JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.63.252

104.207.63.252 was found in our database!

This IP was reported 150 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.63.252

Whois 104.207.63.252

IP Abuse Reports for 104.207.63.252:

This IP address has been reported a total of 150 times from 22 distinct sources. 104.207.63.252 was first reported on June 4th 2024, and the most recent report was 2 months ago.

Old Reports: The most recent abuse report for this IP address is from 2 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇺 RedBear IT	2026-03-26 10:00:37 (2 months ago)	"DDoS against public endpoint"	DDoS Attack
🇺🇸 TPI-Abuse	2026-02-19 04:24:36 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.252 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 23:24:31.610249 2026] [security2:error] [pid 29060:tid 29060] [client 104.207.63.252:9589] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kln.jp"] [uri "/test/.git/config"] [unique_id "aZaQfyTVMjgltKvh3ew4DwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-19 02:51:53 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.252 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 21:51:47.149027 2026] [security2:error] [pid 11980:tid 11980] [client 104.207.63.252:47857] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kellermoving.com"] [uri "/app/.git/config"] [unique_id "aZZ6w-dCyjTtxHauoqqdOgAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-02-19 01:05:12 (3 months ago)	WAF repeated trigger detected by Fail2Ban	Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 18:30:52 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.252 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 13:30:46.263113 2026] [security2:error] [pid 9342:tid 9342] [client 104.207.63.252:31779] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thevillageartcenter.com"] [uri "/v2/.git/config"] [unique_id "aZYFVqZWfaGm15D8QEgPtgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 Origon	2026-02-18 17:07:36 (3 months ago)	http-sensitive-files - IP: 104.207.63.252 - time="2026-02-18T18:07:36+01:00" level=info msg="(555f6 ... show more http-sensitive-files - IP: 104.207.63.252 - time="2026-02-18T18:07:36+01:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-sensitive-files by ip 104.207.63.252 (FR/200373) : 4h ban on Ip 104.207.63.252" module=db show less	Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 13:30:12 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.252 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 08:30:04.804102 2026] [security2:error] [pid 24884:tid 24884] [client 104.207.63.252:64123] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "winwithbrad.com"] [uri "/api/.env"] [unique_id "aZW-3OUqL3H5WjnFc23TPwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 11:53:10 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.252 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 06:53:03.112030 2026] [security2:error] [pid 1180821:tid 1180821] [client 104.207.63.252:53729] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "wardellbrown.com"] [uri "/config/.env"] [unique_id "aZWoH38sKgwgn53HqXQLwgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-01-04 03:08:56 (5 months ago)	wordpress-trap	Web App Attack
🇨🇦 Mediashaker	2025-11-28 06:30:26 (6 months ago)	(apache-scanners) Failed apache-scanners trigger with match [redacted] from 104.207.63.252 (FR/Franc ... show more (apache-scanners) Failed apache-scanners trigger with match [redacted] from 104.207.63.252 (FR/France/-) show less	Port Scan
🇺🇸 TPI-Abuse	2025-11-26 07:09:30 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.252 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 02:09:24.152717 2025] [security2:error] [pid 19270:tid 19270] [client 104.207.63.252:9963] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.brbcoin.com"] [uri "/.env"] [unique_id "aSanpHJYaD6XXynPxI_hqQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 05:51:40 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.252 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 00:51:34.213832 2025] [security2:error] [pid 19568:tid 19568] [client 104.207.63.252:12805] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.the-it-man.com"] [uri "/.svn/wc.db"] [unique_id "aSaVZkA5DaJxPbmZ39Sd5AAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 05:34:42 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.252 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 00:34:36.854823 2025] [security2:error] [pid 3599211:tid 3599237] [client 104.207.63.252:35347] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.wizart.org"] [uri "/.git/HEAD"] [unique_id "aSaRbCWBb6LubLi-gSEOIQAAAFg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 01:12:33 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.252 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 20:12:29.585956 2025] [security2:error] [pid 6635:tid 6635] [client 104.207.63.252:20465] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.sabbathschoolguide.com"] [uri "/.git/HEAD"] [unique_id "aSZT_X5yZ3TfbYyofgzdUwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:51:21 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.252 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:51:16.296370 2025] [security2:error] [pid 7506:tid 7506] [client 104.207.63.252:23799] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dshvisuals.com"] [uri "/.git/HEAD"] [unique_id "aSU1xJGMq5iE-NNZJ1FkSAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 150 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇪 198.235.24.166

🇺🇸 138.94.219.194

🇨🇳 113.31.107.103

🇳🇱 45.148.10.152

🇨🇳 211.143.37.67

🇨🇱 190.217.148.227

🇮🇳 182.70.243.207

🇸🇬 107.155.56.47

🇵🇱 57.128.225.99

🇧🇪 34.79.230.100

🇧🇪 34.78.162.75

🇺🇸 20.42.115.228

🇷🇴 2.57.122.238

🇺🇸 2604:a880:400:d1:0:4:8c02:8001

🇵🇱 212.127.73.163

🇬🇧 193.163.125.78

🇬🇧 188.240.59.23

🇳🇱 185.223.235.30

🇳🇱 185.156.73.233

🇳🇱 176.65.139.56