JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 69.61.200.104

69.61.200.104 was found in our database!

This IP was reported 1,316 times. Confidence of Abuse is 78%: ?

78%

ISP	CINCINNATI BELL
Usage Type	Fixed Line ISP
ASN	AS6181
Hostname(s)	ip-69-61-200-104.static.fuse.net
Domain Name	altafiber.com
Country	🇺🇸 United States of America
City	Fishers, Indiana

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 69.61.200.104

Whois 69.61.200.104

IP Abuse Reports for 69.61.200.104:

This IP address has been reported a total of 1,316 times from 307 distinct sources. 69.61.200.104 was first reported on November 24th 2020, and the most recent report was 3 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 masterguru	2026-06-07 06:36:04 (3 hours ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 69.61.200.104 (US/United States/ip-69-61-200-1 ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 69.61.200.104 (US/United States/ip-69-61-200-104.static.fuse.net): 1 in the last 3600 secs (0-195) show less	Hacking
🇩🇪 Justin F. \| AS204464	2026-06-06 17:39:55 (16 hours ago)	Honeypot [nx-infrastructure]: Brute-force attack detected on 22/SSH • Credentials: 4ac64a19536e:, 0e ... show more Honeypot [nx-infrastructure]: Brute-force attack detected on 22/SSH • Credentials: 4ac64a19536e:, 0e775b19c76b:, da7bd84a140e: • Number of login attempts: 3 • Client: SSH-2.0-Go Reported by: Justin F. show less	Brute-Force SSH
🇩🇪 Roper123	2026-06-05 12:57:06 (1 day ago)	Web exploits	Web App Attack
🇨🇿 ptlab	2026-06-04 04:45:37 (3 days ago)	Detected wp_login attack from WP-host.	Hacking Web App Attack
🇩🇪 LRob.fr	2026-05-30 08:00:15 (1 week ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇭🇺 bcsaba	2026-05-30 04:39:29 (1 week ago)	Joomla spam 69.61.200.104 - - [30/May/2026:06:39:27 +0200] "GET /index.php?option=com_easyblog&view= ... show more Joomla spam 69.61.200.104 - - [30/May/2026:06:39:27 +0200] "GET /index.php?option=com_easyblog&view=dashboard&layout=write HTTP/1.1" 404 1514 "https://REDACTED" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:149.0) Gecko/20100101 Firefox/149.0" show less	Web App Attack
🇺🇸 VSM Networks	2026-05-29 06:16:08 (1 week ago)	Credential Stuffing	Brute-Force
🇪🇸 el-brujo	2026-05-26 14:59:19 (1 week ago)	Cloudflare WAF: Request Path: /ddos/ Request Query: Host: elhacker.net userAgent: Mozilla/5.0 (comp ... show more Cloudflare WAF: Request Path: /ddos/ Request Query: Host: elhacker.net userAgent: Mozilla/5.0 (compatible; MSIE 71.0; 68K; Trident/31.0) Action: block Source: ratelimit ASN Description: Cincinnati Bell Telephone Company LLC Country: US Method: GET Timestamp: 2026-05-26T14:59:19Z ruleId: 11a71ad4659e48b29b5173e3bcc61b4a. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇺🇸 COMPLEX	2026-05-26 01:57:43 (1 week ago)	Banned by Multi Agent · node …eq1h · attempts=5 · SSH brute-force / scan	Brute-Force SSH
🇩🇪 BestFans.com	2026-05-22 10:43:07 (2 weeks ago)	Credential brute-force attacks on webpage logins	Brute-Force
🇺🇸 TPI-Abuse	2026-05-18 01:21:04 (2 weeks ago)	(mod_security) mod_security (id:210730) triggered by 69.61.200.104 (ip-69-61-200-104.static.fuse.net ... show more (mod_security) mod_security (id:210730) triggered by 69.61.200.104 (ip-69-61-200-104.static.fuse.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 17 21:20:58.777879 2026] [security2:error] [pid 7114:tid 7114] [client 69.61.200.104:43748] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|qualityelevatorcabs.com\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "qualityelevatorcabs.com"] [uri "/[email protected]"] [unique_id "agppeonMLYof1bBYOLDuygAAAAw"], referer: http://qualityelevatorcabs.com/[email protected] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 ipblock.com	2026-05-17 17:46:00 (2 weeks ago)	IPBlock protected site ID [4055-d][s=02]. Persistent 404, vulnerability scanner	Hacking Bad Web Bot Web App Attack
🇹🇷 Threat.live	2026-05-16 22:35:08 (3 weeks ago)	Suspicious Connection Attempts	Brute-Force
🇺🇸 TPI-Abuse	2026-05-14 11:34:25 (3 weeks ago)	(mod_security) mod_security (id:210831) triggered by 69.61.200.104 (ip-69-61-200-104.static.fuse.net ... show more (mod_security) mod_security (id:210831) triggered by 69.61.200.104 (ip-69-61-200-104.static.fuse.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 14 07:34:20.611453 2026] [security2:error] [pid 12501:tid 12501] [client 69.61.200.104:54878] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|backstore.com\|F\|4"] [data "a href="] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "backstore.com"] [uri "/webalizer/"] [unique_id "agWzPC6Et2zUAfyylq7cPAAAAAQ"], referer: http://backstore.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-14 09:18:49 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 69.61.200.104 (ip-69-61-200-104.static.fuse.net ... show more (mod_security) mod_security (id:210492) triggered by 69.61.200.104 (ip-69-61-200-104.static.fuse.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 14 05:18:43.468606 2026] [security2:error] [pid 14942:tid 14942] [client 69.61.200.104:41331] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.seacorre.com"] [uri "/.git/config"] [unique_id "agWTc7Eb2IbxmLaWXT1suQAAAAY"], referer: https://www.google.com/search?q=webdisk.seacorre.com show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 1316 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇰 185.56.250.74

🇭🇰 154.221.20.92

🇮🇱 85.130.142.239

🇺🇸 70.40.26.169

🇭🇰 59.148.104.248

🇸🇬 47.82.53.74

🇨🇳 39.144.129.213

🇺🇸 20.65.195.35

🇩🇪 8.209.84.177

🇬🇧 2a06:4880:c000::dd

🇫🇷 2a02:4780:27:2156:0:1d6a:1c32:1

🇸🇬 2a02:4780:3:1199:0:2fbb:22:1

🇷🇸 213.196.104.182

🇪🇨 186.68.83.105

🇺🇸 184.105.247.194

🇫🇷 157.173.100.92

🇦🇫 149.54.16.62

🇵🇭 120.28.135.4

🇮🇳 103.69.29.211

🇮🇷 94.183.26.148