JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.61.14

104.207.61.14 was found in our database!

This IP was reported 97 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.61.14

Whois 104.207.61.14

IP Abuse Reports for 104.207.61.14:

This IP address has been reported a total of 97 times from 23 distinct sources. 104.207.61.14 was first reported on June 20th 2024, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-02-15 22:59:59 (4 months ago)	Auto-ban: >3000 req/min op 2026-02-15	Hacking Web App Attack SSH
🇺🇸 mind5t0rm	2026-02-15 16:41:40 (4 months ago)	(WPLOGIN) WP Login Attack 104.207.61.14 (CA/Canada/-): 3 in the last 3600 secs; Ports: ; Direction: ... show more (WPLOGIN) WP Login Attack 104.207.61.14 (CA/Canada/-): 3 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_TRIGGER; Logs: 104.207.61.14 - - [15/Feb/2026:23:34:22 +0700] "GET /wp-login.php HTTP/2.0" 200 2468 "-" "Wget/1.21.4" 104.207.61.14 - - [15/Feb/2026:23:34:24 +0700] "POST /wp-login.php HTTP/2.0" 302 0 "https://www.zerowaterthailand.com/wp-login.php" "Wget/1.21.4" 104.207.61.14 - - [15/Feb/2026:23:41:37 +0700] "GET /wp-login.php HTTP/2.0" 200 2453 "-" "curl/8.6.0" show less	Port Scan
🇺🇸 TPI-Abuse	2026-02-15 06:57:38 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.61.14 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.61.14 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 01:57:31.178583 2026] [security2:error] [pid 8415:tid 8415] [client 104.207.61.14:53837] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "seapens.org"] [uri "/.env.staging"] [unique_id "aZFuWxMXbLVXSb60ViW6FgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 05:58:07 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.61.14 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.61.14 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 00:57:59.670383 2026] [security2:error] [pid 25985:tid 25985] [client 104.207.61.14:26273] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "omnithermal.com"] [uri "/.env.save"] [unique_id "aZFgZ1fiOyMBdepcdMDTnQAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2026-02-15 05:34:38 (4 months ago)	Blocking for trying to access an exploit file: /site/.git/config	Hacking
🇩🇪 gadix	2026-02-15 05:21:40 (4 months ago)	[15/Feb/2026:06:21:39.093777 +0100] aZFX49fk7Z4Z5gLC1LbivQAAAFY 104.207.61.14 49750 127.0.0.1 7081 [ ... show more [15/Feb/2026:06:21:39.093777 +0100] aZFX49fk7Z4Z5gLC1LbivQAAAFY 104.207.61.14 49750 127.0.0.1 7081 [15/Feb/2026:06:21:39.506667 +0100] aZFX49fk7Z4Z5gLC1LbivgAAAEY 104.207.61.14 49756 127.0.0.1 7081 [15/Feb/2026:06:21:39.932799 +0100] aZFX4318zuAUuYzRJMg3vwAAAI8 104.207.61.14 49768 127.0.0.1 7081 ... show less	Web App Attack
Anonymous	2026-02-15 05:18:26 (4 months ago)	Fuzzing/Looking for credentials files.	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 04:09:26 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.61.14 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.61.14 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 23:09:17.589092 2026] [security2:error] [pid 2463961:tid 2463961] [client 104.207.61.14:63741] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "powerlinemagazine.com"] [uri "/.env"] [unique_id "aZFG7U5L4OoZ4o4atPpL7AAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 03:25:09 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.61.14 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.61.14 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 22:25:04.271083 2026] [security2:error] [pid 756147:tid 756147] [client 104.207.61.14:23517] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pontiacpalace.com"] [uri "/.env.staging"] [unique_id "aZE8kOvGhdnms6V4-SbiGgAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-02-15 03:05:43 (4 months ago)	Scanning/Probing (22)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 02:40:33 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.61.14 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.61.14 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 21:40:25.748504 2026] [security2:error] [pid 19396:tid 19396] [client 104.207.61.14:34521] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nhgrange.org"] [uri "/backup/.git/config"] [unique_id "aZEyGfmNfz1WkMIU0CAbHAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-02-15 01:56:06 (4 months ago)	Multiple WAF Violations	Web App Attack
🇮🇹 alph44	2026-02-15 01:28:21 (4 months ago)	(mod_security) mod_security (id:949110) triggered by 104.207.61.14 (CA/Canada/-): 5 in the last 3600 ... show more (mod_security) mod_security (id:949110) triggered by 104.207.61.14 (CA/Canada/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_MODSEC; Logs: show less	Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 00:58:33 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.61.14 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.61.14 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 19:58:28.257314 2026] [security2:error] [pid 671056:tid 671056] [client 104.207.61.14:64515] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rocketfuelpartners.com"] [uri "/.env.staging"] [unique_id "aZEaNCZ8SNJBrDilqOQLsAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Jean Valjean	2025-12-30 23:15:28 (5 months ago)	Fail2ban Caboom : xmlrpc.php Abuse	SQL Injection Web App Attack

Showing 1 to 15 of 97 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇦 196.117.117.124

🇨🇳 121.40.35.205

🇳🇵 103.232.154.42

🇭🇰 103.210.22.74

🇮🇳 103.175.8.32

🇬🇧 51.195.183.177

🇧🇷 45.160.228.112

🇺🇸 40.124.175.234

🇨🇳 8.152.96.110

🇳🇱 192.42.116.107

🇧🇷 189.51.35.224

🇬🇧 188.122.37.97

🇧🇷 177.37.19.30

🇺🇸 172.217.37.208

🇧🇭 82.194.39.201

🇧🇷 45.160.229.159

🇧🇷 45.160.228.13

🇺🇸 20.80.88.160

🇬🇧 195.206.182.195

🇧🇷 177.221.143.151