JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.54.165

104.207.54.165 was found in our database!

This IP was reported 118 times. Confidence of Abuse is 12%: ?

12%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.54.165

Whois 104.207.54.165

IP Abuse Reports for 104.207.54.165:

This IP address has been reported a total of 118 times from 13 distinct sources. 104.207.54.165 was first reported on June 4th 2024, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-05-23 04:48:56 (1 month ago)	Failed Wordpress Logins	Web App Attack
🇩🇪 Spiderpiggy	2026-05-22 20:15:36 (1 month ago)	Automatically reported via Blackhole honeypot on games4you.be. Attempted access to restricted endpoi ... show more Automatically reported via Blackhole honeypot on games4you.be. Attempted access to restricted endpoint: /wp-login.php show less	Brute-Force Bad Web Bot SSH
🇬🇧 PeravixGroup	2026-05-03 18:23:49 (1 month ago)	Honeypot detection: Memcached unauthorized access / amplification attempt on port 2375. Severity: HI ... show more Honeypot detection: Memcached unauthorized access / amplification attempt on port 2375. Severity: HIGH. Aaran.cloud show less	Hacking Exploited Host
🇱🇻 garmtech.com	2026-03-27 12:37:37 (2 months ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 14-37.104.207.54.165.web-spamm ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 14-37.104.207.54.165.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack
🇦🇺 RedBear IT	2026-03-26 10:00:37 (2 months ago)	"DDoS against public endpoint"	DDoS Attack
🇫🇷 mrcrassi	2025-12-24 14:24:05 (5 months ago)	Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: BLOCK Protocol: HTTP/1.1 (POST meth ... show more Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: BLOCK Protocol: HTTP/1.1 (POST method) Endpoint: /wp-login.php UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2025-11-26 11:53:12 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.165 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 06:53:08.137474 2025] [security2:error] [pid 678:tid 678] [client 104.207.54.165:9921] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.rochesterhistorical.org"] [uri "/.env"] [unique_id "aSbqJCSJuCcpuVJPQKjgiAAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 11:20:04 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.165 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 06:19:56.768234 2025] [security2:error] [pid 21052:tid 21052] [client 104.207.54.165:50049] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.goldenvalley1.com"] [uri "/.env"] [unique_id "aSbiXCjqamSX_fWg_1Xd0gAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 00:49:31 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.165 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 19:49:24.488875 2025] [security2:error] [pid 26112:tid 26112] [client 104.207.54.165:52499] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.caribbeantanz.postermodelsworldwideinc.com"] [uri "/.env"] [unique_id "aSZOlIjY-tLst-idZ9OPXAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-23 13:36:31 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.165 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 08:36:24.572038 2025] [security2:error] [pid 1208:tid 1208] [client 104.207.54.165:38459] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.milajarecords.com"] [uri "/.git/HEAD"] [unique_id "aSMN2Brnm-XfTfQelgqS3gAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-10-19 18:39:42 (8 months ago)	Attempted brute force login to web vpn 109 time(s); last attempt for 2025.10.19 is noted in report t ... show more Attempted brute force login to web vpn 109 time(s); last attempt for 2025.10.19 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-10-18 16:21:48 (8 months ago)	Attempted brute force login to web vpn 36 time(s); last attempt for 2025.10.18 is noted in report ti ... show more Attempted brute force login to web vpn 36 time(s); last attempt for 2025.10.18 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-04-06 17:12:54 (1 year ago)	Attempted brute force login to web vpn 1 time(s); last attempt for 2025.04.06 is noted in report tim ... show more Attempted brute force login to web vpn 1 time(s); last attempt for 2025.04.06 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-04-05 21:03:04 (1 year ago)	Attempted brute force login to web vpn 2 time(s); last attempt for 2025.04.05 is noted in report tim ... show more Attempted brute force login to web vpn 2 time(s); last attempt for 2025.04.05 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-04-04 20:13:57 (1 year ago)	Attempted brute force login to web vpn 5 time(s); last attempt for 2025.04.04 is noted in report tim ... show more Attempted brute force login to web vpn 5 time(s); last attempt for 2025.04.04 is noted in report timestamp show less	Hacking Brute-Force

Showing 1 to 15 of 118 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇿 213.230.92.87

🇺🇿 213.230.92.55

🇵🇰 175.107.1.96

🇨🇳 120.48.150.146

🇨🇳 111.26.6.111

🇷🇴 82.152.132.24

🇱🇻 81.30.98.144

🇷🇴 80.94.92.178

🇺🇿 213.230.92.30

🇺🇿 213.230.87.60

🇺🇿 213.230.87.56

🇺🇸 153.66.28.132

🇫🇮 147.185.133.59

🇬🇧 134.209.30.41

🇺🇸 107.175.183.134

🇩🇪 92.205.195.173

🇳🇱 91.92.40.14

🇺🇸 23.94.23.226

🇰🇷 20.214.174.141

🇺🇸 20.190.190.130