JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.35.104

104.207.35.104 was found in our database!

This IP was reported 145 times. Confidence of Abuse is 25%: ?

25%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.35.104

Whois 104.207.35.104

IP Abuse Reports for 104.207.35.104:

This IP address has been reported a total of 145 times from 23 distinct sources. 104.207.35.104 was first reported on June 5th 2024, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 wlt-blocker	2026-05-20 04:18:43 (2 weeks ago)	Unauthorized access to webpage admin	Web App Attack
🇺🇸 TPI-Abuse	2026-05-19 19:05:17 (2 weeks ago)	(mod_security) mod_security (id:210730) triggered by 104.207.35.104 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 104.207.35.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 19 15:05:10.881824 2026] [security2:error] [pid 15824:tid 15824] [client 104.207.35.104:60875] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.couturebikini.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.couturebikini.com"] [uri "/s3cmd.ini"] [unique_id "agy0Zpz99K3xRQbOqiON7AAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2026-05-07 00:37:39 (4 weeks ago)	ThreatBook Intelligence: http_proxy,Gateway more details on https://threatbook.io/ip/104.207.35.104 ... show more ThreatBook Intelligence: http_proxy,Gateway more details on https://threatbook.io/ip/104.207.35.104 2026-05-06 13:04:10 / show less	Web App Attack
🇺🇸 TPI-Abuse	2026-05-04 17:41:53 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 104.207.35.104 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.35.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 04 13:41:48.824396 2026] [security2:error] [pid 19117:tid 19117] [client 104.207.35.104:30319] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.lunchtimers.org"] [uri "/.env"] [unique_id "afjaXN6z9QZPN1a08jHeEwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 OceanTreasure	2026-04-30 18:15:11 (1 month ago)	tcp/443; AWS dotfile access attempt: "GET /.aws/credentials" @ 2026-04-30T18:14:56Z [proxy]	Web App Attack
🇩🇪 FeG Deutschland	2026-04-30 12:48:06 (1 month ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇮🇩 Burayot	2026-04-28 09:54:04 (1 month ago)	LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 104.207.35.104 (US/United States/-): ... show more LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 104.207.35.104 (US/United States/-): 2 in the last 3600 secs show less	Web App Attack
🇫🇷 masterguru	2026-04-06 00:04:05 (2 months ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.35.104 (US/United States/-): 1 in the ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.35.104 (US/United States/-): 1 in the last 3600 secs (0-196) show less	Hacking
🇱🇻 garmtech.com	2026-03-28 11:35:00 (2 months ago)	IM360 WAF: WordPress plugin/theme auto install block	Web App Attack
🇦🇺 RedBear IT	2026-03-26 10:00:37 (2 months ago)	"DDoS against public endpoint"	DDoS Attack
🇭🇺 bcsaba	2025-12-31 19:59:33 (5 months ago)	Joomla spam 104.207.35.104 - - [31/Dec/2025:20:59:32 +0100] "GET /index.php?option=com_easyblog&view ... show more Joomla spam 104.207.35.104 - - [31/Dec/2025:20:59:32 +0100] "GET /index.php?option=com_easyblog&view=dashboard&layout=write HTTP/1.1" 404 789 "https://REDACTED" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Vivaldi/5.3.2679.68" show less	Web App Attack
🇮🇹 VHosting	2025-12-23 13:50:32 (5 months ago)	Detected attack and reported by a human	DDoS Attack Brute-Force Bad Web Bot Exploited Host Web App Attack SSH
🇨🇭 backslash	2025-12-07 18:20:03 (5 months ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
🇺🇸 TPI-Abuse	2025-11-24 08:33:10 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.35.104 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.35.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 03:33:02.041413 2025] [security2:error] [pid 132008:tid 132035] [client 104.207.35.104:44329] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bbpuertadelsol.com"] [uri "/.git/HEAD"] [unique_id "aSQYPgH-XN5lTt6cMbeBBwAAAFY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 07:20:42 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.35.104 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.35.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 02:20:20.291500 2025] [security2:error] [pid 10629:tid 10629] [client 104.207.35.104:38101] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.elhosting.us"] [uri "/.svn/wc.db"] [unique_id "aSQHNBGAdTtaoMsl-PXs7QAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 145 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇩 2a02:4780:6:1731:0:1f67:c129:1

🇷🇺 188.247.43.42

🇨🇳 117.159.174.136

🇨🇳 111.26.106.115

🇸🇬 101.47.159.125

🇺🇸 47.203.27.19

🇳🇱 45.148.10.147

🇺🇸 18.191.185.213

🇫🇷 2a02:4780:27:1888:0:23a1:74dc:1

🇧🇷 181.218.9.86

🇺🇸 172.202.118.39

🇨🇳 120.234.232.184

🇫🇷 89.116.26.221

🇳🇱 45.148.10.152

🇳🇱 45.148.10.151

🇺🇸 34.71.30.159

🇵🇾 181.123.62.210

🇺🇸 162.216.149.150

🇰🇷 112.164.234.33

🇨🇳 111.50.143.78