JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.59.159

104.207.59.159 was found in our database!

This IP was reported 136 times. Confidence of Abuse is 2%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.59.159

Whois 104.207.59.159

IP Abuse Reports for 104.207.59.159:

This IP address has been reported a total of 136 times from 14 distinct sources. 104.207.59.159 was first reported on June 5th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 akasolutions.de	2026-06-01 12:56:37 (1 week ago)	(wordpress) Failed wordpress login from 104.207.59.159 (CA/Canada/-)	Brute-Force
🇱🇻 garmtech.com	2026-03-14 10:00:14 (2 months ago)	IM360 WAF: Attempt to upload malware	Hacking
🇱🇻 garmtech.com	2026-03-14 10:00:05 (2 months ago)	IM360 WAF: WordPress plugin/theme auto install block	Web App Attack
Anonymous	2026-01-05 20:16:05 (5 months ago)	Attempted brute force login to web vpn 18 time(s); last attempt for 2026.01.05 is noted in report ti ... show more Attempted brute force login to web vpn 18 time(s); last attempt for 2026.01.05 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-12-27 13:10:43 (5 months ago)	2025-12-27T15:10:43.146439+02:00 zanati wp(www.sahpa.co.za)[193657]: Blocked authentication attempt ... show more 2025-12-27T15:10:43.146439+02:00 zanati wp(www.sahpa.co.za)[193657]: Blocked authentication attempt for [email protected] from 104.207.59.159 ... show less	Web App Attack
🇺🇸 TPI-Abuse	2025-12-04 16:04:03 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.59.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.59.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 04 11:03:54.097028 2025] [security2:error] [pid 17949:tid 17949] [client 104.207.59.159:11183] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "malinka.us"] [uri "/.svn/wc.db"] [unique_id "aTGw6gSqy5le5uIz9Y52yQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 22:10:14 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.59.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.59.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 17:10:11.143723 2025] [security2:error] [pid 3830:tid 3839] [client 104.207.59.159:43493] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "chriskovac.com"] [uri "/.git/HEAD"] [unique_id "aS9jw5CEMWUmwrOP8AG6swAAAEY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 20:01:42 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.59.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.59.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 15:01:37.630359 2025] [security2:error] [pid 29606:tid 29606] [client 104.207.59.159:43717] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pasadenahairextensions.com"] [uri "/.env"] [unique_id "aS9FoRP0_b-PvkvS682w8AAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 16:25:16 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 104.207.59.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 104.207.59.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 11:25:07.016930 2025] [security2:error] [pid 23964:tid 23964] [client 104.207.59.159:34335] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|alpinexport.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "alpinexport.com"] [uri "/.svn/wc.db"] [unique_id "aS8S426iyg3LTcEwxWuDJQAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 13:21:57 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.59.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.59.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 08:21:54.189138 2025] [security2:error] [pid 14087:tid 14087] [client 104.207.59.159:48897] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "economy-cleaners.com"] [uri "/.git/HEAD"] [unique_id "aS7n8vQErOgmPshdeQrY0wAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 07:11:50 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.59.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.59.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 02:11:43.400774 2025] [security2:error] [pid 32186:tid 32186] [client 104.207.59.159:29201] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "statisticsbook.com"] [uri "/.svn/wc.db"] [unique_id "aS6RL_KJbjSezHGyzwDu0AAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 05:48:55 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.59.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.59.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 00:48:50.484942 2025] [security2:error] [pid 25427:tid 25427] [client 104.207.59.159:36403] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "vitality-webb.com"] [uri "/.env"] [unique_id "aS59wuV6sJ_bbJgSHCNvAAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 04:45:56 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.59.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.59.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 23:45:52.390095 2025] [security2:error] [pid 30245:tid 30245] [client 104.207.59.159:50843] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "trigonom.com"] [uri "/.git/HEAD"] [unique_id "aS5vAJRzQZ4RT-cPc75e-wAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Swiptly	2025-11-25 09:59:36 (6 months ago)	Bot scanning for environment files .env .env/\* ...	Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 07:31:16 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.59.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.59.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 02:31:12.480045 2025] [security2:error] [pid 27091:tid 27091] [client 104.207.59.159:13995] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.acmeradar.com"] [uri "/.git/HEAD"] [unique_id "aSVbQC-L2iU-O9uVe0LmBgAAABw"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 136 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 192.109.200.215

🇷🇴 92.118.39.62

🇵🇹 77.54.180.12

🇺🇸 172.185.24.228

🇧🇷 136.248.121.226

🇺🇸 136.119.158.102

🇮🇳 103.114.65.253

🇮🇹 93.148.78.200

🇬🇧 89.37.172.136

🇩🇪 47.245.138.189

🇩🇪 43.228.157.8

🇺🇸 18.222.212.136

🇮🇳 8.231.79.220

🇺🇸 8.228.98.5

🇨🇳 222.90.32.158

🇹🇷 212.252.73.11

🇨🇴 190.252.183.19

🇸🇪 171.25.158.70

🇧🇬 91.148.190.150

🇨🇦 85.217.149.27