JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.61.197

104.207.61.197 was found in our database!

This IP was reported 117 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.61.197

Whois 104.207.61.197

IP Abuse Reports for 104.207.61.197:

This IP address has been reported a total of 117 times from 16 distinct sources. 104.207.61.197 was first reported on June 4th 2024, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 excill	2026-05-27 03:14:19 (2 weeks ago)	Honeypot mesh observed 46 attack events in 24h — cowrie/dionaea/heralding/suricata	Port Scan Hacking Brute-Force SSH
🇨🇭 Origon	2026-02-18 00:51:53 (3 months ago)	http-sensitive-files - IP: 104.207.61.197 - time="2026-02-18T01:51:53+01:00" level=info msg="(555f6 ... show more http-sensitive-files - IP: 104.207.61.197 - time="2026-02-18T01:51:53+01:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-sensitive-files by ip 104.207.61.197 (CA/200373) : 4h ban on Ip 104.207.61.197" module=db show less	Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 00:47:49 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.61.197 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.61.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 17 19:47:44.992810 2026] [security2:error] [pid 31089:tid 31128] [client 104.207.61.197:46539] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pattinauction.com"] [uri "/test/.git/config"] [unique_id "aZUMMHiP4rnesxlAepeRGgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2026-02-18 00:47:22 (3 months ago)	Blocking for trying to access an exploit file: /.env.staging	Hacking
🇦🇺 MAGIC	2026-01-02 03:00:08 (5 months ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇱🇻 garmtech.com	2025-12-26 12:14:46 (5 months ago)	IM360 WAF: Attempt to upload malware	Hacking
🇮🇹 VHosting	2025-12-25 16:45:10 (5 months ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇳🇱 Savvii	2025-12-20 14:00:09 (5 months ago)	10 attempts against mh-misc-ban on pf221105	Web App Attack
🇨🇭 backslash	2025-12-19 14:20:05 (5 months ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
Anonymous	2025-11-27 13:33:30 (6 months ago)	Attempted brute force login to web vpn 1134 time(s); last attempt for 2025.11.27 is noted in report ... show more Attempted brute force login to web vpn 1134 time(s); last attempt for 2025.11.27 is noted in report timestamp show less	Hacking Brute-Force
🇺🇸 TPI-Abuse	2025-11-26 07:07:28 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.61.197 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.61.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 02:07:20.513883 2025] [security2:error] [pid 19214:tid 19214] [client 104.207.61.197:53731] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.electricmeatgrinder.com"] [uri "/.git/HEAD"] [unique_id "aSanKBdxSCDN8i0nztkAkgAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 05:59:19 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.61.197 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.61.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 00:59:12.372045 2025] [security2:error] [pid 12057:tid 12057] [client 104.207.61.197:22935] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.madisonworkshopwest.com"] [uri "/.svn/wc.db"] [unique_id "aSaXMMdosgcnQgMKaC32mAAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 02:57:35 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.61.197 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.61.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 21:57:28.435209 2025] [security2:error] [pid 11536:tid 11536] [client 104.207.61.197:39697] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.no1sicko.com"] [uri "/.svn/wc.db"] [unique_id "aSZsmL9dwJkqRsq7KyOesQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 02:00:35 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.61.197 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.61.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 21:00:24.041704 2025] [security2:error] [pid 25991:tid 25991] [client 104.207.61.197:41625] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.lenorasflowers.com"] [uri "/.env"] [unique_id "aSZfOP07ysiFbP20mTDpIAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 09:15:36 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.61.197 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.61.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 04:15:31.488280 2025] [security2:error] [pid 12262:tid 12262] [client 104.207.61.197:13811] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.darvintyne.com"] [uri "/.env"] [unique_id "aSQiM4z5RHlPihHGVN4DnwAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 117 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 205.185.122.174

🇺🇸 205.185.121.3

🇰🇷 43.164.132.164

🇬🇧 35.203.211.188

🇺🇸 206.189.205.85

🇺🇸 205.185.120.156

🇺🇸 205.185.120.21

🇺🇸 104.194.10.248

🇷🇴 92.118.39.62

🇷🇴 80.94.92.130

🇭🇰 65.181.88.245

🇫🇮 65.108.87.151

🇺🇸 34.153.21.16

🇺🇸 205.185.119.54

🇺🇸 205.185.116.245

🇺🇸 205.185.116.237

🇩🇪 193.124.20.245

🇩🇪 185.168.31.66

🇺🇸 94.158.247.101

🇺🇸 45.42.88.54