JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.51.98

104.207.51.98 was found in our database!

This IP was reported 128 times. Confidence of Abuse is 9%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.51.98

Whois 104.207.51.98

IP Abuse Reports for 104.207.51.98:

This IP address has been reported a total of 128 times from 14 distinct sources. 104.207.51.98 was first reported on June 7th 2024, and the most recent report was 4 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 4 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇭 4server	2026-05-13 12:56:10 (4 weeks ago)	[WedMay1314:56:04.7596832026][security2:error][pid2688706:tid2688716][client104.207.51.98:0]ModSecur ... show more [WedMay1314:56:04.7596832026][security2:error][pid2688706:tid2688716][client104.207.51.98:0]ModSecurity:Accessdeniedwithcode403$phase1$.Matchedphrase\".svn\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"364\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"ticino-hosting.ch\"][uri\"/.svn/wc.db\"][unique_id\"agR05B4uxH04mWMQ3W2JqQAAAAE\"] show less	Hacking Web App Attack
🇨🇭 ALPHANET	2026-05-13 03:41:27 (4 weeks ago)	web exploits	Hacking Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2025-11-27 19:07:58 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.51.98 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.51.98 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 27 14:07:51.580635 2025] [security2:error] [pid 7353:tid 7353] [client 104.207.51.98:52539] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aimer.es"] [uri "/.env"] [unique_id "aSihhxkbe3n0hoTJf-YiegAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 06:36:29 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.51.98 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.51.98 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 01:35:53.226541 2025] [security2:error] [pid 27695:tid 27695] [client 104.207.51.98:44847] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.tapiaqualityproducts.com"] [uri "/.git/HEAD"] [unique_id "aSVOSYareZxfmCyW4cs8oAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 05:19:25 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.51.98 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.51.98 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 00:19:19.030193 2025] [security2:error] [pid 26843:tid 26843] [client 104.207.51.98:41925] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ebookplanner.xyz"] [uri "/.env"] [unique_id "aSU8V4kYpRe3gaj8LCWITQAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 oncord	2025-11-23 22:50:33 (6 months ago)	Form spam	Web Spam
🇺🇸 rafled	2025-11-05 00:24:29 (7 months ago)	Attempt to login to Wordpress Admin	Web App Attack
Anonymous	2025-10-11 08:37:30 (8 months ago)	Attempted brute force login to web vpn 9 time(s); last attempt for 2025.10.11 is noted in report tim ... show more Attempted brute force login to web vpn 9 time(s); last attempt for 2025.10.11 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-10-10 15:36:36 (8 months ago)	Attempted brute force login to web vpn 18 time(s); last attempt for 2025.10.10 is noted in report ti ... show more Attempted brute force login to web vpn 18 time(s); last attempt for 2025.10.10 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-10-09 21:54:29 (8 months ago)	Attempted brute force login to web vpn 18 time(s); last attempt for 2025.10.09 is noted in report ti ... show more Attempted brute force login to web vpn 18 time(s); last attempt for 2025.10.09 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-10-08 18:10:40 (8 months ago)	Attempted brute force login to web vpn 108 time(s); last attempt for 2025.10.08 is noted in report t ... show more Attempted brute force login to web vpn 108 time(s); last attempt for 2025.10.08 is noted in report timestamp show less	Hacking Brute-Force
🇺🇸 TPI-Abuse	2025-04-07 19:42:09 (1 year ago)	(mod_security) mod_security (id:210831) triggered by 104.207.51.98 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 104.207.51.98 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 07 15:42:03.240836 2025] [security2:error] [pid 1197636:tid 1197636] [client 104.207.51.98:59091] [client 104.207.51.98] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|backstore.com\|F\|4"] [data "a href="] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "backstore.com"] [uri "/usage_202504.html"] [unique_id "Z_Qqi2ed9kUHdxpiw-fUZwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-04-06 22:36:25 (1 year ago)	Attempted brute force login to web vpn 3 time(s); last attempt for 2025.04.06 is noted in report tim ... show more Attempted brute force login to web vpn 3 time(s); last attempt for 2025.04.06 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-04-05 14:23:32 (1 year ago)	Attempted brute force login to web vpn 1 time(s); last attempt for 2025.04.05 is noted in report tim ... show more Attempted brute force login to web vpn 1 time(s); last attempt for 2025.04.05 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-04-04 18:03:54 (1 year ago)	Attempted brute force login to web vpn 1 time(s); last attempt for 2025.04.04 is noted in report tim ... show more Attempted brute force login to web vpn 1 time(s); last attempt for 2025.04.04 is noted in report timestamp show less	Hacking Brute-Force

Showing 1 to 15 of 128 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇹 178.255.72.35

🇺🇸 66.132.186.253

🇮🇳 45.123.217.22

🇺🇸 178.156.228.38

🇭🇰 152.32.128.214

🇺🇸 143.198.156.153

🇨🇦 143.110.217.244

🇨🇳 123.54.50.222

🇺🇸 113.20.4.9

🇨🇭 104.244.76.136

🇻🇳 103.159.54.61

🇻🇳 103.75.183.57

🇺🇸 91.230.168.183

🇺🇸 34.238.162.167

🇷🇴 2.57.122.238

🇷🇴 2.57.121.112

🇬🇧 213.166.84.37

🇭🇰 199.45.155.79

🇳🇱 195.178.110.31

🇩🇪 135.125.152.18