JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.59.81

104.207.59.81 was found in our database!

This IP was reported 140 times. Confidence of Abuse is 12%: ?

12%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.59.81

Whois 104.207.59.81

IP Abuse Reports for 104.207.59.81:

This IP address has been reported a total of 140 times from 19 distinct sources. 104.207.59.81 was first reported on June 4th 2024, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 georgengelmann	2026-05-22 04:31:18 (2 weeks ago)	Failed login attempt for wpadminas	Brute-Force Web App Attack
🇩🇪 FeG Deutschland	2026-05-22 03:05:03 (2 weeks ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-02-20 14:44:19 (3 months ago)	(mod_security) mod_security (id:225170) triggered by 104.207.59.81 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 104.207.59.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 20 09:44:15.846637 2026] [security2:error] [pid 22605:tid 22605] [client 104.207.59.81:41325] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|pacificintermountain.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "pacificintermountain.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aZhzP7LlIWhRHbxAuV2MSQAAAAs"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-02-09 21:56:05 (3 months ago)	104.207.59.81 - - [09/Feb/2026:21:55:56 +0000] "GET /.env.local HTTP/1.1" 404 6185 "-" "Mozilla/5.0 ... show more 104.207.59.81 - - [09/Feb/2026:21:55:56 +0000] "GET /.env.local HTTP/1.1" 404 6185 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" ... show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 21:11:39 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.59.81 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.59.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 16:11:35.270717 2026] [security2:error] [pid 803174:tid 803197] [client 104.207.59.81:61137] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gapm.eu"] [uri "/config/.env"] [unique_id "aYpNh9NUR_HTNHVSYrZtyQAAAJM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2026-02-09 09:05:56 (3 months ago)	Blocking for trying to access an exploit file: /.env.staging	Hacking
🇺🇸 TPI-Abuse	2026-02-09 06:14:36 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.59.81 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.59.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 01:14:20.247564 2026] [security2:error] [pid 14350:tid 14350] [client 104.207.59.81:47387] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "furball.global"] [uri "/.env.save"] [unique_id "aYl7PM1qCKrPqtmv8snO0QAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 03:49:29 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.59.81 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.59.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 08 22:49:24.378546 2026] [security2:error] [pid 28070:tid 28070] [client 104.207.59.81:18903] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fuegolounge813.com"] [uri "/wp/.git/config"] [unique_id "aYlZRJwsC-ibUKNTsze-AQAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-01-05 20:06:24 (4 months ago)	Attempted brute force login to web vpn 9 time(s); last attempt for 2026.01.05 is noted in report tim ... show more Attempted brute force login to web vpn 9 time(s); last attempt for 2026.01.05 is noted in report timestamp show less	Hacking Brute-Force
🇺🇸 TPI-Abuse	2025-12-09 19:58:54 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.59.81 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.59.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 09 14:58:49.465260 2025] [security2:error] [pid 16776:tid 16776] [client 104.207.59.81:33997] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "willowstick-carbon.com"] [uri "/.svn/wc.db"] [unique_id "aTh_eQgvc93JkHuhViiYiwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-09 18:46:11 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.59.81 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.59.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 09 13:46:05.158904 2025] [security2:error] [pid 2588:tid 2631] [client 104.207.59.81:46629] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "westfrancia.com"] [uri "/.env"] [unique_id "aThubY2VdWQDEa4PiM5I0wAAAYc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-09 01:15:34 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.59.81 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.59.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 08 20:15:31.767063 2025] [security2:error] [pid 18291:tid 18291] [client 104.207.59.81:13859] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "anatolyaleksin.com"] [uri "/.env"] [unique_id "aTd4M538ec4xQUrImLA4_wAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 geot	2025-12-08 13:50:50 (5 months ago)	GET /.env HTTP/1.1	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-12-08 06:31:04 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.59.81 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.59.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 08 01:30:58.507751 2025] [security2:error] [pid 978:tid 978] [client 104.207.59.81:31851] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lukeschicago.com"] [uri "/.env"] [unique_id "aTZwohaZGPRsMh-bv6DbWAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-07 22:37:50 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.59.81 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.59.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 17:37:41.952611 2025] [security2:error] [pid 11081:tid 11081] [client 104.207.59.81:28341] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jadonbooth.com"] [uri "/.env"] [unique_id "aTYBtW5mIiv6-87l3jY9kQAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 140 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 198.98.56.205

🇸🇬 2404:6800:4003:c11::12a

🇮🇪 37.228.201.205

🇭🇰 203.23.128.43

🇵🇾 181.94.233.32

🇮🇱 176.229.196.220

🇮🇩 163.7.16.161

🇨🇳 123.160.221.168

🇺🇸 64.62.197.17

🇰🇷 61.76.38.54

🇺🇸 216.25.89.121

🇮🇩 202.145.0.18

🇮🇳 139.59.91.107

🇺🇸 98.80.4.77

🇳🇱 89.222.112.30

🇰🇷 61.76.112.4

🇺🇸 40.90.234.147

🇬🇧 35.203.210.67

🇬🇧 2.58.172.222

🇬🇧 193.32.209.243