JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.54.121

104.207.54.121 was found in our database!

This IP was reported 131 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.54.121

Whois 104.207.54.121

IP Abuse Reports for 104.207.54.121:

This IP address has been reported a total of 131 times from 17 distinct sources. 104.207.54.121 was first reported on June 4th 2024, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 4server	2026-04-21 06:03:09 (1 month ago)	[TueApr2108:03:07.1862662026][security2:error][pid3025358:tid3025373][client104.207.54.121:0]ModSecu ... show more [TueApr2108:03:07.1862662026][security2:error][pid3025358:tid3025373][client104.207.54.121:0]ModSecurity:Accessdeniedwithcode403$phase1$.Patternmatch\"$\?i$$\?:/\(\?:\^\\|/$\\\\\\\\.$env\\|git\\|svn\\|hg\\|DS_Store$\\|/$\?:wp-config\\|\\\\\\\\.htaccess\\|\\\\\\\\.htpasswd$\\|\\\\\\\\.$\?:sql\\|bak\\|old\\|log$\$\)\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"156\"][id\"960720\"][msg\"Forbiddenfileaccessattempt\"][severity\"CRITICAL\"][hostname\"b4consulting.ch\"][uri\"/database.sql\"][unique_id\"aecTGxhJ3UcICK2T19x_BwAAAQw\"] show less	Port Scan Brute-Force Web App Attack
🇦🇺 oncord	2026-04-05 21:40:41 (2 months ago)	Form spam	Web Spam
🇵🇱 dcnet	2026-03-08 00:00:00 (3 months ago)	SSL VPN brute force credential stuffing on FortiGate 100F - unknown user login attempts	Hacking Brute-Force
🇺🇸 TPI-Abuse	2026-02-13 09:05:07 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.121 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 13 04:05:00.139892 2026] [security2:error] [pid 5143:tid 5143] [client 104.207.54.121:54365] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lancemarthaler.com"] [uri "/backup/.git/config"] [unique_id "aY7pPAhwFWkPxx8_LI2-BQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 08:06:20 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.121 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 13 03:06:12.735930 2026] [security2:error] [pid 23231:tid 23357] [client 104.207.54.121:45873] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "la.productions"] [uri "/dev/.git/config"] [unique_id "aY7bdN9xpba3iFiyjSbnOQAAAgk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 07:12:15 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.121 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 13 02:12:09.995087 2026] [security2:error] [pid 31765:tid 31765] [client 104.207.54.121:15021] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kuddlkat.com"] [uri "/v2/.git/config"] [unique_id "aY7OyaaVXzDqW4iLik3C4wAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 06:21:03 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.121 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 13 01:20:56.994633 2026] [security2:error] [pid 2403826:tid 2403826] [client 104.207.54.121:47033] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kozzmik.trade"] [uri "/.env"] [unique_id "aY7CyDbjkbDV8RdOEY3kLwAAACI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-02-13 04:31:11 (3 months ago)	Failed login attempt detected by Fail2Ban in plesk-modsecurity jail	Exploited Host
🇺🇸 TPI-Abuse	2026-02-13 03:46:08 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.121 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 22:46:02.377925 2026] [security2:error] [pid 7487:tid 7487] [client 104.207.54.121:37203] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kildarafarms.com"] [uri "/test/.git/config"] [unique_id "aY6eeqcxV0pPwTPBnqjWeAAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 02:48:18 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.121 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 21:48:11.363180 2026] [security2:error] [pid 8132:tid 8132] [client 104.207.54.121:13193] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kerbros.com"] [uri "/frontend/.env"] [unique_id "aY6Q6zw1wo67BGXEUmM2WQAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 02:25:28 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.121 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 21:25:22.190179 2026] [security2:error] [pid 6596:tid 6596] [client 104.207.54.121:57059] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kellermoving.com"] [uri "/.env.local"] [unique_id "aY6LklBQghcnoOztNvafUAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-12 01:47:24 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.121 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 11 20:47:18.216724 2026] [security2:error] [pid 1117634:tid 1117634] [client 104.207.54.121:36429] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "effectivefirearms.com"] [uri "/.env.staging"] [unique_id "aY0xJpf8oOcrlf9ljBrCJwAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-11 17:29:30 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.121 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 11 12:29:23.384149 2026] [security2:error] [pid 22329:tid 22329] [client 104.207.54.121:42993] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "brinkworthmodels.com"] [uri "/test/.git/config"] [unique_id "aYy8cxMZjCZXLEnJp9U3DgAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-11 09:19:15 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.121 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 11 04:19:11.237853 2026] [security2:error] [pid 26060:tid 26060] [client 104.207.54.121:9887] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "edgebiopharma.com"] [uri "/test/.git/config"] [unique_id "aYxJjzBOmnJ0h_dOvQSWMwAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-11 04:29:19 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.121 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 10 23:29:15.716365 2026] [security2:error] [pid 9378:tid 9378] [client 104.207.54.121:13597] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "coroneta.com"] [uri "/.git/config"] [unique_id "aYwFmxnBbBqFMXFqZpXCTQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 131 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.241

🇺🇸 209.141.60.58

🇺🇸 209.141.58.150

🇺🇸 205.210.31.50

🇳🇱 195.178.110.26

🇬🇧 193.163.125.13

🇲🇽 186.96.145.241

🇨🇳 115.190.243.99

🇺🇸 74.75.206.95

🇮🇪 52.236.66.21

🇷🇴 2.57.121.25

🇺🇸 216.25.89.74

🇺🇸 209.141.50.202

🇺🇸 209.141.46.91

🇺🇸 205.210.31.49

🇬🇹 190.106.221.37

🇷🇺 155.212.17.174

🇲🇲 103.59.163.132

🇳🇱 45.148.10.152

🇺🇸 209.141.44.244