JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.60.91

104.207.60.91 was found in our database!

This IP was reported 159 times. Confidence of Abuse is 18%: ?

18%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.60.91

Whois 104.207.60.91

IP Abuse Reports for 104.207.60.91:

This IP address has been reported a total of 159 times from 27 distinct sources. 104.207.60.91 was first reported on June 5th 2024, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Carsten	2026-05-04 00:24:03 (1 month ago)	GET [s3cmd.ini]	Port Scan
🇨🇿 sweet_acid	2026-05-01 00:55:16 (1 month ago)	Local web evidence: family=path_probe; path=/.env; enforce_count=10; active_ban_hits=0	Web App Attack
Anonymous	2026-04-29 19:50:02 (1 month ago)	suspicious request in access.log	Web App Attack
🇬🇧 poundawebsiteltd	2026-04-28 12:37:31 (1 month ago)	Web App Attack (ModSecurity Block). Evidence: [REDACTED_DOMAIN]:443 104.207.60.91 - - [28/Apr/2026:1 ... show more Web App Attack (ModSecurity Block). Evidence: [REDACTED_DOMAIN]:443 104.207.60.91 - - [28/Apr/2026:13:37:29 +0100] GET /s3cmd.ini HTTP/1.1 403 3107 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3835.0 Safari/537.36 show less	Web App Attack
Anonymous	2026-04-28 12:35:52 (1 month ago)	Port Scan (TCP/443 - HTTPS)	Port Scan Web App Attack
🇬🇧 SilverZippo	2026-02-18 22:21:02 (3 months ago)	Web App Attack	Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 12:49:13 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.60.91 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.60.91 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 07:49:09.976418 2026] [security2:error] [pid 2863739:tid 2863739] [client 104.207.60.91:28413] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "todosconlaura.com"] [uri "/app/.env"] [unique_id "aZHAxdeJ2FstE4z7fcmGkwAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-02-15 12:49:00 (3 months ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 11:41:12 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.60.91 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.60.91 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 06:41:04.938353 2026] [security2:error] [pid 12465:tid 12465] [client 104.207.60.91:44325] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thomaschemical.net"] [uri "/.env.production"] [unique_id "aZGw0HQXgnfPNl_-lzmcTwAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 11:26:06 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.60.91 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.60.91 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 06:26:03.575723 2026] [security2:error] [pid 4392:tid 4392] [client 104.207.60.91:57073] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thewanderinghermit.com"] [uri "/config/.env"] [unique_id "aZGtS_nzPJRrSBL6szG0wAAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 06:46:55 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.60.91 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.60.91 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 01:46:51.369326 2026] [security2:error] [pid 6967:tid 6967] [client 104.207.60.91:22325] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "talamancareserve.com"] [uri "/admin/.git/config"] [unique_id "aZFr24pefLpDPmFJeNGlPgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 IROK	2026-02-15 06:09:31 (3 months ago)	Firewall Blocked - Unauthorized Port Scanning ...	Port Scan
🇺🇸 TPI-Abuse	2026-02-15 05:20:40 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.60.91 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.60.91 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 00:20:37.121209 2026] [security2:error] [pid 8522:tid 8522] [client 104.207.60.91:18637] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "superlamb.com"] [uri "/api/.git/config"] [unique_id "aZFXpZQSidRSwgLE1z4BjQAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 jjnxpct	2026-02-15 04:48:30 (3 months ago)	Automated security incident from hosting server. ModSecurity blocked suspicious request targeting UR ... show more Automated security incident from hosting server. ModSecurity blocked suspicious request targeting URI: /admin/.env (Rule ID: 930130) - Restricted File Access Attempt [Suspicious: .env found within REQUEST_FILENAME: /admin/.env] show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 03:45:18 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.60.91 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.60.91 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 22:45:14.290773 2026] [security2:error] [pid 5888:tid 5888] [client 104.207.60.91:42087] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "stepiz62.com"] [uri "/dev/.git/config"] [unique_id "aZFBSu2MBbAn5eRXJFBemgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 159 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 195.184.76.70

🇮🇩 128.14.232.254

🇹🇼 111.253.92.137

🇬🇧 81.19.219.248

🇧🇬 79.124.49.174

🇬🇧 5.181.124.7

🇺🇸 195.184.76.171

🇮🇩 103.165.206.238

🇺🇸 54.144.235.51

🇫🇷 51.15.241.188

🇮🇳 49.43.241.11

🇲🇾 47.250.136.213

🇲🇾 47.250.118.57

🇳🇱 45.148.10.147

🇰🇪 41.206.34.101

🇺🇸 34.122.49.154

🇦🇺 23.45.168.55

🇺🇸 2600:3c02::2000:edff:fe77:cb55

🇬🇧 109.75.172.153

🇺🇸 91.230.168.255