JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.63.11

104.207.63.11 was found in our database!

This IP was reported 84 times. Confidence of Abuse is 26%: ?

26%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.63.11

Whois 104.207.63.11

IP Abuse Reports for 104.207.63.11:

This IP address has been reported a total of 84 times from 21 distinct sources. 104.207.63.11 was first reported on June 11th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇭 backslash	2026-06-02 05:51:00 (1 week ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
Anonymous	2026-05-31 13:00:51 (2 weeks ago)	wordpress authentication brute force	Brute-Force Web App Attack
🇺🇸 dtorrer	2026-05-29 21:37:17 (2 weeks ago)	Brute-force general attack.	Brute-Force
🇲🇽 octageeks.com	2026-05-26 04:18:09 (2 weeks ago)	Wordpress malicious attack:[octaflood]	Web App Attack
🇫🇮 inlink.ltd	2026-05-25 12:02:53 (3 weeks ago)	Known malicious PHP file or CMS probe	Web App Attack
🇪🇸 librebit	2026-01-10 07:18:19 (5 months ago)	Brute force	Brute-Force
🇺🇸 TPI-Abuse	2025-12-07 23:06:28 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.11 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 18:06:23.212148 2025] [security2:error] [pid 19645:tid 19645] [client 104.207.63.11:31827] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lifestylemedica.com"] [uri "/.svn/wc.db"] [unique_id "aTYIb8eqmwLbiU58fUUsEgAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-07 20:14:17 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.11 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 15:14:13.574216 2025] [security2:error] [pid 926:tid 926] [client 104.207.63.11:38801] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "northfortworthalliance.com"] [uri "/.env"] [unique_id "aTXgFQU-RLJ-SZkr2uZNvQAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 jjnxpct	2025-12-07 04:54:15 (6 months ago)	Automated security incident from hosting server. ModSecurity blocked suspicious request targeting UR ... show more Automated security incident from hosting server. ModSecurity blocked suspicious request targeting URI: /.aws/credentials (Rule ID: 930130) - Restricted File Access Attempt show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-12-06 16:00:38 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.11 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 06 11:00:30.090122 2025] [security2:error] [pid 8454:tid 8454] [client 104.207.63.11:37105] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tactara.net"] [uri "/.env"] [unique_id "aTRTHsHFo5vSZ58uWKRYGAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-06 03:20:41 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.11 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 22:20:36.240046 2025] [security2:error] [pid 13321:tid 13321] [client 104.207.63.11:9107] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "marat.info"] [uri "/.env"] [unique_id "aTOhBJMFOCTmxbIKm7TkPgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 05:47:15 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.11 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 00:47:07.564830 2025] [security2:error] [pid 25215:tid 25215] [client 104.207.63.11:27331] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "morleysales.com"] [uri "/.env"] [unique_id "aTJx27XO4OQ25KRPEhWaJQAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 05:08:06 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.11 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 00:08:00.017248 2025] [security2:error] [pid 13043:tid 13043] [client 104.207.63.11:38785] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "osmansirel.com"] [uri "/.svn/wc.db"] [unique_id "aTJosMNXGBNKDal_QeYJzAAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-04-06 17:47:05 (1 year ago)	Attempted brute force login to web vpn 2 time(s); last attempt for 2025.04.06 is noted in report tim ... show more Attempted brute force login to web vpn 2 time(s); last attempt for 2025.04.06 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-04-05 09:28:17 (1 year ago)	Attempted brute force login to web vpn 3 time(s); last attempt for 2025.04.05 is noted in report tim ... show more Attempted brute force login to web vpn 3 time(s); last attempt for 2025.04.05 is noted in report timestamp show less	Hacking Brute-Force

Showing 1 to 15 of 84 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇦 20.104.198.19

🇺🇸 162.243.186.191

🇪🇸 91.242.151.62

🇫🇷 85.217.140.5

🇩🇪 69.5.169.36

🇮🇩 69.5.7.218

🇺🇸 64.207.225.55

🇧🇪 35.210.61.208

🇨🇳 8.134.122.94

🇺🇸 3.212.219.113

🇷🇺 176.52.43.201

🇨🇳 112.111.22.44

🇭🇰 103.158.29.100

🇮🇷 94.101.184.110

🇺🇸 74.192.225.229

🇺🇸 71.12.241.225

🇩🇪 213.209.159.56

🇵🇱 172.253.255.59

🇫🇷 91.231.89.135

🇫🇷 91.196.152.89