JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.36.13

104.207.36.13 was found in our database!

This IP was reported 91 times. Confidence of Abuse is 14%: ?

14%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.36.13

Whois 104.207.36.13

IP Abuse Reports for 104.207.36.13:

This IP address has been reported a total of 91 times from 22 distinct sources. 104.207.36.13 was first reported on June 11th 2024, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 PeravixGroup	2026-05-22 13:22:36 (2 weeks ago)	Honeypot detection: Elasticsearch unauthorized access / data leak attempt on port 9200. Severity: ME ... show more Honeypot detection: Elasticsearch unauthorized access / data leak attempt on port 9200. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇨🇭 TheCoon	2026-04-21 09:45:01 (1 month ago)	Automated: Gzip bomb download attempt	Web App Attack Hacking
🇩🇪 4server	2026-04-21 03:54:17 (1 month ago)	[TueApr2105:54:11.9109802026][security2:error][pid2167728:tid2167742][client104.207.36.13:0]ModSecur ... show more [TueApr2105:54:11.9109802026][security2:error][pid2167728:tid2167742][client104.207.36.13:0]ModSecurity:Accessdeniedwithcode403$phase1$.Patternmatch\"$\?i$$\?:/\(\?:\^\\|/$\\\\\\\\.$env\\|git\\|svn\\|hg\\|DS_Store$\\|/$\?:wp-config\\|\\\\\\\\.htaccess\\|\\\\\\\\.htpasswd$\\|\\\\\\\\.$\?:sql\\|bak\\|old\\|log$\$\)\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"156\"][id\"960720\"][msg\"Forbiddenfileaccessattempt\"][severity\"CRITICAL\"][hostname\"gmint.ch\"][uri\"/backup.sql\"][unique_id\"aeb049cwffGXaSPwjehSAQAAAAs\"] show less	Port Scan Brute-Force Web App Attack
🇨🇳 ThreatBook.io	2026-04-06 00:55:26 (2 months ago)	ThreatBook Intelligence: http_proxy,Zombie more details on https://threatbook.io/ip/104.207.36.13 20 ... show more ThreatBook Intelligence: http_proxy,Zombie more details on https://threatbook.io/ip/104.207.36.13 2026-04-05 20:33:41 /config/DataSetConfig%23.xml show less	Web App Attack
🇪🇸 librebit	2026-02-15 08:01:51 (3 months ago)	Brute force	Brute-Force
🇧🇪 voormedia	2026-02-14 11:16:02 (3 months ago)	Accessed trap at '/wp-login.php'	Web App Attack
🇩🇪 LRob.fr	2026-02-10 20:35:46 (3 months ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇫🇷 mrcrassi	2026-01-31 07:08:17 (4 months ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (POST meth ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (POST method) Endpoint: /wp-login.php UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇨🇳 ThreatBook.io	2026-01-08 00:57:58 (4 months ago)	ThreatBook Intelligence: http_proxy,Zombie more details on https://threatbook.io/ip/104.207.36.13 20 ... show more ThreatBook Intelligence: http_proxy,Zombie more details on https://threatbook.io/ip/104.207.36.13 2026-01-07 05:37:43 /manager/html 2026-01-07 05:37:43 /manager/html show less	Web App Attack
Anonymous	2025-12-30 20:32:53 (5 months ago)	"GET /.env HTTP/1.1"	Hacking Web App Attack
🇨🇭 ALPHANET	2025-12-30 10:50:15 (5 months ago)	web exploits	Hacking Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 05:40:55 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.36.13 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.36.13 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 00:40:45.846556 2025] [security2:error] [pid 7416:tid 7416] [client 104.207.36.13:10543] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "idetailingcreatives.com"] [uri "/.git/HEAD"] [unique_id "aVIUXcaoUUNX0hCLsbc9-gAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-12-16 03:37:42 (5 months ago)	2025-12-16T05:37:42.339469+02:00 zanati wp(www.sahpa.co.za)[1159864]: Blocked authentication attempt ... show more 2025-12-16T05:37:42.339469+02:00 zanati wp(www.sahpa.co.za)[1159864]: Blocked authentication attempt for [email protected] from 104.207.36.13 ... show less	Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-11-30 13:10:03 (6 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇸🇪 Johan Finn	2025-11-29 00:01:49 (6 months ago)	malicious activity	Web App Attack

Showing 1 to 15 of 91 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.227

🇧🇷 206.42.8.243

🇨🇳 183.236.75.189

🇮🇩 163.7.8.79

🇺🇸 142.147.137.121

🇳🇱 88.151.32.89

🇺🇸 66.132.224.24

🇹🇯 62.89.208.218

🇺🇸 3.142.80.231

🇨🇳 218.207.1.116

🇳🇱 195.178.110.30

🇺🇸 162.216.150.248

🇺🇸 153.66.28.132

🇮🇳 152.58.3.161

🇵🇰 144.48.135.65

🇯🇵 118.194.229.94

🇮🇳 103.107.60.45

🇺🇸 85.239.151.41

🇫🇮 65.109.78.187

🇳🇱 45.148.10.147