JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 100.36.224.138

100.36.224.138 was found in our database!

This IP was reported 45 times. Confidence of Abuse is 100%: ?

100%

ISP	Verizon Business
Usage Type	Fixed Line ISP
ASN	AS701
Hostname(s)	pfs.crius.com
Domain Name	verizon.com
Country	🇺🇸 United States of America
City	Gaithersburg, Maryland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 100.36.224.138

Whois 100.36.224.138

IP Abuse Reports for 100.36.224.138:

This IP address has been reported a total of 45 times from 33 distinct sources. 100.36.224.138 was first reported on June 15th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 openstrike.co.uk	2026-06-16 05:15:18 (1 day ago)	14 attacks on env grabbing URLs: GET /.env HTTP/1.1	Hacking
🇬🇧 andypiper	2026-06-16 01:00:30 (1 day ago)	CrowdSec ban for AbuseIPDB Top List	Brute-Force Web App Attack
🇺🇸 mnsf	2026-06-16 00:16:32 (1 day ago)	Abuse Detected (9)	Brute-Force Web App Attack
🇳🇱 homeshowdomain.nl	2026-06-15 22:01:40 (1 day ago)	Auto-ban: >3000 req/min op 2026-06-15	Web App Attack SSH Hacking
🇫🇮 inlink.ltd	2026-06-15 20:53:13 (1 day ago)	dot file probe	Web App Attack
🇦🇺 Block Rockin' Beats	2026-06-15 20:51:03 (1 day ago)	Scanning for exploitable scripts	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 20:41:19 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 100.36.224.138 (pfs.crius.com): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 100.36.224.138 (pfs.crius.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 16:41:15.444692 2026] [security2:error] [pid 9477:tid 9494] [client 100.36.224.138:54342] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "casademontemaior.com"] [uri "/api/.env"] [unique_id "ajBjaz5ps3l4iVN6gWwevQAAAEs"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 todix	2026-06-15 19:38:22 (1 day ago)	Web App Attack Exploid from 100.36.224.138	Web App Attack
🇬🇧 Oakley	2026-06-15 19:04:10 (1 day ago)	(confirmed_bot_sig) Confirmed bot	Hacking
🇺🇸 TPI-Abuse	2026-06-15 18:50:19 (1 day ago)	(mod_security) mod_security (id:949110) triggered by 100.36.224.138 (pfs.crius.com): 1 in the last 3 ... show more (mod_security) mod_security (id:949110) triggered by 100.36.224.138 (pfs.crius.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 14:50:08.879055 2026] [security2:error] [pid 18376:tid 18376] [client 100.36.224.138:47274] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dplmat.com"] [uri "/.env"] [unique_id "ajBJYOMVe-bYwoG461G7bAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 4server	2026-06-15 18:47:30 (1 day ago)	[MonJun1520:47:23.3070372026][security2:error][pid321784:tid322053][client100.36.224.138:0]ModSecuri ... show more [MonJun1520:47:23.3070372026][security2:error][pid321784:tid322053][client100.36.224.138:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"365\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"serverprivato.ch\"][uri\"/api/.env\"][unique_id\"ajBIu-xKIlNTgyGQgTV_gQAAAQY\"] show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 18:31:04 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 100.36.224.138 (pfs.crius.com): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 100.36.224.138 (pfs.crius.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 14:30:59.262289 2026] [security2:error] [pid 14457:tid 14464] [client 100.36.224.138:33222] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rosicrucian.net"] [uri "/config/.env"] [unique_id "ajBE4-DjY4S49AQT6A4oUgAAAQQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 18:04:46 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 100.36.224.138 (pfs.crius.com): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 100.36.224.138 (pfs.crius.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 14:04:40.286246 2026] [security2:error] [pid 3442:tid 3442] [client 100.36.224.138:41750] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "8two7.com"] [uri "/.env"] [unique_id "ajA-uKKOS9nhMEFiiU8wZAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 2000cn.com.au	2026-06-15 18:01:54 (1 day ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
🇺🇸 TPI-Abuse	2026-06-15 17:45:17 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 100.36.224.138 (pfs.crius.com): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 100.36.224.138 (pfs.crius.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 13:45:10.622835 2026] [security2:error] [pid 23644:tid 23644] [client 100.36.224.138:33672] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lonasytoldosdelatorre.com"] [uri "/api/.env"] [unique_id "ajA6JkrFzlNQGFZOgSR2HwAAACU"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 45 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 23.176.184.152

🇩🇪 213.209.159.231

🇳🇱 185.242.226.33

🇲🇰 185.56.250.33

🇫🇷 185.26.220.22

🇺🇸 141.148.173.191

🇸🇬 114.119.139.226

🇷🇴 94.156.152.234

🇫🇷 46.105.28.235

🇳🇱 45.148.10.141

🇨🇳 36.135.62.103

🇮🇱 20.217.83.157

🇳🇱 5.61.209.43

🇲🇽 189.165.16.7

🇲🇽 187.192.86.153

🇹🇼 180.176.176.60

🇺🇸 178.128.1.119

🇯🇵 160.251.182.78

🇭🇰 150.5.141.198

🇨🇳 112.46.215.15