JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.54.59

104.207.54.59 was found in our database!

This IP was reported 130 times. Confidence of Abuse is 9%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.54.59

Whois 104.207.54.59

IP Abuse Reports for 104.207.54.59:

This IP address has been reported a total of 130 times from 16 distinct sources. 104.207.54.59 was first reported on June 7th 2024, and the most recent report was 4 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 4 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-05-13 11:16:58 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.59 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 13 07:16:53.980787 2026] [security2:error] [pid 25022:tid 25022] [client 104.207.54.59:59007] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "seacorre.de"] [uri "/.git/HEAD"] [unique_id "agRdpUOXYba1twkcfQK7XgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 2000cn.com.au	2026-05-10 12:33:29 (1 month ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
🇺🇸 TPI-Abuse	2026-02-18 03:46:08 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.59 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 17 22:46:02.456482 2026] [security2:error] [pid 3154784:tid 3154784] [client 104.207.54.59:48233] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "robcohn.com"] [uri "/app/.env"] [unique_id "aZU1-uNg38L14o_0SESUDgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 02:40:19 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.59 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 17 21:40:16.840849 2026] [security2:error] [pid 15067:tid 15067] [client 104.207.54.59:48387] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "representacionesthompson.com"] [uri "/.env.save"] [unique_id "aZUmkHO2aGUTlPBcaFAX-gAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 jjnxpct	2026-02-16 04:54:21 (3 months ago)	Automated security incident from hosting server. ModSecurity blocked suspicious request targeting UR ... show more Automated security incident from hosting server. ModSecurity blocked suspicious request targeting URI: /.aws/credentials (Rule ID: 930130) - Restricted File Access Attempt show less	Hacking Web App Attack
🇺🇸 mnsf	2026-02-15 13:05:15 (3 months ago)	Too many Status 40X (12) Scanning/Probing (14)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 11:55:19 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.59 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 06:55:15.687280 2026] [security2:error] [pid 9758:tid 9758] [client 104.207.54.59:37127] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "paladinmicro.com"] [uri "/app/.git/config"] [unique_id "aZG0IylFBLDqHefp5EnUnwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 2000cn.com.au	2026-02-15 06:44:06 (3 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Hacking Web App Attack
🇩🇪 iNetWorker	2026-02-15 05:53:55 (3 months ago)	trolling for resource vulnerabilities	Web App Attack
🇩🇪 big-cloud.nl	2026-02-15 05:51:10 (3 months ago)	Try to access /api/.git/config	Web App Attack
🇷🇺 DZBOT	2026-02-15 05:31:11 (3 months ago)	Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 04:57:27 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.59 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 23:57:20.980783 2026] [security2:error] [pid 18955:tid 18955] [client 104.207.54.59:36937] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sarahpeebles.net"] [uri "/backend/.env"] [unique_id "aZFSMGw3B3JIuOBzZCl1ogAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 04:35:04 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.59 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 23:34:56.560586 2026] [security2:error] [pid 27696:tid 27696] [client 104.207.54.59:50119] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "prcs.biz"] [uri "/app/.git/config"] [unique_id "aZFM8MNskje1capmbGPgIgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 03:31:06 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.59 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 22:30:58.790452 2026] [security2:error] [pid 17317:tid 17317] [client 104.207.54.59:17923] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "noisepie.com"] [uri "/app/.git/config"] [unique_id "aZE98gakKp5qDH78m4QBjwAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 02:55:57 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.59 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.59 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 21:55:54.063079 2026] [security2:error] [pid 32368:tid 32368] [client 104.207.54.59:64931] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "podbillspec.com"] [uri "/config/.env"] [unique_id "aZE1umc_OJfKUjW3pSK9oAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 130 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇮 35.228.67.103

🇮🇳 182.71.135.110

🇺🇸 151.240.103.8

🇲🇲 103.233.206.154

🇵🇭 58.69.56.44

🇮🇳 49.37.113.82

🇳🇱 45.116.104.33

🇺🇸 45.79.214.23

🇰🇷 40.82.128.123

🇬🇧 35.203.210.215

🇨🇳 180.165.18.241

🇭🇰 172.253.5.30

🇩🇪 167.94.145.27

🇩🇪 152.53.22.186

🇩🇪 64.89.163.173

🇩🇪 213.209.159.158

🇩🇪 209.50.183.8

🇧🇷 200.196.50.91

🇲🇽 186.96.145.241

🇨🇳 124.70.140.201