JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.50.94

104.207.50.94 was found in our database!

This IP was reported 133 times. Confidence of Abuse is 4%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.50.94

Whois 104.207.50.94

IP Abuse Reports for 104.207.50.94:

This IP address has been reported a total of 133 times from 17 distinct sources. 104.207.50.94 was first reported on June 13th 2024, and the most recent report was 17 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Sklurk	2026-06-23 05:26:06 (17 hours ago)	Web App Attack	Web App Attack
🇱🇻 garmtech.com	2026-03-30 06:21:37 (2 months ago)	IM360 WAF: WordPress plugin/theme auto install block	Web App Attack
🇫🇷 masterguru	2026-03-30 06:06:42 (2 months ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.50.94 (GB/United Kingdom/-): 1 in the ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.50.94 (GB/United Kingdom/-): 1 in the last 3600 secs (0-193) show less	Hacking
🇳🇱 jjnxpct	2026-03-29 03:48:53 (2 months ago)	Automated security incident from hosting server. ModSecurity blocked suspicious request targeting UR ... show more Automated security incident from hosting server. ModSecurity blocked suspicious request targeting URI: /fr/component/content/ (Rule ID: 942540) - SQL Authentication bypass (split query) [Suspicious: 9'; found within ARGS:id: 9';] show less	Web App Attack SQL Injection Brute-Force
🇫🇷 masterguru	2026-03-26 15:28:59 (2 months ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.50.94 (GB/United Kingdom/-): 1 in the ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.50.94 (GB/United Kingdom/-): 1 in the last 3600 secs (0-193) show less	Hacking
🇦🇺 RedBear IT	2026-03-26 10:00:37 (2 months ago)	"DDoS against public endpoint"	DDoS Attack
🇱🇻 garmtech.com	2026-03-08 17:55:05 (3 months ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 19-55.104.207.50.94.web-spamme ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 19-55.104.207.50.94.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack
🇦🇺 oncord	2026-02-13 22:19:20 (4 months ago)	Form spam	Web Spam
🇺🇸 oncord	2026-02-02 20:32:32 (4 months ago)	Form spam	Web Spam
🇧🇪 madeit	2025-11-30 04:35:03 (6 months ago)		Web App Attack
🇺🇸 lnklnx	2025-11-25 21:05:12 (6 months ago)	www.lincolnclan.com:80 104.207.50.94 - - [25/Nov/2025:15:05:09 -0600] "GET /.aws/credentials HTTP/1. ... show more www.lincolnclan.com:80 104.207.50.94 - - [25/Nov/2025:15:05:09 -0600] "GET /.aws/credentials HTTP/1.1" 301 569 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 05:21:37 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.50.94 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.50.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 00:21:31.720692 2025] [security2:error] [pid 945:tid 945] [client 104.207.50.94:16277] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.bangbi.com"] [uri "/.env"] [unique_id "aSU821xl9H5xHnncXL_p5wAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:08:45 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.50.94 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.50.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:08:38.132978 2025] [security2:error] [pid 10035:tid 10035] [client 104.207.50.94:24133] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.iworklife.org"] [uri "/.env"] [unique_id "aSUrxugcyUnnpZSZMw1CNgAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 03:50:32 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.50.94 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.50.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:50:24.879579 2025] [security2:error] [pid 29851:tid 29851] [client 104.207.50.94:14647] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.coolerboxes.com"] [uri "/.svn/wc.db"] [unique_id "aSUngIoDIzro4MQL6CpPywAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 02:11:13 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.50.94 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.50.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 21:11:10.052633 2025] [security2:error] [pid 29475:tid 29475] [client 104.207.50.94:10009] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.santagreetingcards.com"] [uri "/.svn/wc.db"] [unique_id "aSUQPgNoU0HKNq32Ow0v5gAAABA"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 133 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 172.190.51.254

🇩🇪 158.94.208.66

🇺🇸 52.73.169.169

🇸🇨 45.194.67.26

🇬🇧 44.131.139.159

🇹🇼 220.136.208.238

🇭🇰 190.92.239.22

🇦🇷 181.104.43.225

🇺🇦 178.83.5.49

🇺🇸 174.35.25.178

🇺🇸 173.217.185.201

🇫🇮 147.185.133.184

🇨🇦 85.217.149.12

🇨🇳 60.16.219.135

🇳🇱 5.61.209.43

🇯🇵 180.198.205.76

🇺🇸 172.191.239.155

🇭🇰 104.208.108.166

🇳🇱 45.128.199.48

🇺🇸 44.54.66.135