JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.54.63

104.207.54.63 was found in our database!

This IP was reported 147 times. Confidence of Abuse is 8%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.54.63

Whois 104.207.54.63

IP Abuse Reports for 104.207.54.63:

This IP address has been reported a total of 147 times from 17 distinct sources. 104.207.54.63 was first reported on June 4th 2024, and the most recent report was 4 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 4 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 PeravixGroup	2026-05-09 09:35:43 (4 weeks ago)	Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severit ... show more Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇧🇷 Halux	2026-05-02 06:19:40 (1 month ago)	104.207.54.63 Probing protected path or service	Web App Attack
🇺🇸 oncord	2026-03-08 14:27:14 (2 months ago)	Form spam	Web Spam
🇦🇺 oncord	2026-02-28 22:45:38 (3 months ago)	Form spam	Web Spam
🇦🇺 oncord	2026-02-04 14:07:38 (4 months ago)	Form spam	Web Spam
🇦🇺 MAGIC	2026-01-13 03:18:40 (4 months ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇺🇸 TPI-Abuse	2025-11-29 02:56:58 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 28 21:56:52.014540 2025] [security2:error] [pid 2235256:tid 2235256] [client 104.207.54.63:9151] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "accentcorporatemedia.com"] [uri "/.env.local"] [unique_id "aSpg9CplbXNvstCthiDtMAAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-28 16:19:55 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 28 11:19:49.105942 2025] [security2:error] [pid 24418:tid 24511] [client 104.207.54.63:21041] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "104ventures.com"] [uri "/wp-config.php.bak"] [unique_id "aSnLpTjT-9cHBgepQnEq8AAAAMY"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 madeit	2025-11-27 12:21:21 (6 months ago)		Web App Attack
🇳🇱 homeshowdomain.nl	2025-11-25 22:59:46 (6 months ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2025-11-24. show less	Hacking Web App Attack SSH
🇺🇸 TPI-Abuse	2025-11-25 04:20:10 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:20:03.125654 2025] [security2:error] [pid 18912:tid 18912] [client 104.207.54.63:57423] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.anneoday.com"] [uri "/.svn/wc.db"] [unique_id "aSUuczP3skHfYXwqX1fy6wAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:00:23 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:00:09.237726 2025] [security2:error] [pid 18806:tid 18806] [client 104.207.54.63:32835] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.casalaaldehuela.com"] [uri "/.env"] [unique_id "aSUpyd0fkjcvs_GkxuTWRwAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 02:47:35 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 21:47:28.779277 2025] [security2:error] [pid 5764:tid 5764] [client 104.207.54.63:32667] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.rotorservice.com"] [uri "/.git/HEAD"] [unique_id "aSUYwF0TWbaB537Zhkk94wAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 02:12:29 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 21:12:23.541594 2025] [security2:error] [pid 4443:tid 4443] [client 104.207.54.63:21887] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.margroberts.com"] [uri "/.env"] [unique_id "aSUQh7wr2JgrGHwnPzQj3AAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 00:46:22 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 19:46:16.941065 2025] [security2:error] [pid 21455:tid 21455] [client 104.207.54.63:36801] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.aabondwnc.com"] [uri "/.env"] [unique_id "aST8WIFq16ykgheGATlMawAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 147 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 191.232.196.122

🇸🇬 118.139.164.171

🇷🇴 80.94.92.177

🇨🇳 222.141.37.87

🇨🇳 219.155.204.98

🇨🇳 219.152.63.187

🇨🇳 218.25.89.208

🇩🇪 213.209.159.108

🇩🇪 213.209.159.56

🇰🇷 211.253.31.30

🇳🇱 160.119.69.14

🇻🇳 58.186.20.101

🇩🇪 45.130.202.82

🇬🇧 35.203.210.110

🇻🇳 27.79.1.84

🇷🇴 2.57.122.238

🇰🇪 217.199.148.237

🇮🇩 180.247.63.135

🇯🇵 110.233.212.111

🇵🇰 110.36.22.249