JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 45.3.54.166

45.3.54.166 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 18%: ?

18%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 45.3.54.166

Whois 45.3.54.166

IP Abuse Reports for 45.3.54.166:

This IP address has been reported a total of 19 times from 12 distinct sources. 45.3.54.166 was first reported on September 18th 2024, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 IVski	2026-05-11 16:02:47 (3 weeks ago)	IVski WAF \| WordPress scanner detected - probing wp-content, xmlrpc or wp-login	Port Scan Brute-Force Web App Attack
🇳🇱 Mangelot Hosting	2026-05-06 21:02:29 (4 weeks ago)	(bad_user_agent) srv101 Bad User-Agent 45.3.54.166 (GB/-/-): 10 in the last 3600 secs; Ports: ; Dir ... show more (bad_user_agent) srv101 Bad User-Agent 45.3.54.166 (GB/-/-): 10 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
🇳🇱 Site.eu	2026-05-06 17:43:13 (1 month ago)	Excessive 404/403 errors	Brute-Force
🇱🇻 garmtech.com	2026-05-06 00:58:32 (1 month ago)	IM360 WAF: Laravel .env file access	Web App Attack
🇵🇱 nfsec.pl	2026-01-22 03:40:45 (4 months ago)	45.3.54.166 - - [22/Jan/2026:03:40:42 +0000] "GET /index.php?option=com_search&searchword=%20atak&se ... show more 45.3.54.166 - - [22/Jan/2026:03:40:42 +0000] "GET /index.php?option=com_search&searchword=%20atak&searchphrase=exact%20AND%205377%3D9599--%20KbjS&ordering=newest HTTP/1.1" 403 5835 "-" "Mozilla/5.0 (X11; CrOS x86_64 14816.131.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" 45.3.54.166 - - [22/Jan/2026:03:40:43 +0000] "GET /index.php?option=com_search&searchword=%20atak&searchphrase=%28SELECT%20%28CASE%20WHEN%20%281658%3D3885%29%20THEN%20%27exact%27%20ELSE%20%28SELECT%203885%20UNION%20SELECT%204629%29%20END%29%29&ordering=newest HTTP/1.1" 403 5836 "-" "Mozilla/5.0 (X11; CrOS x86_64 14816.131.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" 45.3.54.166 - - [22/Jan/2026:03:40:43 +0000] "GET /index.php?option=com_search&searchword=%20atak&searchphrase=%28SELECT%20%28CASE%20WHEN%20%287621%3D7621%29%20THEN%20%27exact%27%20ELSE%20%28SELECT%208881%20UNION%20SELECT%206303%29%20END%29%29&ordering=newest HTTP/1.1" 403 5836 "-" "Mozilla/5.0 (X11; ... show less	Exploited Host Web App Attack
Anonymous	2025-12-30 12:25:12 (5 months ago)	45.3.54.166 - - [30/Dec/2025:12:25:11 +0000] "GET /.env HTTP/1.1" 302 451 "-" "Mozilla/5.0 (Macintos ... show more 45.3.54.166 - - [30/Dec/2025:12:25:11 +0000] "GET /.env HTTP/1.1" 302 451 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Safari/605.1.15" ... show less	Bad Web Bot Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:18 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-12-29 09:13:44 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 45.3.54.166 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 45.3.54.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 04:13:38.473442 2025] [security2:error] [pid 3687:tid 3687] [client 45.3.54.166:10707] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "scrunchiebutt.com"] [uri "/.svn/wc.db"] [unique_id "aVJGQmVTC5Cyg-ObmaEBTwAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 06:40:38 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 45.3.54.166 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 45.3.54.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 01:40:32.113840 2025] [security2:error] [pid 2980:tid 2994] [client 45.3.54.166:56039] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dubarch.com"] [uri "/.env"] [unique_id "aVIiYBVtsv2QY781bBrk_AAAAMw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 06:24:06 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 45.3.54.166 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 45.3.54.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 01:24:01.013424 2025] [security2:error] [pid 18684:tid 18684] [client 45.3.54.166:40311] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gwdailey.com"] [uri "/.svn/wc.db"] [unique_id "aVIegcfZGEmHg2d2WJmG8QAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 05:26:54 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 45.3.54.166 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 45.3.54.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 00:26:49.961670 2025] [security2:error] [pid 3931:tid 3931] [client 45.3.54.166:22565] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bestprostate.com"] [uri "/.env"] [unique_id "aVIRGZb2FmetzAdHEgoiPQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Hazzard	2025-02-17 23:10:28 (1 year ago)	(wordpress) Failed wordpress login from 45.3.54.166 (CA/Canada/Ontario/Toronto/-/[redacted])	Brute-Force
🇺🇸 TPI-Abuse	2025-01-26 11:42:33 (1 year ago)	(mod_security) mod_security (id:225170) triggered by 45.3.54.166 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:225170) triggered by 45.3.54.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 26 06:42:30.325765 2025] [security2:error] [pid 2765:tid 2765] [client 45.3.54.166:51909] [client 45.3.54.166] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|canelli.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "canelli.net"] [uri "/wp-json/wp/v2/users"] [unique_id "Z5YfphM_ZyuLT_JjlDIqugAAAA0"], referer: https://canelli.net show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-01-13 07:33:26 (1 year ago)	(mod_security) mod_security (id:225170) triggered by 45.3.54.166 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:225170) triggered by 45.3.54.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 13 02:33:20.841313 2025] [security2:error] [pid 10113:tid 10113] [client 45.3.54.166:35909] [client 45.3.54.166] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|palacio.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "palacio.org"] [uri "/wp-json/wp/v2/users"] [unique_id "Z4TBwJMXwD-RLUxrNGs4CwAAAAE"], referer: https://palacio.org show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 polycoda	2024-11-22 16:19:45 (1 year ago)	🔑 Wordpress login brute force attempt	Hacking Web App Attack

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 122.187.230.38

🇱🇹 45.227.254.170

🇧🇷 45.169.43.164

🇯🇵 2a09:bac1:3b20:10::16:1da

🇬🇧 193.163.125.170

🇮🇪 52.214.50.255

🇵🇱 194.180.49.71

🇺🇸 192.210.228.134

🇮🇹 185.197.8.150

🇨🇳 183.129.249.4

🇺🇸 172.93.103.3

🇮🇳 103.81.182.187

🇺🇸 20.163.2.53

🇨🇦 20.151.179.130

🇧🇷 205.210.31.240

🇹🇳 197.5.145.150

🇷🇺 176.120.22.113

🇳🇱 176.65.149.203

🇮🇱 130.185.102.59

🇦🇺 101.0.106.166