JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.63.128

104.207.63.128 was found in our database!

This IP was reported 153 times. Confidence of Abuse is 21%: ?

21%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.63.128

Whois 104.207.63.128

IP Abuse Reports for 104.207.63.128:

This IP address has been reported a total of 153 times from 23 distinct sources. 104.207.63.128 was first reported on June 3rd 2024, and the most recent report was 3 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 mnsf	2026-06-04 19:07:35 (3 hours ago)	Abuse Detected (3)	Brute-Force Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-06-04 19:05:02 (3 hours ago)	Fail2Ban - [WEB]Custom exploit pattern detected on customexploits ... [wa01]	Hacking Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2026-05-15 22:52:53 (2 weeks ago)	ThreatBook Intelligence: vpn_proxy,Gateway more details on https://threatbook.io/ip/104.207.63.128 2 ... show more ThreatBook Intelligence: vpn_proxy,Gateway more details on https://threatbook.io/ip/104.207.63.128 2026-05-15 11:33:53 http://124.225.66.15/wp-json/gravitysmtp/v1/tests/mock-data?page=gravitysmtp-settings show less	Web App Attack
🇳🇿 Antinson	2026-03-31 16:41:08 (2 months ago)	Scraping with a high error ratio and request rate	Bad Web Bot
🇺🇸 TPI-Abuse	2026-02-19 03:15:17 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.128 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.128 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 22:15:12.475523 2026] [security2:error] [pid 8143:tid 8143] [client 104.207.63.128:38555] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kevinjewell.com"] [uri "/.env.save"] [unique_id "aZaAQBQ3xTWQYFHNahgC2gAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 Origon	2026-02-18 20:10:36 (3 months ago)	http-sensitive-files - IP: 104.207.63.128 - time="2026-02-18T21:10:36+01:00" level=info msg="(555f6 ... show more http-sensitive-files - IP: 104.207.63.128 - time="2026-02-18T21:10:36+01:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-sensitive-files by ip 104.207.63.128 (FR/200373) : 4h ban on Ip 104.207.63.128" module=db show less	Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 18:29:01 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.128 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.128 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 13:28:51.917960 2026] [security2:error] [pid 26722:tid 26722] [client 104.207.63.128:10743] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "theurbanlogger.com"] [uri "/frontend/.env"] [unique_id "aZYE4_c3WP4omM30Nku9xQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 16:03:08 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.128 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.128 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 11:03:04.878135 2026] [security2:error] [pid 31411:tid 31411] [client 104.207.63.128:32495] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "yellowbrickfoundation.com"] [uri "/site/.git/config"] [unique_id "aZXiuEPLmQr3LKeUiE7ZqAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 13:23:34 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.128 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.128 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 08:23:27.390382 2026] [security2:error] [pid 6942:tid 6942] [client 104.207.63.128:49955] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "windisfun.com"] [uri "/.env"] [unique_id "aZW9T8YVnICN6onEYE5fOAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 big-cloud.nl	2026-02-18 12:02:44 (3 months ago)	Try to access /api/.env	Web App Attack
🇮🇹 ciccio diddo	2026-01-29 14:42:47 (4 months ago)	CMS/WP Exploit xmlrpc port:Tcp/80,443	Brute-Force Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:04 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-12-04 00:31:37 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.128 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.128 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 03 19:31:33.712255 2025] [security2:error] [pid 13078:tid 13078] [client 104.207.63.128:37393] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pseudo.space"] [uri "/.git/HEAD"] [unique_id "aTDWZTRnRGVtX3XKooKNrAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-27 13:38:34 (6 months ago)	Attempted brute force login to web vpn 1228 time(s); last attempt for 2025.11.27 is noted in report ... show more Attempted brute force login to web vpn 1228 time(s); last attempt for 2025.11.27 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-11-18 23:57:15 (6 months ago)	Attempted brute force login to web vpn 1789 time(s); last attempt for 2025.11.18 is noted in report ... show more Attempted brute force login to web vpn 1789 time(s); last attempt for 2025.11.18 is noted in report timestamp show less	Hacking Brute-Force

Showing 1 to 15 of 153 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 211.223.107.86

🇯🇵 139.162.78.6

🇷🇺 94.103.2.175

🇩🇪 69.5.169.106

🇺🇸 44.92.4.21

🇧🇷 20.197.238.250

🇩🇪 167.94.146.44

🇺🇸 162.216.149.40

🇧🇮 154.117.199.56

🇨🇳 47.109.91.215

🇳🇱 45.148.10.157

🇳🇱 45.148.10.141

🇺🇸 43.135.144.126

🇨🇳 27.18.96.55

🇻🇳 14.248.82.157

🇨🇳 180.76.143.203

🇩🇪 167.233.63.202

🇷🇴 80.94.92.171

🇱🇹 45.227.254.170

🇺🇸 43.159.136.201