AbuseIPDB » 154.213.199.206

154.213.199.206 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 16%: ?

16%

ISP	3xK Tech GmbH
Usage Type	Fixed Line ISP
ASN	AS200373
Domain Name	3xktech.cloud
Country	Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 154.213.199.206

Whois 154.213.199.206

IP Abuse Reports for 154.213.199.206:

This IP address has been reported a total of 16 times from 6 distinct sources. 154.213.199.206 was first reported on October 7th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago. It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
Anonymous	2025-07-02 18:09:55 (1 week ago)	154.213.199.206 - - [02/Jul/2025:20:09:53 +0200] "GET http://reinwardtacademie.amsterdam:80/wp-inclu ... show more154.213.199.206 - - [02/Jul/2025:20:09:53 +0200] "GET http://reinwardtacademie.amsterdam:80/wp-includes/ID3/license.txt HTTP/1.1" 404 450 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 154.213.199.206 - - [02/Jul/2025:20:09:53 +0200] "GET http://reinwardtacademie.amsterdam:80/feed/ HTTP/1.1" 404 450 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 154.213.199.206 - - [02/Jul/2025:20:09:54 +0200] "GET http://reinwardtacademie.amsterdam:80/xmlrpc.php?rsd HTTP/1.1" 404 450 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 154.213.199.206 - - [02/Jul/2025:20:09:54 +0200] "GET http://reinwardtacademie.amsterdam:80/blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 450 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/53 ... show less	Bad Web Bot
VHosting	2025-06-15 23:20:06 (3 weeks ago)	Detected attack by Imunify360	Brute-Force Web App Attack
COMPLEX	2025-05-15 03:11:12 (1 month ago)	Triggered Cloudflare WAF (firewallCustom) from FR. Action taken: BLOCK ASN: 200373 (DREI ... show moreTriggered Cloudflare WAF (firewallCustom) from FR. Action taken: BLOCK ASN: 200373 (DREI-K-TECH-GMBH) Protocol: HTTP/2 (GET method) Timestamp: 2025-05-15T03:09:19Z show less	Bad Web Bot
Anonymous	2025-04-21 11:25:19 (2 months ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
TPI-Abuse	2025-04-10 20:32:30 (3 months ago)	(mod_security) mod_security (id:225170) triggered by 154.213.199.206 (-): 1 in the last 300 secs; Po ... show more(mod_security) mod_security (id:225170) triggered by 154.213.199.206 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 10 16:32:26.961453 2025] [security2:error] [pid 3163454:tid 3163454] [client 154.213.199.206:27049] [client 154.213.199.206] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|rockymtnfire.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "rockymtnfire.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z_gq2q4PqJwbdvv-K-4nLQAAAAo"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-04-09 08:07:00 (3 months ago)	(mod_security) mod_security (id:225170) triggered by 154.213.199.206 (-): 1 in the last 300 secs; Po ... show more(mod_security) mod_security (id:225170) triggered by 154.213.199.206 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 09 04:06:54.114103 2025] [security2:error] [pid 2008064:tid 2008064] [client 154.213.199.206:48971] [client 154.213.199.206] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|gemexpressions.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "gemexpressions.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z_YqnorVL8GvGS0OoYx2OQAAABQ"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-04-09 03:24:18 (3 months ago)	(mod_security) mod_security (id:225170) triggered by 154.213.199.206 (-): 1 in the last 300 secs; Po ... show more(mod_security) mod_security (id:225170) triggered by 154.213.199.206 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 08 23:24:15.228837 2025] [security2:error] [pid 2515555:tid 2515555] [client 154.213.199.206:48069] [client 154.213.199.206] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|ursell.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ursell.org"] [uri "/wp-json/wp/v2/users"] [unique_id "Z_XoX-jVL-aWZoHkqPWQQwAAAAM"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-04-09 00:14:32 (3 months ago)	(mod_security) mod_security (id:225170) triggered by 154.213.199.206 (-): 1 in the last 300 secs; Po ... show more(mod_security) mod_security (id:225170) triggered by 154.213.199.206 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 08 20:14:24.035606 2025] [security2:error] [pid 31948:tid 31948] [client 154.213.199.206:49909] [client 154.213.199.206] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|ainalea.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ainalea.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z_W74E9IZMmKXP7k5LFj_gAAABA"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-04-08 17:37:40 (3 months ago)	(mod_security) mod_security (id:225170) triggered by 154.213.199.206 (-): 1 in the last 300 secs; Po ... show more(mod_security) mod_security (id:225170) triggered by 154.213.199.206 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 08 13:37:33.835842 2025] [security2:error] [pid 24155:tid 24155] [client 154.213.199.206:53675] [client 154.213.199.206] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|calvarycavaliers.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "calvarycavaliers.org"] [uri "/wp-json/wp/v2/users"] [unique_id "Z_Ve3VgT-VYo0UxTWT2DzQAAABk"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-04-05 02:42:22 (3 months ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
TPI-Abuse	2025-04-01 05:18:38 (3 months ago)	(mod_security) mod_security (id:225170) triggered by 154.213.199.206 (-): 1 in the last 300 secs; Po ... show more(mod_security) mod_security (id:225170) triggered by 154.213.199.206 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 01 01:18:30.881650 2025] [security2:error] [pid 27288:tid 27288] [client 154.213.199.206:9477] [client 154.213.199.206] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|tag-scaffolding.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "tag-scaffolding.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z-t3JvYAz4EzpbSb3arUVAAAABQ"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-01-10 20:18:52 (6 months ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2025-01-07 04:22:14 (6 months ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2024-12-30 08:00:04 (6 months ago)	Attempted brute force login to web vpn 12 time(s); last attempt for 2024.12.30 is noted in report ti ... show moreAttempted brute force login to web vpn 12 time(s); last attempt for 2024.12.30 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2024-12-29 22:27:28 (6 months ago)	Attempted brute force login to web vpn 1 time(s); last attempt for 2024.12.29 is noted in report tim ... show moreAttempted brute force login to web vpn 1 time(s); last attempt for 2024.12.29 is noted in report timestamp show less	Hacking Brute-Force

Showing 1 to 15 of 16 reports

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩

Recently Reported IPs:

81.30.107.153

103.139.193.210

91.231.89.208

35.203.210.36

190.204.7.239

192.210.233.234

80.94.95.15

80.94.92.103

20.80.88.197

41.24.28.220

193.201.189.116

147.185.133.87

118.179.219.137

193.163.125.112

185.93.89.118

80.7.154.183

51.161.8.48

91.191.209.218

203.202.232.163

65.49.20.80