JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.63.52

104.207.63.52 was found in our database!

This IP was reported 125 times. Confidence of Abuse is 29%: ?

29%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.63.52

Whois 104.207.63.52

IP Abuse Reports for 104.207.63.52:

This IP address has been reported a total of 125 times from 22 distinct sources. 104.207.63.52 was first reported on June 11th 2024, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-05-21 02:40:01 (2 weeks ago)	suspicious request in access.log	Web App Attack
🇦🇺 MAGIC	2026-05-15 00:01:08 (3 weeks ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇩🇪 filstal.org	2026-05-12 00:06:42 (3 weeks ago)	Automated security scan or exploit attempt detected by Fail2Ban	Bad Web Bot Web App Attack
Anonymous	2026-04-29 10:15:54 (1 month ago)	104.207.63.52 - - [29/Apr/2026:18:15:53 +0800] "GET /.env HTTP/1.1" 301 - "-" "Mozilla/5.0 (Windows ... show more 104.207.63.52 - - [29/Apr/2026:18:15:53 +0800] "GET /.env HTTP/1.1" 301 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3850.0 Iron Safari/537.36" ... show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-28 17:59:16 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 104.207.63.52 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 104.207.63.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 28 13:59:11.807761 2026] [security2:error] [pid 17959:tid 17959] [client 104.207.63.52:21181] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.gelatouno.com.salernospizza.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.gelatouno.com.salernospizza.com"] [uri "/s3cmd.ini"] [unique_id "afD1b_1VXTli7tdpHc2nOQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-04-28 04:12:07 (1 month ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 104.207.63.52 (FR/France/-): 1 in the ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 104.207.63.52 (FR/France/-): 1 in the last 3600 secs (0-195) show less	Hacking
🇩🇪 big-cloud.nl	2026-04-27 16:26:14 (1 month ago)	Try to access /.aws/credentials	Web App Attack
🇺🇸 Starburst SysOp Team	2026-04-24 13:01:19 (1 month ago)	Malware host detected by rbl.malware.expert. RBL lookup of 52.63.207.104.rbl.malware.expert succeede ... show more Malware host detected by rbl.malware.expert. RBL lookup of 52.63.207.104.rbl.malware.expert succeeded at REMOTE_ADDR. (400010-mnz6-7) show less	Hacking
🇮🇹 [email protected]	2026-04-18 06:56:56 (1 month ago)	[Sat Apr 18 08:56:55.829958 2026] [authz_core:error] [pid 560720:tid 560757] [remote 104.207.63.52:1 ... show more [Sat Apr 18 08:56:55.829958 2026] [authz_core:error] [pid 560720:tid 560757] [remote 104.207.63.52:10345] AH01630: client denied by server configuration: /var/www/html/MyWeb/Wordpress_www/wp-login.php ... show less	Brute-Force Web App Attack
🇺🇸 oncord	2026-02-14 04:16:06 (3 months ago)	Form spam	Web Spam
🇨🇭 backslash	2026-02-11 08:45:05 (3 months ago)	block ruleset 6A1105329D233F6F53B9B61CE056BD4DAAE75AB4	Web Spam
🇦🇺 oncord	2026-02-09 23:34:57 (3 months ago)	Form spam	Web Spam
🇺🇸 ambor	2026-01-10 20:08:19 (4 months ago)	Honeypot triggered on tcpdata.com - Attempted to access /wp-login.php (wordpress_login). User-Agent: ... show more Honeypot triggered on tcpdata.com - Attempted to access /wp-login.php (wordpress_login). User-Agent: curl/7.88.1 show less	Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 05:58:05 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.52 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 00:57:59.883283 2025] [security2:error] [pid 29999:tid 29999] [client 104.207.63.52:47123] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "majersigns.com"] [uri "/.svn/wc.db"] [unique_id "aS5_5yEctvj74miEAaMTlgAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 05:24:36 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.52 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 00:24:30.302122 2025] [security2:error] [pid 7837:tid 7837] [client 104.207.63.52:49467] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "finewebdining.com"] [uri "/.env"] [unique_id "aS54DhWiLUgN3A_DmbOxGwAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 125 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 195.35.4.24

🇬🇧 193.163.125.171

🇺🇸 47.251.125.230

🇳🇱 45.198.224.5

🇺🇸 13.58.247.43

🇭🇰 165.154.22.130

🇺🇸 162.216.149.64

🇫🇮 147.185.133.245

🇺🇸 147.185.132.80

🇺🇸 129.153.31.0

🇧🇩 103.146.221.148

🇫🇷 84.247.166.72

🇵🇱 81.210.53.108

🇺🇸 66.132.172.104

🇭🇰 38.76.163.44

🇧🇪 34.38.104.238

🇺🇸 2607:f8b0:4001:c62::127

🇺🇸 206.162.244.24

🇭🇰 165.154.41.6

🇱🇻 109.110.4.42