JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.54.250

104.207.54.250 was found in our database!

This IP was reported 152 times. Confidence of Abuse is 39%: ?

39%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.54.250

Whois 104.207.54.250

IP Abuse Reports for 104.207.54.250:

This IP address has been reported a total of 152 times from 27 distinct sources. 104.207.54.250 was first reported on June 11th 2024, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Sklurk	2026-06-23 03:54:21 (3 days ago)	Web App Attack	Web App Attack
🇦🇹 neo72	2026-06-21 16:34:07 (5 days ago)	Detected malicious activity - bulk block	Brute-Force Web App Attack
🇫🇷 tilellit.pro	2026-06-19 11:11:37 (1 week ago)	Fail2Ban banned 104.207.54.250 for security violations in jail wp-armour. Log: 2026/06/19 11:11:37 [ ... show more Fail2Ban banned 104.207.54.250 for security violations in jail wp-armour. Log: 2026/06/19 11:11:37 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 104.207.54.250 \| Target: wplogin" , client: 104.207.54.250, server: [REDACTED], request: "POST /wp-login.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED], referrer: "https://comerciogallego.es/wp-login.php" ... show less	Web Spam
🇬🇷 setupgr	2026-06-18 23:57:29 (1 week ago)	(mod_security) mod_security (id:900001) triggered by 104.207.54.250 (DE/Germany/State of Berlin/Berl ... show more (mod_security) mod_security (id:900001) triggered by 104.207.54.250 (DE/Germany/State of Berlin/Berlin/-/[AS200373 DREI-K-TECH-GMBH]): 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Fri Jun 19 02:57:25.033100 2026] [security2:error] [pid 2321:tid 2501] [client 104.207.54.250:59765] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|sea-sound\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "75"] [id "900001"] [msg "Blocked WP Login attempt on domain: babis.photo"] [severity "CRITICAL"] [tag "security"] [hostname "babis.photo"] [uri "/wp-login.php"] [unique_id "ajSF5dQ6GrQCM-JSBa9QYQAAAQQ"], referer: https://babis.photo/wp-login.php show less	Port Scan
🇫🇷 ELYAZ	2026-06-15 22:13:07 (1 week ago)	(y4) Failed scan -byebye- from 104.207.54.250 (DE/Germany/-): (CF_ENABLE)	Hacking
🇦🇺 paulshipley.com.au	2026-06-15 19:09:45 (1 week ago)	levellagiftware.com.au:443 104.207.54.250 - - [16/Jun/2026:05:09:42 +1000] "GET /?author=3 HTTP/1.1" ... show more levellagiftware.com.au:443 104.207.54.250 - - [16/Jun/2026:05:09:42 +1000] "GET /?author=3 HTTP/1.1" 404 194828 "https://wordpress.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:119.0) Gecko/20100101 Firefox/119.0" ... show less	Web App Attack
🇩🇪 LRob.fr	2026-05-27 13:30:10 (4 weeks ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇩🇪 4server	2026-04-30 12:44:36 (1 month ago)	[ThuApr3014:44:31.1614392026][security2:error][pid2445841:tid2445870][client104.207.54.250:0]ModSecu ... show more [ThuApr3014:44:31.1614392026][security2:error][pid2445841:tid2445870][client104.207.54.250:0]ModSecurity:Accessdeniedwithcode403$phase1$.Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"restaurantgandria.ch\"][uri\"/xmlrpc.php\"][unique_id\"afNOr8HrLv55FO8HHzgcBQAAAJI\"] show less	Port Scan Brute-Force Web App Attack
🇦🇺 RedBear IT	2026-03-26 10:00:37 (3 months ago)	"DDoS against public endpoint"	DDoS Attack
🇳🇱 homeshowdomain.nl	2026-02-13 22:59:49 (4 months ago)	Auto-ban: >3000 req/min op 2026-02-13	Hacking Web App Attack SSH
🇺🇸 TPI-Abuse	2026-02-13 04:09:16 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.250 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.250 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 23:09:09.721513 2026] [security2:error] [pid 15717:tid 15717] [client 104.207.54.250:24159] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kingmanrents.com"] [uri "/config/.env"] [unique_id "aY6j5TCv5-GeAc8FIWXgbwAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 02:46:50 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.250 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.250 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 21:46:45.907557 2026] [security2:error] [pid 2127035:tid 2127035] [client 104.207.54.250:18229] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aluthienproperties.com"] [uri "/.git/config"] [unique_id "aY6QleV2qCiu3MFHun6mZwAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 01:35:33 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.250 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.250 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 20:35:25.031793 2026] [security2:error] [pid 9750:tid 9750] [client 104.207.54.250:43693] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "katemcleod.net"] [uri "/backup/.git/config"] [unique_id "aY5_3e3VuRUB_oZBcGYfzQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-12 20:17:32 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.250 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.250 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 15:17:28.574082 2026] [security2:error] [pid 540530:tid 540530] [client 104.207.54.250:39529] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "enespiral.net"] [uri "/.env"] [unique_id "aY41WKU6oYQZ_4mzRsrvsQAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-12 16:44:46 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.250 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.250 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 11:44:38.611557 2026] [security2:error] [pid 8112:tid 8112] [client 104.207.54.250:38621] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aurumprivatecapital.com"] [uri "/.env"] [unique_id "aY4Ddga4_W6L6Eo8B8WHsQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 152 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇩 160.187.174.22

🇺🇦 176.103.4.212

🇺🇸 47.132.209.110

🇺🇸 43.166.134.114

🇵🇰 39.35.234.192

🇧🇷 205.210.31.142

🇺🇸 205.210.31.42

🇩🇪 185.30.32.114

🇧🇷 160.238.24.130

🇨🇳 114.105.203.70

🇫🇮 86.54.25.235

🇺🇸 48.216.242.171

🇸🇬 45.197.12.65

🇳🇱 45.148.10.141

🇵🇱 23.27.225.117

🇻🇳 14.225.230.168

🇧🇪 9.160.104.136

🇧🇪 198.235.24.199

🇧🇷 186.238.242.194

🇦🇺 173.234.106.21