JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.63.249

104.207.63.249 was found in our database!

This IP was reported 150 times. Confidence of Abuse is 8%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.63.249

Whois 104.207.63.249

IP Abuse Reports for 104.207.63.249:

This IP address has been reported a total of 150 times from 22 distinct sources. 104.207.63.249 was first reported on June 6th 2024, and the most recent report was 4 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 4 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 PeravixGroup	2026-05-09 09:33:34 (4 weeks ago)	Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severit ... show more Honeypot detection: Kubernetes API unauthorized access / cluster abuse attempt on port 6443. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇮🇳 Genhost	2026-05-06 04:56:21 (1 month ago)	SCANNING OF PHP SHELL FILES	Brute-Force SSH
🇧🇪 cmbplf	2026-04-04 06:27:47 (2 months ago)	1.818 requests with url.path */xmlrpc.php	Brute-Force Bad Web Bot
Anonymous	2026-02-18 01:05:08 (3 months ago)	WAF repeated trigger detected by Fail2Ban	Web App Attack
🇳🇱 debestelapp	2026-02-18 01:00:05 (3 months ago)		Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 08:56:14 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 13 03:56:09.534265 2026] [security2:error] [pid 7253:tid 7253] [client 104.207.63.249:57247] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lambdaclimateresearch.com"] [uri "/.env"] [unique_id "aY7nKXf0NJUljbFuA8OJ6gAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 06:46:00 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 13 01:45:53.287976 2026] [security2:error] [pid 2391827:tid 2391827] [client 104.207.63.249:58819] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kristinmoore.com"] [uri "/dev/.git/config"] [unique_id "aY7IoXR8_HwjjKKIOjFf1wAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇺 DZBOT	2026-02-13 06:17:44 (3 months ago)	Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 06:02:38 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 13 01:02:31.667749 2026] [security2:error] [pid 1402709:tid 1402709] [client 104.207.63.249:26805] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "koolstra.net"] [uri "/test/.git/config"] [unique_id "aY6-d8TJhiArg7NR7t7MbAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 03:44:51 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 22:44:45.292431 2026] [security2:error] [pid 29481:tid 29481] [client 104.207.63.249:46087] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kikopoke.com"] [uri "/config/.env"] [unique_id "aY6eLURWdNdrS4hhhiBrDgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-13 01:46:51 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 20:46:47.344906 2026] [security2:error] [pid 1784344:tid 1784375] [client 104.207.63.249:51861] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kaukabsiddique.net"] [uri "/backend/.env"] [unique_id "aY6Ch9Pk1V6EnP7Vp6vu2gAAAVc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-12 18:59:50 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 13:59:46.870675 2026] [security2:error] [pid 8514:tid 8514] [client 104.207.63.249:25483] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fables4teenagers.com"] [uri "/.git/config"] [unique_id "aY4jIjwj2P8QhNF9lAZn1wAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 sailor	2026-02-12 16:30:00 (3 months ago)	Botnet. GET .../config/.env	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-02-12 15:01:14 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 10:01:07.809913 2026] [security2:error] [pid 16397:tid 16397] [client 104.207.63.249:16885] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "avanyupublishing.com"] [uri "/.git/config"] [unique_id "aY3rM1i_WJXykA09-xDksQAAAB8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-12 14:26:43 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 09:26:38.286771 2026] [security2:error] [pid 31396:tid 31396] [client 104.207.63.249:35221] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "borzoi-pedigree.info"] [uri "/.git/config"] [unique_id "aY3jHk4btR5d3EZ89WGlGwAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 150 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 176.65.149.201

🇸🇬 168.144.37.240

🇺🇸 192.3.206.66

🇧🇮 154.117.199.56

🇩🇪 134.122.93.100

🇯🇵 123.223.184.65

🇨🇳 119.185.240.106

🇻🇳 118.71.38.127

🇺🇿 87.192.224.131

🇧🇬 79.124.58.142

🇩🇪 69.5.169.155

🇳🇱 45.148.10.240

🇳🇱 45.148.10.147

🇧🇪 35.187.167.203

🇺🇸 2607:f8b0:4001:c61::12e

🇨🇳 119.167.25.141

🇻🇳 103.90.227.203

🇳🇱 80.82.70.228

🇷🇺 78.140.12.190

🇫🇷 78.124.95.221