JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.36.120

104.207.36.120 was found in our database!

This IP was reported 172 times. Confidence of Abuse is 9%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.36.120

Whois 104.207.36.120

IP Abuse Reports for 104.207.36.120:

This IP address has been reported a total of 172 times from 28 distinct sources. 104.207.36.120 was first reported on June 11th 2024, and the most recent report was 4 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 4 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 aks4226	2026-05-06 12:54:17 (4 weeks ago)	Bot search, attacking common web applications.	Web App Attack
🇱🇻 garmtech.com	2026-05-02 07:57:58 (1 month ago)	Attempted access to sensitive endpoint (/.env) detected. Automated scan or unauthorized probing.	Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:09 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-12-26 10:33:20 (5 months ago)	(mod_security) mod_security (id:225170) triggered by 104.207.36.120 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 104.207.36.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 26 05:33:15.173950 2025] [security2:error] [pid 13670:tid 13670] [client 104.207.36.120:14767] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|primacomm.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "primacomm.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aU5ka9HFUMm7qJEDBDYOPAAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-23 05:13:40 (5 months ago)	(mod_security) mod_security (id:225170) triggered by 104.207.36.120 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 104.207.36.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 23 00:13:35.192223 2025] [security2:error] [pid 6362:tid 6362] [client 104.207.36.120:58551] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|jolankagroup.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "jolankagroup.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aUok_zrt_78ZXgyZwuvlQgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 relianoid.com	2025-12-09 17:21:17 (5 months ago)	POST Abuse detected by Relianoid OSS Load Balancer - relianoid.com	Web Spam
Anonymous	2025-12-08 12:56:03 (5 months ago)	botnet	DDoS Attack
🇬🇧 SilverZippo	2025-12-01 20:41:37 (6 months ago)	Web App Attack	Web App Attack
🇫🇷 IRISIO	2025-12-01 13:31:24 (6 months ago)	scans/SQL injection/spam posts : 2 queries	SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2025-11-29 00:57:34 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.36.120 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.36.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 28 19:57:28.065563 2025] [security2:error] [pid 7880:tid 7880] [client 104.207.36.120:29775] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.txt" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "abq4you.com"] [uri "/wp-config.txt"] [unique_id "aSpE-IIymdtDKXuEdXBuTgAAACE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-28 06:42:54 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 104.207.36.120 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 104.207.36.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 28 01:42:50.284983 2025] [security2:error] [pid 21130:tid 21130] [client 104.207.36.120:51271] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|altered-egos.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "altered-egos.com"] [uri "/database.sql"] [unique_id "aSlEaonu5zgFmesz07_1wgAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 07:46:05 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.36.120 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.36.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 02:45:44.607735 2025] [security2:error] [pid 134161:tid 134183] [client 104.207.36.120:58999] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.gelatoconsapevole.com"] [uri "/.env"] [unique_id "aSQNKBfbvyHppNR9RqJwsAAAAIE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 05:38:48 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.36.120 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.36.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 00:38:39.850356 2025] [security2:error] [pid 25316:tid 25316] [client 104.207.36.120:34839] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.fltsiminc.com"] [uri "/.svn/wc.db"] [unique_id "aSPvXwvTyx6sHOyJXqhYggAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-13 22:42:46 (6 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
Anonymous	2025-11-07 06:28:11 (6 months ago)	[redacted] 104.207.36.120 - - [07/Nov/2025:07:27:50 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" " ... show more [redacted] 104.207.36.120 - - [07/Nov/2025:07:27:50 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/600.2.5 (KHTML, like Gecko) Version/8.0.2 Safari/600.2.5" [redacted] 104.207.36.120 - - [07/Nov/2025:07:27:52 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D167 Safari/9537.53" [redacted] 104.207.36.120 - - [07/Nov/2025:07:27:54 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/601.1.56 (KHTML, like Gecko) Version/9.0 Safari/601.1.56" [redacted] 104.207.36.120 - - [07/Nov/2025:07:27:56 +0100] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (iPad; CPU OS 11_2_1 like Mac OS X) AppleWebKit/604.4.7 (KHTML, like Gecko) FxiOS/10.4b8288 Mobile/15C153 Safari/604.4.7" [redacted] 104.207.36.120 - - [07/Nov/2025:07:27:58 +0100] ... show less	Hacking Web App Attack

Showing 1 to 15 of 172 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.73.160.9

🇺🇸 209.85.210.196

🇮🇹 185.197.8.122

🇨🇳 114.220.238.224

🇧🇩 103.86.198.253

🇦🇴 102.214.36.11

🇵🇱 87.251.64.146

🇧🇬 78.128.112.30

🇺🇸 66.132.186.127

🇧🇪 35.241.159.236

🇬🇧 35.203.210.108

🇨🇳 14.103.120.132

🇺🇸 209.85.214.174

🇯🇵 203.91.160.199

🇨🇳 182.113.25.114

🇮🇳 152.59.30.68

🇺🇸 107.0.200.227

🇺🇸 100.29.192.113

🇷🇴 94.156.152.194

🇳🇱 84.22.101.204