 4 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 4 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-05-13 10:39:54 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.12 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 13 06:39:46.347851 2026] [security2:error] [pid 19859:tid 19859] [client 104.207.54.12:15503] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "richardpetersbooks.com"] [uri "/.git/HEAD"] [unique_id "agRU8jjGW5NSfnXlBbuPLgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 [email protected]	2026-04-18 06:57:33 (1 month ago)	[Sat Apr 18 08:57:32.864217 2026] [authz_core:error] [pid 560721:tid 560791] [remote 104.207.54.12:2 ... show more [Sat Apr 18 08:57:32.864217 2026] [authz_core:error] [pid 560721:tid 560791] [remote 104.207.54.12:20579] AH01630: client denied by server configuration: /var/www/html/MyWeb/Wordpress_www/wp-login.php ... show less	Brute-Force Web App Attack
🇫🇷 COMAITE	2026-03-22 07:44:23 (2 months ago)	SQL injection attempt from 104.207.54.12.	Web App Attack
Anonymous	2026-01-11 11:45:44 (5 months ago)	wordpress-trap	Web App Attack
Anonymous	2026-01-05 20:24:42 (5 months ago)	Attempted brute force login to web vpn 18 time(s); last attempt for 2026.01.05 is noted in report ti ... show more Attempted brute force login to web vpn 18 time(s); last attempt for 2026.01.05 is noted in report timestamp show less	Hacking Brute-Force
🇺🇸 TPI-Abuse	2025-12-29 04:19:56 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.12 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 23:19:48.700259 2025] [security2:error] [pid 18159:tid 18173] [client 104.207.54.12:57463] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bestofthis.com"] [uri "/.env"] [unique_id "aVIBZBHoP6MwOldmBmFDygAAAQU"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2025-11-26 10:56:23 (6 months ago)	Attempted access to sensitive endpoint (/.git/HEAD) detected. Automated scan or unauthorized probing ... show more Attempted access to sensitive endpoint (/.git/HEAD) detected. Automated scan or unauthorized probing. show less	Web App Attack
Anonymous	2025-11-26 09:08:00 (6 months ago)	"GET /.aws/credentials HTTP/1.1"	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 07:04:38 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.12 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 02:04:35.608070 2025] [security2:error] [pid 4484:tid 4484] [client 104.207.54.12:51709] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.marisetravel.com"] [uri "/.env"] [unique_id "aSamg77nHkJ5vdVhEz8_QgAAADE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 03:03:47 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.12 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 22:03:40.736048 2025] [security2:error] [pid 15150:tid 15150] [client 104.207.54.12:27573] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.stoutmen.com"] [uri "/.env"] [unique_id "aSZuDNaz7ElZLDwGLP7iVQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 00:43:02 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.12 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 19:42:52.391065 2025] [security2:error] [pid 21531:tid 21531] [client 104.207.54.12:25287] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.ncrcs.org"] [uri "/.git/HEAD"] [unique_id "aSZNDC7DuGHZddAgzpPAWQAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2025-11-25 23:34:03 (6 months ago)	Attempted access to sensitive endpoint (/.env) detected. Automated scan or unauthorized probing.	Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 05:14:09 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.12 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 00:13:56.661743 2025] [security2:error] [pid 1816811:tid 1816949] [client 104.207.54.12:29781] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.managementconsultant.aafm.us"] [uri "/.env"] [unique_id "aSU7FO3xOpFSh0Wflct5WgAAAEc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:36:18 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.12 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:36:14.107259 2025] [security2:error] [pid 924:tid 924] [client 104.207.54.12:22117] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.centreguephel.org"] [uri "/.svn/wc.db"] [unique_id "aSUyPovZfu2ZaMX3P3uttwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 01:25:50 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.12 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 20:25:43.490045 2025] [security2:error] [pid 31229:tid 31229] [client 104.207.54.12:25261] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.tpskc.com"] [uri "/.env"] [unique_id "aSUFlyKBZ9lmqFGjYMP5XwAAABs"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 86 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 181.214.221.184

🇸🇬 152.32.218.244

🇨🇳 101.126.30.240

🇳🇱 45.148.10.152

🇳🇱 45.148.10.151

🇬🇧 35.203.211.179

🇺🇸 2607:f8b0:4001:c56::128

🇺🇸 165.154.173.215

🇺🇸 132.196.49.109

🇳🇱 89.248.168.227

🇺🇸 88.218.172.26

🇬🇧 35.203.211.109

🇺🇸 20.228.193.165

🇺🇸 2607:f8b0:4001:c13::124

🇺🇸 216.73.216.137

🇵🇰 119.73.116.206

🇸🇬 103.187.147.214

🇦🇴 102.213.34.99

🇺🇸 64.62.156.144

🇺🇸 20.42.49.102