JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.54.254

104.207.54.254 was found in our database!

This IP was reported 126 times. Confidence of Abuse is 30%: ?

30%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.54.254

Whois 104.207.54.254

IP Abuse Reports for 104.207.54.254:

This IP address has been reported a total of 126 times from 24 distinct sources. 104.207.54.254 was first reported on June 7th 2024, and the most recent report was 10 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Sklurk	2026-06-20 05:07:52 (10 hours ago)	Web App Attack	Web App Attack
Anonymous	2026-05-29 13:40:55 (3 weeks ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇺🇸 TPI-Abuse	2026-05-20 16:48:54 (4 weeks ago)	(mod_security) mod_security (id:210730) triggered by 104.207.54.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 104.207.54.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 20 12:48:49.575417 2026] [security2:error] [pid 30097:tid 30097] [client 104.207.54.254:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.eddysgroup.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.eddysgroup.com"] [uri "/s3cmd.ini"] [unique_id "ag3l8WpLuu99nUV-E7u2nAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2026-05-13 07:41:34 (1 month ago)	IM360 WAF: Old style account creation and modification in Joomla! MV:registration	Web App Attack
Anonymous	2026-05-11 15:35:02 (1 month ago)	suspicious request in access.log	Web App Attack
🇨🇭 4server	2026-04-29 12:00:49 (1 month ago)	[WedApr2914:00:41.4740872026][security2:error][pid1367302:tid1368531][client104.207.54.254:0]ModSecu ... show more [WedApr2914:00:41.4740872026][security2:error][pid1367302:tid1368531][client104.207.54.254:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\$mozilla\^\\|mozilla/[45]\\\\\\\\.[1-9]\\|\^mozilla/4\\\\\\\\.0\$$\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"361\"][id\"330131\"][rev\"3\"][msg\"Atomicorp.comWAFRules:MaliciousBotBlocked$FakeMozillaUserAgentStringDetected$\"][severity\"CRITICAL\"][hostname\"4host.biz\"][uri\"/.aws/credentials\"][unique_id\"afHy6ZfxTQ5wORC9PckBtAAAARU\"] show less	Hacking Web App Attack
🇫🇷 SpaceHost-Server	2026-04-28 22:27:20 (1 month ago)		Brute-Force Web App Attack
🇫🇷 SpaceHost-Server	2026-04-27 22:26:17 (1 month ago)		Brute-Force Web App Attack
Anonymous	2026-04-27 08:57:31 (1 month ago)	Fail2Ban triggered	Web App Attack
🇵🇱 sefinek.net	2026-02-10 03:55:53 (4 months ago)	Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: / UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1264.71 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇵🇱 sefinek.net	2026-01-24 02:20:04 (4 months ago)	Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: /genshin-stella-mod UA: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:114.0) Gecko/20100101 Firefox/114.0 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
Anonymous	2026-01-03 13:34:33 (5 months ago)	Attempted brute force login to web vpn 18 time(s); last attempt for 2026.01.03 is noted in report ti ... show more Attempted brute force login to web vpn 18 time(s); last attempt for 2026.01.03 is noted in report timestamp show less	Hacking Brute-Force
🇵🇱 sefinek.net	2025-12-08 10:58:52 (6 months ago)	Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: /genshin-stella-mod UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 YaBrowser/22.7.0 Yowser/2.5 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
Anonymous	2025-12-06 11:38:46 (6 months ago)	ICONZDE WEBFORM SPAM 104.207.54.254 (104.207.54.254)	Web Spam
🇺🇸 TPI-Abuse	2025-12-02 08:28:41 (6 months ago)	(mod_security) mod_security (id:210740) triggered by 104.207.54.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210740) triggered by 104.207.54.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 03:28:32.516240 2025] [security2:error] [pid 25688:tid 25688] [client 104.207.54.254:54005] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy\|\|studiopilates.net\|F\|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] [hostname "studiopilates.net"] [uri "/contact/"] [unique_id "aS6jMHERl2H5Kbt4VM61_gAAABc"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 126 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇯🇵 203.25.124.129

🇲🇽 187.190.35.163

🇮🇩 163.7.11.155

🇩🇰 158.173.74.153

🇧🇷 143.202.43.254

🇺🇸 40.121.200.75

🇰🇷 222.239.251.12

🇩🇰 158.173.74.131

🇩🇰 158.173.74.67

🇺🇸 143.198.238.84

🇳🇴 84.208.161.43

🇺🇸 74.7.230.4

🇺🇸 72.241.40.148

🇺🇸 52.146.21.59

🇺🇸 45.79.192.32

🇬🇧 35.203.211.237

🇩🇪 31.70.71.228

🇺🇸 17.22.245.142

🇳🇱 5.61.209.43

🇨🇦 2607:5300:203:b459::