JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.61.22

104.207.61.22 was found in our database!

This IP was reported 93 times. Confidence of Abuse is 8%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.61.22

Whois 104.207.61.22

IP Abuse Reports for 104.207.61.22:

This IP address has been reported a total of 93 times from 18 distinct sources. 104.207.61.22 was first reported on June 3rd 2024, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 masterguru	2026-05-10 14:18:16 (3 weeks ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.61.22 (CA/Canada/-): 1 in the last 360 ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.61.22 (CA/Canada/-): 1 in the last 3600 secs (0-193) show less	Hacking
🇫🇷 masterguru	2026-05-09 06:02:24 (4 weeks ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.61.22 (CA/Canada/-): 1 in the last 360 ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.61.22 (CA/Canada/-): 1 in the last 3600 secs (0-196) show less	Hacking
🇫🇷 masterguru	2026-04-26 17:43:18 (1 month ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.61.22 (CA/Canada/-): 1 in the last 360 ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.61.22 (CA/Canada/-): 1 in the last 3600 secs (0-197) show less	Hacking
🇩🇪 Lino Project	2026-04-23 22:55:53 (1 month ago)	104.207.61.22 - - [24/Apr/2026:00:55:53 +0200] "POST /xmlrpc.php HTTP/2.0" 403 471 "-" "Mozilla/5.0 ... show more 104.207.61.22 - - [24/Apr/2026:00:55:53 +0200] "POST /xmlrpc.php HTTP/2.0" 403 471 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.207 Safari/537.36" ... show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-04-22 23:58:08 (1 month ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.61.22 (CA/Canada/-): 1 in the last 360 ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.61.22 (CA/Canada/-): 1 in the last 3600 secs (0-193) show less	Hacking
🇫🇷 masterguru	2026-04-13 11:18:06 (1 month ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.61.22 (CA/Canada/-): 1 in the last 360 ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.61.22 (CA/Canada/-): 1 in the last 3600 secs (0-193) show less	Hacking
🇪🇸 10dencehispahard SL	2026-01-16 08:08:19 (4 months ago)	Wordpress probing for vulnerabilities	Hacking Exploited Host
Anonymous	2026-01-03 13:35:14 (5 months ago)	Attempted brute force login to web vpn 18 time(s); last attempt for 2026.01.03 is noted in report ti ... show more Attempted brute force login to web vpn 18 time(s); last attempt for 2026.01.03 is noted in report timestamp show less	Hacking Brute-Force
🇫🇷 Guardian	2026-01-01 11:56:07 (5 months ago)	Scanning for installed WordPress and vulnerabilities 104.207.61.22 [01/Jan/2026:11:56:07] "GET /wp-a ... show more Scanning for installed WordPress and vulnerabilities 104.207.61.22 [01/Jan/2026:11:56:07] "GET /wp-admin/setup-config.php HTTP/1.1" show less	Port Scan Web App Attack
🇺🇸 myagent.site	2025-12-30 13:54:48 (5 months ago)	Blocking for trying to access an exploit file: /wp//kickstart.php	Hacking
🇵🇱 sefinek.net	2025-12-23 04:38:25 (5 months ago)	Triggered Cloudflare WAF (firewallCustom) from CA. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from CA. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: /genshin-stella-mod UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 YaBrowser/22.7.0 Yowser/2.5 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
Anonymous	2025-12-21 08:27:44 (5 months ago)	wordpress-trap	Web App Attack
🇺🇸 Penny Packer	2025-12-19 05:07:50 (5 months ago)	Fail2Ban apache-tripwires	Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 08:34:35 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.61.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.61.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 03:34:29.989837 2025] [security2:error] [pid 25864:tid 25864] [client 104.207.61.22:24231] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.geriart.net"] [uri "/.env"] [unique_id "aSa7larwEDwY5AVfDrSOEgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 08:15:18 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.61.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.61.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 03:15:11.100867 2025] [security2:error] [pid 15878:tid 15878] [client 104.207.61.22:18263] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.comitedelafamille.org"] [uri "/.env"] [unique_id "aSa3D5PkAfngfxvFw4IFGgAAABM"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 93 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇴 92.118.39.62

🇫🇷 82.102.18.220

🇧🇪 34.78.156.130

🇨🇳 219.145.1.117

🇬🇧 193.163.125.67

🇰🇿 185.233.3.95

🇹🇷 185.148.240.112

🇻🇳 116.110.158.101

🇧🇾 86.57.173.115

🇺🇸 65.49.1.146

🇺🇸 45.42.88.54

🇺🇸 20.64.97.78

🇩🇪 176.65.132.17

🇺🇸 162.216.150.227

🇸🇬 101.47.155.9

🇺🇸 91.230.168.207

🇬🇧 78.153.140.251

🇬🇧 78.153.140.250

🇨🇦 70.78.200.99

🇺🇸 66.132.186.228