JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.63.94

104.207.63.94 was found in our database!

This IP was reported 130 times. Confidence of Abuse is 21%: ?

21%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.63.94

Whois 104.207.63.94

IP Abuse Reports for 104.207.63.94:

This IP address has been reported a total of 130 times from 13 distinct sources. 104.207.63.94 was first reported on June 5th 2024, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 mnsf	2026-06-04 19:08:10 (1 day ago)	Abuse Detected (2)	Brute-Force Web App Attack
🇫🇮 inlink.ltd	2026-06-03 11:34:55 (2 days ago)	Known malicious PHP file or CMS probe	Web App Attack
🇫🇷 solution.it	2026-06-02 07:34:22 (4 days ago)	[Tue Jun 02 09:34:22.285425 2026] [php7:error] [pid 404895:tid 404895] [client 104.207.63.94:24981] ... show more [Tue Jun 02 09:34:22.285425 2026] [php7:error] [pid 404895:tid 404895] [client 104.207.63.94:24981] script '/var/www/html/blog.solution.it/wp-login.php' not found or unable to stat show less	Web App Attack
🇺🇸 TPI-Abuse	2025-12-10 14:52:11 (5 months ago)	"Participant in large-scale DDoS Attack in which data injection was attmpted to gain unauthorized ac ... show more "Participant in large-scale DDoS Attack in which data injection was attmpted to gain unauthorized access" show less	DDoS Attack SQL Injection Exploited Host
🇫🇮 Shaik Sai Meera	2025-11-26 20:55:13 (6 months ago)	IM360 WAF: Hidden file access	Brute-Force
🇺🇸 TPI-Abuse	2025-11-25 07:13:04 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.94 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 02:12:56.152717 2025] [security2:error] [pid 2810:tid 2810] [client 104.207.63.94:55705] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.rdu.us"] [uri "/.git/HEAD"] [unique_id "aSVW-IDNCjvNabnn7skTkQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 06:29:14 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.94 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 01:29:07.999799 2025] [security2:error] [pid 6888:tid 6888] [client 104.207.63.94:24799] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.wfowisdom.com"] [uri "/.git/HEAD"] [unique_id "aSVMs8tqiDlGM3zmTorR2AAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 06:12:40 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.94 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 01:12:33.804427 2025] [security2:error] [pid 21170:tid 21170] [client 104.207.63.94:36299] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.toomuchcaffeine.net"] [uri "/.env"] [unique_id "aSVI0cfYgnTXg-ss2Ixe8QAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 05:57:27 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.94 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 00:57:19.035828 2025] [security2:error] [pid 4063:tid 4063] [client 104.207.63.94:39243] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.myhomeflyer.com"] [uri "/.svn/wc.db"] [unique_id "aSVFP3SAsInr_8lj8ivS3AAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:59:04 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.94 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:59:00.942218 2025] [security2:error] [pid 16719:tid 16719] [client 104.207.63.94:32797] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.canarysuites.com"] [uri "/.git/HEAD"] [unique_id "aSU3lAdCedS6qQJShXfCCwAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:14:49 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.94 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:14:45.641053 2025] [security2:error] [pid 5117:tid 5117] [client 104.207.63.94:14717] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.kinhung.com"] [uri "/.svn/wc.db"] [unique_id "aSUtNRIi9adUy3C07Yq9jgAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 03:33:38 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.94 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:33:32.351432 2025] [security2:error] [pid 4067:tid 4067] [client 104.207.63.94:52583] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.lazymanvegan.com"] [uri "/.git/HEAD"] [unique_id "aSUjjBBE6PwXmeogR8FoHAAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 03:06:49 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.94 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:06:42.056602 2025] [security2:error] [pid 12716:tid 12734] [client 104.207.63.94:48203] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.evan-hotel.com"] [uri "/.env"] [unique_id "aSUdQtFyYQkDKh-KlDQijwAAAIg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 02:20:13 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.94 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 21:20:06.531169 2025] [security2:error] [pid 3445:tid 3445] [client 104.207.63.94:11561] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.alanrmariotti.com"] [uri "/.env"] [unique_id "aSUSVgIDgpzxzuRNUS5T0QAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 08:11:44 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.94 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 03:11:35.833244 2025] [security2:error] [pid 24221:tid 24221] [client 104.207.63.94:47933] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "b2c-llc.com"] [uri "/.svn/wc.db"] [unique_id "aSQTN8DNDCIUKrhlRwFPngAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 130 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 72.76.249.219

🇬🇧 2a05:d01c:8c7:6802:c825:fd2f:2af7:d16b

🇯🇵 163.44.101.215

🇫🇮 144.31.152.139

🇷🇴 92.118.39.236

🇮🇷 85.204.222.69

🇧🇬 78.128.112.30

🇺🇸 66.132.224.94

🇭🇰 47.239.240.68

🇱🇹 45.227.254.170

🇧🇷 205.210.31.173

🇮🇷 188.214.185.171

🇸🇪 155.4.209.51

🇰🇷 118.37.214.187

🇬🇧 87.115.211.6

🇧🇪 34.76.198.103

🇺🇸 20.65.195.23

🇸🇪 13.51.166.203

🇸🇬 8.219.252.93

🇧🇷 187.20.23.2