JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.36.22

104.207.36.22 was found in our database!

This IP was reported 93 times. Confidence of Abuse is 23%: ?

23%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.36.22

Whois 104.207.36.22

IP Abuse Reports for 104.207.36.22:

This IP address has been reported a total of 93 times from 16 distinct sources. 104.207.36.22 was first reported on June 4th 2024, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 librebit	2026-06-10 18:53:26 (4 hours ago)	Brute force	Brute-Force
🇫🇷 COMAITE	2026-05-26 14:13:13 (2 weeks ago)	Suspicious URL access.	Web App Attack
🇺🇸 mnsf	2026-05-25 10:05:27 (2 weeks ago)	Scanning/Probing (24)	Brute-Force Web App Attack
🇨🇳 ThreatBook.io	2026-04-23 00:29:11 (1 month ago)	ThreatBook Intelligence: vpn_proxy,Gateway more details on https://threatbook.io/ip/104.207.36.22 20 ... show more ThreatBook Intelligence: vpn_proxy,Gateway more details on https://threatbook.io/ip/104.207.36.22 2026-04-22 18:11:06 / show less	Web App Attack
🇨🇳 ThreatBook.io	2026-01-29 01:28:20 (4 months ago)	ThreatBook Intelligence: Zombie,vpn_proxy more details on https://threatbook.io/ip/104.207.36.22 202 ... show more ThreatBook Intelligence: Zombie,vpn_proxy more details on https://threatbook.io/ip/104.207.36.22 2026-01-28 11:26:53 /nacos/%23/serviceSync show less	Web App Attack
🇨🇳 ThreatBook.io	2026-01-13 01:14:32 (4 months ago)	ThreatBook Intelligence: Zombie,vpn_proxy more details on https://threatbook.io/ip/104.207.36.22 202 ... show more ThreatBook Intelligence: Zombie,vpn_proxy more details on https://threatbook.io/ip/104.207.36.22 2026-01-12 23:44:32 /druid/index.html 2026-01-12 02:49:22 /druid/index.html show less	Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:39 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇨🇳 ThreatBook.io	2025-12-28 00:21:37 (5 months ago)	ThreatBook Intelligence: Zombie,vpn_proxy more details on https://threatbook.io/ip/104.207.36.22 202 ... show more ThreatBook Intelligence: Zombie,vpn_proxy more details on https://threatbook.io/ip/104.207.36.22 2025-12-27 11:52:55 /osTicket 2025-12-27 11:59:52 /login 2025-12-27 11:55:30 /webmail 2025-12-27 11:46:00 /.git/app.rb 2025-12-27 11:59:45 /login 2025-12-27 11:59:50 /login show less	Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 06:25:52 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.36.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.36.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 01:25:45.644387 2025] [security2:error] [pid 1817000:tid 1817017] [client 104.207.36.22:53299] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.denverdermatologist.com"] [uri "/.svn/wc.db"] [unique_id "aSVL6ZiXM9qjzOaPIgRSdgAAAUU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:53:30 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.36.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.36.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:53:18.568321 2025] [security2:error] [pid 23334:tid 23334] [client 104.207.36.22:24435] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.leeknight.com"] [uri "/.svn/wc.db"] [unique_id "aSU2PksyMavxXf0yHTzSwgAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:16:07 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.36.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.36.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:16:01.239614 2025] [security2:error] [pid 28106:tid 28106] [client 104.207.36.22:21837] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "brazilianthongs.brazilianbottom.com"] [uri "/.svn/wc.db"] [unique_id "aSUtgcykpP7wBXo3R1qUWgAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 03:31:47 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.36.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.36.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 22:31:38.543379 2025] [security2:error] [pid 21104:tid 21104] [client 104.207.36.22:22227] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.sendera.mx"] [uri "/.git/HEAD"] [unique_id "aSUjGlMSgH7WKxABPPFxrgAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 02:29:10 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.36.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.36.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 21:28:56.325210 2025] [security2:error] [pid 11980:tid 11980] [client 104.207.36.22:23355] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.lloydprins.com"] [uri "/.svn/wc.db"] [unique_id "aSUUaMz9b2UFNtsgUv8O2gAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 00:45:40 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.36.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.36.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 19:45:31.705714 2025] [security2:error] [pid 22949:tid 22949] [client 104.207.36.22:33261] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.tulsatvmemories.com"] [uri "/.env"] [unique_id "aST8KzjgpjIOqmfjIC5qgAAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 00:21:15 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.36.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.36.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 19:20:54.029835 2025] [security2:error] [pid 8128:tid 8128] [client 104.207.36.22:46751] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.thedenzers.com"] [uri "/.env"] [unique_id "aST2Zuu_dKVrd7HlWZHFBAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 93 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2620:171:fe:f0::11

🇳🇱 176.65.139.41

🇸🇦 141.164.208.18

🇨🇳 47.95.166.4

🇬🇧 35.203.210.241

🇺🇸 135.237.123.254

🇮🇳 125.23.228.86

🇧🇷 118.26.105.52

🇨🇳 117.139.123.153

🇺🇸 107.150.97.52

🇫🇷 86.209.75.49

🇵🇱 80.49.158.68

🇬🇧 35.203.210.85

🇷🇺 194.85.22.1

🇺🇸 156.232.13.218

🇮🇳 125.16.27.190

🇨🇳 120.229.247.168

🇺🇸 99.60.18.106

🇺🇸 67.205.182.120

🇺🇸 66.132.224.81