This IP address has been reported a total of
132
times from
19 distinct
sources.
104.207.59.115 was first reported on
, and the most recent report was
.
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
Reporter
IoA Timestamp (UTC)
Comment
Categories
Anonymous
104.207.59.115 - - [25/Jun/2026:11:31:34 +0000] "GET http://www.owlbee.de/wordpress_db.sql HTTP/1.1" ...
show more104.207.59.115 - - [25/Jun/2026:11:31:34 +0000] "GET http://www.owlbee.de/wordpress_db.sql HTTP/1.1" 302 509 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36"
...
show less
Honeypot detection: Apache CouchDB unauthorized access / exploitation attempt on port 5984. Severity ...
show moreHoneypot detection: Apache CouchDB unauthorized access / exploitation attempt on port 5984. Severity: MEDIUM. Aaran.cloud
show less
(mod_security) mod_security (id:210492) triggered by 104.207.59.115 (-): 1 in the last 300 secs; Por ...
show more(mod_security) mod_security (id:210492) triggered by 104.207.59.115 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 17 19:49:44.169662 2026] [security2:error] [pid 28884:tid 28884] [client 104.207.59.115:50745] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "paulomiranda.eu"] [uri "/.env.production"] [unique_id "aZUMqIy0eq5rfRkD-zVFwgAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
Attempted brute force login to web vpn 9 time(s); last attempt for 2026.01.05 is noted in report tim ...
show moreAttempted brute force login to web vpn 9 time(s); last attempt for 2026.01.05 is noted in report timestamp
show less
Hacking
Brute-Force
Anonymous
Attempted brute force login to web vpn 54 time(s); last attempt for 2025.11.12 is noted in report ti ...
show moreAttempted brute force login to web vpn 54 time(s); last attempt for 2025.11.12 is noted in report timestamp
show less
(mod_security) mod_security (id:210831) triggered by 104.207.59.115 (-): 1 in the last 300 secs; Por ...
show more(mod_security) mod_security (id:210831) triggered by 104.207.59.115 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 06 17:46:16.922859 2025] [security2:error] [pid 109589:tid 109589] [client 104.207.59.115:19129] [client 104.207.59.115] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||backstore.com|F|4"] [data "a href="] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "backstore.com"] [uri "/webalizer/"] [unique_id "Z_L2KN8AhPmkdVywr4NeaQAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
Attempted brute force login to web vpn 4 time(s); last attempt for 2025.04.06 is noted in report tim ...
show moreAttempted brute force login to web vpn 4 time(s); last attempt for 2025.04.06 is noted in report timestamp
show less