JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.61.66

104.207.61.66 was found in our database!

This IP was reported 145 times. Confidence of Abuse is 15%: ?

15%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.61.66

Whois 104.207.61.66

IP Abuse Reports for 104.207.61.66:

This IP address has been reported a total of 145 times from 22 distinct sources. 104.207.61.66 was first reported on June 6th 2024, and the most recent report was 15 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 PeravixGroup	2026-06-11 00:22:24 (15 hours ago)	Honeypot detection: Apache CouchDB unauthorized access / exploitation attempt on port 5984. Severity ... show more Honeypot detection: Apache CouchDB unauthorized access / exploitation attempt on port 5984. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇫🇷 pm33	2026-06-10 16:21:01 (23 hours ago)	Wordpress login attempts	Brute-Force
🇺🇸 TPI-Abuse	2026-02-15 12:49:29 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.61.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.61.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 07:49:26.314548 2026] [security2:error] [pid 30377:tid 30377] [client 104.207.61.66:63447] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "testrong.com"] [uri "/.env.staging"] [unique_id "aZHA1vV0iU3O3wpmkjzMUQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 11:42:37 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.61.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.61.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 06:42:30.718242 2026] [security2:error] [pid 2076:tid 2076] [client 104.207.61.66:40839] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thomasandross.com"] [uri "/api/.git/config"] [unique_id "aZGxJtS_DLDDD-_bIn946AAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 Origon	2026-02-15 11:21:59 (3 months ago)	http-sensitive-files - IP: 104.207.61.66 - time="2026-02-15T12:21:59+01:00" level=info msg="(555f66 ... show more http-sensitive-files - IP: 104.207.61.66 - time="2026-02-15T12:21:59+01:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-sensitive-files by ip 104.207.61.66 (CA/200373) : 4h ban on Ip 104.207.61.66" module=db show less	Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 05:12:06 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.61.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.61.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 00:12:02.453539 2026] [security2:error] [pid 20114:tid 20114] [client 104.207.61.66:53169] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sunshinenv.com"] [uri "/.env.save"] [unique_id "aZFVoibydmvw7DmNl-u5cwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 jjnxpct	2026-02-15 04:48:41 (3 months ago)	Automated security incident from hosting server. ModSecurity blocked suspicious request targeting UR ... show more Automated security incident from hosting server. ModSecurity blocked suspicious request targeting URI: /app/.env (Rule ID: 930130) - Restricted File Access Attempt [Suspicious: .env found within REQUEST_FILENAME: /app/.env] show less	Hacking Web App Attack
Anonymous	2026-02-15 04:31:18 (3 months ago)	Failed login attempt detected by Fail2Ban in plesk-modsecurity jail	Exploited Host
🇺🇸 TPI-Abuse	2026-02-15 04:15:23 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.61.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.61.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 23:15:14.913445 2026] [security2:error] [pid 2168:tid 2197] [client 104.207.61.66:17637] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "straight8inc.com"] [uri "/.git/config"] [unique_id "aZFIUrFwGIsX64Wb-80hHQAAAFg"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-02-15 03:19:10 (3 months ago)	Multiple WAF Violations	Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 03:14:19 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.61.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.61.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 22:14:15.741242 2026] [security2:error] [pid 25698:tid 25698] [client 104.207.61.66:56205] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "stansco.com"] [uri "/.env"] [unique_id "aZE6B_msSQJViqAayI7ARgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 02:46:14 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.61.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.61.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 21:46:07.716315 2026] [security2:error] [pid 729592:tid 729592] [client 104.207.61.66:56557] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sprektech.com"] [uri "/config/.env"] [unique_id "aZEzb4gTqdy9ryDPpwBXxAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-02-15 01:06:27 (3 months ago)	Scanning/Probing (24)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 00:56:00 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.61.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.61.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 19:55:56.448429 2026] [security2:error] [pid 13631:tid 13631] [client 104.207.61.66:17375] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mrsreclamation.com"] [uri "/site/.git/config"] [unique_id "aZEZnCBSo-l9rhQl-i4jkgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 00:38:42 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.61.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.61.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 19:38:35.606537 2026] [security2:error] [pid 15893:tid 15893] [client 104.207.61.66:43499] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ltscatering.com"] [uri "/api/.env"] [unique_id "aZEVi6J7kMN81BpASnDqSgAAABA"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 145 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 221.224.127.14

🇺🇸 216.26.225.187

🇺🇸 216.25.89.140

🇮🇷 188.213.192.113

🇨🇳 180.184.182.87

🇺🇸 142.93.4.183

🇹🇭 118.194.251.75

🇮🇳 4.224.59.75

🇮🇩 202.162.35.6

🇳🇱 165.232.93.216

🇨🇳 112.24.99.134

🇨🇳 111.113.89.150

🇳🇱 85.10.157.40

🇺🇸 74.7.241.8

🇭🇰 45.78.18.182

🇺🇸 23.95.191.250

🇬🇧 216.226.76.10

🇫🇮 147.185.133.41

🇨🇳 115.190.154.102

🇺🇸 66.132.172.117