JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.236.80.54

104.236.80.54 was found in our database!

This IP was reported 51 times. Confidence of Abuse is 0%: ?

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	🇺🇸 United States of America
City	Clifton, New Jersey

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.236.80.54

Whois 104.236.80.54

IP Abuse Reports for 104.236.80.54:

This IP address has been reported a total of 51 times from 23 distinct sources. 104.236.80.54 was first reported on March 2nd 2025, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 OptimusGO	2026-04-20 15:29:32 (1 month ago)	Malicious activity detected: web_attack Server: commstackbc (185.127.18.66) Attack: web_attack Time ... show more Malicious activity detected: web_attack Server: commstackbc (185.127.18.66) Attack: web_attack Timestamp: 2026-04-20 16:29:32 UTC Log evidence: show less	Port Scan Brute-Force
🇬🇧 OptimusGO	2026-04-18 00:05:32 (1 month ago)	Malicious activity detected: web_attack Server: commstackbc (185.127.18.66) Attack: web_attack Time ... show more Malicious activity detected: web_attack Server: commstackbc (185.127.18.66) Attack: web_attack Timestamp: 2026-04-18 01:05:32 UTC Log evidence: show less	Port Scan Brute-Force
🇬🇧 OptimusGO	2026-04-15 13:24:59 (1 month ago)	Malicious activity detected: web_attack Server: commstackbc (185.127.18.66) Attack: web_attack Time ... show more Malicious activity detected: web_attack Server: commstackbc (185.127.18.66) Attack: web_attack Timestamp: 2026-04-15 14:24:59 UTC Log evidence: show less	Port Scan Brute-Force
🇨🇳 ThreatBook.io	2026-04-06 00:56:28 (2 months ago)	ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/104.236.80.54 2026-04- ... show more ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/104.236.80.54 2026-04-05 02:19:22 http://httpbin.org/ip 2026-04-05 02:19:22 //httpbin.org:443 show less	Web App Attack
🇨🇦 aks4226	2026-04-05 06:57:35 (2 months ago)	Abusive attempts to CONNECT via mod_proxy.	Open Proxy
🇨🇳 ThreatBook.io	2026-04-05 00:35:54 (2 months ago)	ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/104.236.80.54 2026-04- ... show more ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/104.236.80.54 2026-04-04 14:22:04 //httpbin.org:443 2026-04-04 14:22:04 http://httpbin.org/ip show less	Web App Attack
🇨🇳 ThreatBook.io	2026-04-04 01:16:25 (2 months ago)	ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/104.236.80.54 2026-04- ... show more ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/104.236.80.54 2026-04-03 17:16:06 http://httpbin.org/ip 2026-04-03 17:16:07 //httpbin.org:443 2026-04-03 05:15:59 //httpbin.org:443 2026-04-03 05:15:59 http://httpbin.org/ip show less	Web App Attack
🇯🇵 mkaraki	2026-04-03 22:03:10 (2 months ago)	1775253787 # Service_probe # SIGNATURE_SEND # source_ip:104.236.80.54 # dst_port:9050 ...	Port Scan
🇧🇷 somosbr	2026-04-03 16:41:41 (2 months ago)	[2026-04-03T16:41:41Z] Unsolicited scan from 104.236.80.54 to port 3128/tcp	Port Scan
🇺🇸 TPI-Abuse	2026-04-03 05:24:34 (2 months ago)	(mod_security) mod_security (id:217210) triggered by 104.236.80.54 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:217210) triggered by 104.236.80.54 (-): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 03 01:24:28.924270 2026] [security2:error] [pid 30294:tid 30294] [client 104.236.80.54:34140] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./](?::\\\\d+)?)?/[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S])?\|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?\|options \\\\)\\\\s+[\\\\w\\\\./]+\|get /[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line\|\|httpbin.org:443\|F\|4"] [data "CONNECT httpbin.org:443 HTTP/1.1"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "httpbin.org"] [uri "/"] [unique_id "ac9PDNqqfQsk7LNXm4UuoAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-04-03 01:41:26 (2 months ago)	Portscan	Port Scan
🇧🇾 StatsMe	2026-04-02 21:14:25 (2 months ago)	2026-04-02T00:55:22.155176+0300 ET SCAN NMAP -sS window 1024	Port Scan
🇺🇸 TPI-Abuse	2026-04-02 19:19:37 (2 months ago)	(mod_security) mod_security (id:217210) triggered by 104.236.80.54 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:217210) triggered by 104.236.80.54 (-): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 02 15:19:30.731270 2026] [security2:error] [pid 20016:tid 20016] [client 104.236.80.54:57522] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./](?::\\\\d+)?)?/[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S])?\|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?\|options \\\\)\\\\s+[\\\\w\\\\./]+\|get /[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line\|\|httpbin.org:443\|F\|4"] [data "CONNECT httpbin.org:443 HTTP/1.1"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "httpbin.org"] [uri "/"] [unique_id "ac7BQrwXF2_NirH4jeI2BAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 polycoda	2026-04-02 11:40:13 (2 months ago)	📡 Port scan	Hacking Web App Attack
🇳🇱 EGP Abuse Dept	2026-04-02 09:44:13 (2 months ago)	Unauthorized connection to proxy port 8080	Port Scan Hacking

Showing 1 to 15 of 51 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇪 171.25.158.74

🇺🇸 159.223.179.163

🇺🇸 128.203.203.4

🇮🇳 103.112.20.218

🇷🇺 176.109.97.11

🇪🇪 83.166.52.138

🇷🇴 80.94.92.184

🇸🇬 43.160.250.239

🇬🇧 35.203.211.51

🇺🇸 34.170.103.78

🇳🇱 5.83.143.122

🇸🇬 172.253.236.210

🇩🇪 167.94.145.28

🇫🇷 144.91.116.124

🇮🇳 139.59.59.165

🇮🇩 128.14.233.253

🇻🇳 113.161.176.135

🇯🇵 107.155.15.8

🇵🇱 87.251.64.158

🇧🇷 45.181.33.218