JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.54.156

104.207.54.156 was found in our database!

This IP was reported 130 times. Confidence of Abuse is 21%: ?

21%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.54.156

Whois 104.207.54.156

IP Abuse Reports for 104.207.54.156:

This IP address has been reported a total of 130 times from 23 distinct sources. 104.207.54.156 was first reported on June 6th 2024, and the most recent report was 9 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇱🇻 garmtech.com	2026-06-25 13:36:36 (9 hours ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 16-36.104.207.54.156.web-spamm ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 16-36.104.207.54.156.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack
🇫🇷 Sklurk	2026-06-20 03:55:46 (5 days ago)	Web App Attack	Web App Attack
Anonymous	2026-06-12 05:10:18 (1 week ago)	2026-06-12T07:10:17.957706+02:00 zanati wp(www.sahpa.co.za)[1285304]: Blocked authentication attempt ... show more 2026-06-12T07:10:17.957706+02:00 zanati wp(www.sahpa.co.za)[1285304]: Blocked authentication attempt for LisaNcube from 104.207.54.156 ... show less	Web App Attack
🇪🇸 10dencehispahard SL	2026-01-26 07:43:06 (4 months ago)	Wordpress probing for vulnerabilities	Hacking Exploited Host
🇺🇸 TPI-Abuse	2026-01-24 10:15:37 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 104.207.54.156 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 104.207.54.156 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 24 05:15:31.434372 2026] [security2:error] [pid 10028:tid 10028] [client 104.207.54.156:59681] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|havelocktruckandauto.ca\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "havelocktruckandauto.ca"] [uri "/wp-admin.db"] [unique_id "aXSbwxsk9I06X6XiIIZwXwAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-01-19 23:56:44 (5 months ago)	wordpress-trap	Web App Attack
🇱🇻 garmtech.com	2026-01-09 08:46:18 (5 months ago)	IM360 WAF: Old style account creation and modification in Joomla! MV:registration	Web App Attack
🇵🇱 sefinek.net	2025-12-08 20:37:44 (6 months ago)	Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: / UA: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Vivaldi/5.3.2679.68 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2025-11-26 09:28:27 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.156 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.156 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 04:28:21.967010 2025] [security2:error] [pid 25013:tid 25013] [client 104.207.54.156:20115] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dev.jeanniemorrislaw.com"] [uri "/.svn/wc.db"] [unique_id "aSbINWJ2n6hpms9oAP9L_AAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 01:31:31 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.156 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.156 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 20:31:25.444225 2025] [security2:error] [pid 27555:tid 27555] [client 104.207.54.156:39155] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.corepsychotherapycenter.com"] [uri "/.env"] [unique_id "aSZYbR6-n_9QeBOB4jcq9AAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 Rosh	2025-11-25 02:28:05 (7 months ago)	[11/25/25 03:28:05] Unauthorized request HTTP/1.1 404 on port 80	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 09:33:59 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.156 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.156 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:33:53.060750 2025] [security2:error] [pid 3802480:tid 3802480] [client 104.207.54.156:12885] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.gervais-family.com"] [uri "/.env"] [unique_id "aSQmgQxnzrCj7mw9fIFZdwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-12 12:15:34 (7 months ago)	Attempted brute force login to web vpn 36 time(s); last attempt for 2025.11.12 is noted in report ti ... show more Attempted brute force login to web vpn 36 time(s); last attempt for 2025.11.12 is noted in report timestamp show less	Hacking Brute-Force
🇳🇱 exxos	2025-11-02 12:03:01 (7 months ago)	HTTP1.x attacks	DDoS Attack
🇳🇱 exxos	2025-11-02 08:05:34 (7 months ago)	HTTP1.x attacks	DDoS Attack

Showing 1 to 15 of 130 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 91.92.40.4

🇨🇳 112.20.0.8

🇮🇳 106.219.88.69

🇳🇱 91.92.40.19

🇮🇪 155.2.194.78

🇭🇰 152.32.189.59

🇭🇰 118.193.37.50

🇺🇸 107.167.34.125

🇨🇳 60.214.154.214

🇩🇪 43.157.98.118

🇬🇧 217.146.80.104

🇳🇱 195.178.110.232

🇧🇷 152.32.200.213

🇬🇧 143.110.173.163

🇳🇱 45.156.87.127

🇰🇷 43.108.37.116

🇨🇳 42.240.130.185

🇨🇳 42.240.130.92

🇳🇴 20.100.172.253

🇸🇬 217.217.253.235