JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.63.99

104.207.63.99 was found in our database!

This IP was reported 129 times. Confidence of Abuse is 12%: ?

12%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.63.99

Whois 104.207.63.99

IP Abuse Reports for 104.207.63.99:

This IP address has been reported a total of 129 times from 19 distinct sources. 104.207.63.99 was first reported on June 4th 2024, and the most recent report was 11 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 myintarweb	2026-06-10 19:06:13 (11 hours ago)	104.207.63.99 - - [10/Jun/2026:20:06:13 +0100] 80 "GET /.env HTTP/1.1" 301 1633 "-" "Mozilla/5.0 (Wi ... show more 104.207.63.99 - - [10/Jun/2026:20:06:13 +0100] 80 "GET /.env HTTP/1.1" 301 1633 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Edg/119.0.0.0" ... show less	Hacking Bad Web Bot Web App Attack
🇲🇹 Malta	2026-05-17 09:22:21 (3 weeks ago)	104.207.63.99 - - [17/May/2026:11:22:21 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows N ... show more 104.207.63.99 - - [17/May/2026:11:22:21 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0" show less	Hacking Web App Attack VPN IP
🇪🇸 10dencehispahard SL	2026-01-23 07:05:35 (4 months ago)	Wordpress probing for vulnerabilities	Hacking Exploited Host
🇩🇪 Packets-Decreaser.NET	2025-12-31 00:59:51 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-11-24 08:42:47 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.99 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.99 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 03:42:40.933844 2025] [security2:error] [pid 25105:tid 25125] [client 104.207.63.99:51857] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "beltagin.com"] [uri "/.git/HEAD"] [unique_id "aSQagMn5O4wpUvSPLAuc0wAAAEc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 07:28:17 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.99 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.99 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 02:28:11.618289 2025] [security2:error] [pid 5280:tid 5280] [client 104.207.63.99:13451] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.utah17.com"] [uri "/.svn/wc.db"] [unique_id "aSQJC0KkSX7kf380EDvi_wAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 05:35:49 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.99 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.99 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 00:35:40.276658 2025] [security2:error] [pid 18194:tid 18288] [client 104.207.63.99:11851] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "agrigrailtechnologies.com"] [uri "/.env"] [unique_id "aSPurO9urIyQu8V3f-3o5wAAAIQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 04:38:12 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.99 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.99 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:38:04.821559 2025] [security2:error] [pid 23276:tid 23276] [client 104.207.63.99:49243] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.delomel.net"] [uri "/.env"] [unique_id "aSPhLKJKjb54PimKs5hRMgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 03:23:00 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.63.99 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.63.99 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 22:22:51.015415 2025] [security2:error] [pid 24713:tid 24713] [client 104.207.63.99:17747] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.proplanarchitects.com"] [uri "/.svn/wc.db"] [unique_id "aSPPi5Q7ovgG1-6Ieg7HZAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 conseilgouz	2025-11-18 19:49:57 (6 months ago)	mae-17 : Block hidden directories=>/.aws/credentials(/)	Hacking
Anonymous	2025-11-14 00:31:27 (6 months ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇺🇸 nationaleventpros.com	2025-11-06 09:18:47 (7 months ago)	WordPress login attempt	Brute-Force
Anonymous	2025-10-19 21:08:26 (7 months ago)	Attempted brute force login to web vpn 36 time(s); last attempt for 2025.10.19 is noted in report ti ... show more Attempted brute force login to web vpn 36 time(s); last attempt for 2025.10.19 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-10-18 00:40:24 (7 months ago)	Attempted brute force login to web vpn 36 time(s); last attempt for 2025.10.18 is noted in report ti ... show more Attempted brute force login to web vpn 36 time(s); last attempt for 2025.10.18 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-10-17 23:03:04 (7 months ago)	Attempted brute force login to web vpn 36 time(s); last attempt for 2025.10.17 is noted in report ti ... show more Attempted brute force login to web vpn 36 time(s); last attempt for 2025.10.17 is noted in report timestamp show less	Hacking Brute-Force

Showing 1 to 15 of 129 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 162.216.149.237

🇨🇩 102.216.240.61

🇬🇧 35.203.210.213

🇺🇸 20.168.7.128

🇺🇿 213.230.87.26

🇮🇳 202.141.83.104

🇳🇱 160.119.71.12

🇨🇳 121.29.84.177

🇧🇩 103.141.9.2

🇮🇹 93.33.0.211

🇨🇦 85.217.149.53

🇨🇦 85.217.149.41

🇺🇸 66.132.172.232

🇳🇱 45.148.10.183

🇳🇱 45.148.10.147

🇬🇧 5.226.140.105

🇨🇳 211.149.134.60

🇲🇽 201.161.46.131

🇺🇸 198.74.56.6

🇫🇷 194.163.139.99