JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.54.66

104.207.54.66 was found in our database!

This IP was reported 122 times. Confidence of Abuse is 17%: ?

17%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.54.66

Whois 104.207.54.66

IP Abuse Reports for 104.207.54.66:

This IP address has been reported a total of 122 times from 17 distinct sources. 104.207.54.66 was first reported on June 11th 2024, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 LRob.fr	2026-06-14 18:15:25 (1 day ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇫🇮 inlink.ltd	2026-05-25 10:58:41 (3 weeks ago)	Known malicious PHP file or CMS probe	Web App Attack
🇬🇧 PeravixGroup	2026-05-07 11:54:19 (1 month ago)	Honeypot detection: Docker daemon unauthorized access / container escape attempt on port 2375. Sever ... show more Honeypot detection: Docker daemon unauthorized access / container escape attempt on port 2375. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇬🇧 PeravixGroup	2026-05-06 19:10:32 (1 month ago)	Honeypot detection: Apache CouchDB unauthorized access / exploitation attempt on port 5984. Severity ... show more Honeypot detection: Apache CouchDB unauthorized access / exploitation attempt on port 5984. Severity: CRITICAL. Aaran.cloud show less	Hacking Exploited Host
🇺🇸 TPI-Abuse	2026-02-12 05:20:25 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 00:20:22.201898 2026] [security2:error] [pid 10831:tid 10831] [client 104.207.54.66:61153] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "artisticheadstones.com"] [uri "/new/.git/config"] [unique_id "aY1jFii7-CqOsY07RySEYQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-10 17:45:21 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 10 12:44:24.041906 2026] [security2:error] [pid 7263:tid 7263] [client 104.207.54.66:27369] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "1st-advantage-arkansas-real-estate-school.com"] [uri "/test/.git/config"] [unique_id "aYtueNIL9YTG9o_qrUrW9gAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇩 Burayot	2026-02-10 06:42:44 (4 months ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 104.207.54.66 (DE/Germany/-): 1 in ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 104.207.54.66 (DE/Germany/-): 1 in the last 3600 secs show less	Web App Attack
🇺🇸 TPI-Abuse	2026-02-10 04:24:55 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 23:24:47.680337 2026] [security2:error] [pid 20503:tid 20503] [client 104.207.54.66:38923] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "iconbizpromo.com"] [uri "/backup/.git/config"] [unique_id "aYqzD57MkgJd24vkLbb86wAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-10 03:05:58 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 22:05:50.264354 2026] [security2:error] [pid 31919:tid 31919] [client 104.207.54.66:24497] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "madronabluff.com"] [uri "/new/.git/config"] [unique_id "aYqgjhJBM58Mn-0PGnlcwAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-10 02:34:31 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 21:34:24.625858 2026] [security2:error] [pid 3836:tid 3836] [client 104.207.54.66:49119] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hyps.net"] [uri "/frontend/.env"] [unique_id "aYqZMDmD1yX7un0JQOVxHAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 Anymous	2026-02-10 00:35:43 (4 months ago)	GET /backup/.git/config HTTP/1.1 404 3779 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit ... show more GET /backup/.git/config HTTP/1.1 404 3779 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" show less	Port Scan Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 23:16:44 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.54.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.54.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 18:16:26.454700 2026] [security2:error] [pid 15992:tid 15992] [client 104.207.54.66:52847] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "keepingitsharp.biz"] [uri "/.env.save"] [unique_id "aYpqyu_oFtOERWjgvp4a3QAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-12 13:14:19 (7 months ago)	Attempted brute force login to web vpn 18 time(s); last attempt for 2025.11.12 is noted in report ti ... show more Attempted brute force login to web vpn 18 time(s); last attempt for 2025.11.12 is noted in report timestamp show less	Hacking Brute-Force
🇺🇸 dtorrer	2025-10-29 23:07:02 (7 months ago)	Brute-force general attack.	Brute-Force
Anonymous	2025-04-07 10:33:07 (1 year ago)	Attempted brute force login to web vpn 5 time(s); last attempt for 2025.04.07 is noted in report tim ... show more Attempted brute force login to web vpn 5 time(s); last attempt for 2025.04.07 is noted in report timestamp show less	Hacking Brute-Force

Showing 1 to 15 of 122 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 195.178.110.204

🇨🇱 172.217.39.153

🇩🇪 167.94.146.63

🇬🇧 45.82.76.127

🇺🇸 34.150.163.191

🇺🇸 18.189.74.1

🇨🇳 222.222.73.70

🇹🇭 150.95.82.21

🇺🇸 64.62.197.236

🇩🇪 46.249.99.46

🇸🇨 45.194.67.8

🇨🇳 36.142.212.219

🇺🇸 209.126.9.255

🇨🇳 183.199.247.100

🇩🇿 154.241.55.55

🇦🇫 149.54.62.62

🇻🇳 103.90.227.203

🇧🇬 78.83.249.54

🇳🇱 45.148.10.183

🇪🇬 41.65.118.172