JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.59.27

104.207.59.27 was found in our database!

This IP was reported 138 times. Confidence of Abuse is 11%: ?

11%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.59.27

Whois 104.207.59.27

IP Abuse Reports for 104.207.59.27:

This IP address has been reported a total of 138 times from 19 distinct sources. 104.207.59.27 was first reported on June 6th 2024, and the most recent report was 13 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Holger	2026-06-04 11:12:58 (13 hours ago)	Bruteforce WebAttack	Brute-Force Web App Attack
🇩🇪 Holger	2026-05-30 10:33:28 (5 days ago)	Bruteforce WebAttack	Brute-Force Web App Attack
🇩🇪 4server	2026-04-21 07:16:26 (1 month ago)	[TueApr2109:16:24.7103222026][security2:error][pid3025243:tid3025343][client104.207.59.27:0]ModSecur ... show more [TueApr2109:16:24.7103222026][security2:error][pid3025243:tid3025343][client104.207.59.27:0]ModSecurity:Accessdeniedwithcode403$phase1$.Patternmatch\"$\?i$$\?:/\(\?:\^\\|/$\\\\\\\\.$env\\|git\\|svn\\|hg\\|DS_Store$\\|/$\?:wp-config\\|\\\\\\\\.htaccess\\|\\\\\\\\.htpasswd$\\|\\\\\\\\.$\?:sql\\|bak\\|old\\|log$\$\)\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"156\"][id\"960720\"][msg\"Forbiddenfileaccessattempt\"][severity\"CRITICAL\"][hostname\"hdcadvisory.ch\"][uri\"/mysql.sql\"][unique_id\"aeckSGR1Z2zCLsvvYp9ZawAAAFI\"] show less	Port Scan Brute-Force Web App Attack
🇦🇱 cheatmaster.store	2026-02-27 01:05:22 (3 months ago)	Automated report: This IP address has been identified as an active public open proxy. Classification ... show more Automated report: This IP address has been identified as an active public open proxy. Classification: Open Proxy \| Spoofing \| VPN/Anonymizer \| Bad Web Bot. Country: Canada Threat level: High. This host is listed across multiple public proxy databases and poses a risk of abuse, credential stuffing, scraping, and spoofed traffic. Reported by automated threat intelligence pipeline. Do not whitelist without manual verification. show less	Web Spam Port Scan Web App Attack
🇮🇹 mgarofano80	2026-01-23 17:06:12 (4 months ago)		Brute-Force Web App Attack
🇵🇱 ketovoila.pl	2026-01-08 16:01:13 (4 months ago)	ketovoila.pl HONEYPOT traffic: count=1, paths=1; sample_path=ketovoila.pl/.aws/credentials; UA=Mozil ... show more ketovoila.pl HONEYPOT traffic: count=1, paths=1; sample_path=ketovoila.pl/.aws/credentials; UA=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36; window=2026-01-08T15:50:25Z..2026-01-08T15:50:25Z show less	Port Scan Hacking Brute-Force
Anonymous	2026-01-05 20:19:25 (4 months ago)	Attempted brute force login to web vpn 9 time(s); last attempt for 2026.01.05 is noted in report tim ... show more Attempted brute force login to web vpn 9 time(s); last attempt for 2026.01.05 is noted in report timestamp show less	Hacking Brute-Force
🇺🇸 TPI-Abuse	2025-12-30 18:36:08 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.59.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.59.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 30 13:35:23.587941 2025] [security2:error] [pid 28723:tid 28723] [client 104.207.59.27:58637] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "business.lsd36.com"] [uri "/.env"] [unique_id "aVQba0BXjJ80CWwHQ9mkFwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:24 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-12-29 05:41:02 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.59.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.59.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 00:40:55.585625 2025] [security2:error] [pid 9036:tid 9036] [client 104.207.59.27:30971] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "independentmusicconference.com"] [uri "/.svn/wc.db"] [unique_id "aVIUZ5BT-mECql4Cax-qJgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-12-21 23:00:27 (5 months ago)	Attempted brute force login to web vpn 252 time(s); last attempt for 2025.12.21 is noted in report t ... show more Attempted brute force login to web vpn 252 time(s); last attempt for 2025.12.21 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-12-19 23:41:15 (5 months ago)	Attempted brute force login to web vpn 198 time(s); last attempt for 2025.12.19 is noted in report t ... show more Attempted brute force login to web vpn 198 time(s); last attempt for 2025.12.19 is noted in report timestamp show less	Hacking Brute-Force
🇵🇱 sefinek.net	2025-12-11 19:45:59 (5 months ago)	Triggered Cloudflare WAF (firewallCustom) from CA. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from CA. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: / UA: Mozilla/5.0 (Windows NT 10.0; WOW64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 OPR/89.0.4447.51 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
Anonymous	2025-12-01 23:52:33 (6 months ago)	Attempted brute force login to web vpn 865 time(s); last attempt for 2025.12.01 is noted in report t ... show more Attempted brute force login to web vpn 865 time(s); last attempt for 2025.12.01 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-11-30 23:58:31 (6 months ago)	Attempted brute force login to web vpn 936 time(s); last attempt for 2025.11.30 is noted in report t ... show more Attempted brute force login to web vpn 936 time(s); last attempt for 2025.11.30 is noted in report timestamp show less	Hacking Brute-Force

Showing 1 to 15 of 138 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 185.91.127.85

🇯🇵 66.245.218.54

🇯🇵 43.130.229.228

🇬🇧 35.203.210.166

🇬🇧 35.203.210.51

🇨🇳 27.185.96.156

🇨🇳 1.191.160.210

🇵🇰 223.123.38.123

🇧🇷 191.210.133.134

🇺🇸 150.107.38.21

🇺🇸 147.185.132.28

🇺🇸 109.105.210.73

🇵🇱 87.251.64.146

🇨🇦 85.217.149.5

🇺🇸 66.132.195.88

🇬🇧 35.203.210.143

🇺🇸 20.65.194.46

🇨🇳 14.103.112.56

🇻🇪 201.249.205.94

🇧🇷 177.0.238.190