JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.37.109

104.207.37.109 was found in our database!

This IP was reported 146 times. Confidence of Abuse is 11%: ?

11%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.37.109

Whois 104.207.37.109

IP Abuse Reports for 104.207.37.109:

This IP address has been reported a total of 146 times from 16 distinct sources. 104.207.37.109 was first reported on June 5th 2024, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Sklurk	2026-06-20 03:46:11 (3 days ago)	Web App Attack	Web App Attack
Anonymous	2026-05-13 05:44:57 (1 month ago)	Banned by SPAMHAUS ASN-DROP list (ASN: 200373)	DDoS Attack Hacking Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-13 12:36:23 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.37.109 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.37.109 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 13 07:36:18.524501 2026] [security2:error] [pid 29436:tid 29436] [client 104.207.37.109:36851] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "raritymountainadventures.com"] [uri "/.svn/wc.db"] [unique_id "aWY8QuEbWfAAJJSK1hcFHAAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 HandyTreff.de	2026-01-06 05:34:57 (5 months ago)	Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -35.595 (Bad < -10 / Very Bad < -20 ... show more Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -35.595 (Bad < -10 / Very Bad < -20 / Extreme < -35) \| UA: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:114.0) Gecko/20100101 Firefox/114.0 show less	Bad Web Bot Web App Attack
🇯🇵 Valhalla	2025-12-31 20:54:00 (5 months ago)	/Startup/Register	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-12-31 18:36:05 (5 months ago)	(mod_security) mod_security (id:212750) triggered by 104.207.37.109 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:212750) triggered by 104.207.37.109 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 31 13:36:00.556418 2025] [security2:error] [pid 26258:tid 26258] [client 104.207.37.109:31973] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bon(?:abort\|blur\|change\|click\|dblclick\|dragdrop\|error\|focus\|keydown\|keypress\|keyup\|load\|mouse(?:down\|move\|out\|over\|up)\|move\|readystatechange\|reset\|resize\|select\|submit\|unload)\\\\b[^a-zA-Z0-9_]{0,}?=" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "69"] [id "212750"] [rev "3"] [msg "COMODO WAF: XSS Attack Detected\|\|desimon.com\|F\|2"] [data "Matched Data: onload= found within REQUEST_URI: /telerik.reportviewer.axd?optype=parameters&bgcolor=_000000\\x22onload=\\x22prompt(1)"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "desimon.com"] [uri "/Telerik.ReportViewer.axd"] [unique_id "aVVtEEvTHprXcHPmJUZM3gAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇯🇵 Valhalla	2025-12-31 18:15:59 (5 months ago)	/Telerik.ReportViewer.axd?optype=Parameters&bgColor=_000000%22onload=%22prompt(1)	Hacking Web App Attack
🇨🇭 Origon	2025-12-31 18:06:03 (5 months ago)	CVE-2019-18935 - IP: 104.207.37.109 - time="2025-12-31T19:06:02+01:00" level=info msg="(555f66b4f6a ... show more CVE-2019-18935 - IP: 104.207.37.109 - time="2025-12-31T19:06:02+01:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/CVE-2019-18935 by ip 104.207.37.109 (US/200373) : 4h ban on Ip 104.207.37.109" module=db show less	Web App Attack
Anonymous	2025-12-22 14:26:19 (6 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 11:49:54 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.37.109 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.37.109 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 06:49:45.356263 2025] [security2:error] [pid 14038:tid 14038] [client 104.207.37.109:24701] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.superlamb.com"] [uri "/.svn/wc.db"] [unique_id "aSbpWWIGTl1DgctCIC3uMAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 10:34:18 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.37.109 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.37.109 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 05:34:12.056557 2025] [security2:error] [pid 10720:tid 10720] [client 104.207.37.109:37887] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.ardecymusic.com"] [uri "/.svn/wc.db"] [unique_id "aSbXpMdwAb7jAZi4QLurzAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 01:33:49 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.37.109 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.37.109 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 20:33:45.940025 2025] [security2:error] [pid 15422:tid 15422] [client 104.207.37.109:51081] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.cruisedawgs.com"] [uri "/.git/HEAD"] [unique_id "aSZY-enSDBI4tINRPs-UawAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 01:13:09 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.37.109 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.37.109 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 20:13:03.961733 2025] [security2:error] [pid 18827:tid 18972] [client 104.207.37.109:56861] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.strikeunosports.com"] [uri "/.git/HEAD"] [unique_id "aSZUH8TvREaKfhuVq1p30QAAAZA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 00:38:14 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.37.109 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.37.109 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 19:38:07.177716 2025] [security2:error] [pid 10268:tid 10268] [client 104.207.37.109:12457] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.telesto.pe"] [uri "/.env"] [unique_id "aSZL7_wcdl9p1HkQE4OGagAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-13 23:16:23 (7 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack

Showing 1 to 15 of 146 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇿🇦 172.253.249.218

🇦🇹 159.100.24.27

🇳🇱 91.92.40.231

🇳🇱 91.92.40.7

🇺🇸 192.34.164.13

🇺🇸 188.213.202.105

🇧🇷 177.27.76.210

🇦🇷 167.250.118.12

🇨🇳 101.126.22.12

🇬🇧 87.106.65.126

🇱🇺 44.161.40.219

🇺🇸 43.135.135.17

🇮🇪 18.201.22.168

🇪🇸 185.18.197.53

🇨🇳 171.121.63.236

🇧🇷 138.121.37.185

🇨🇳 118.122.196.230

🇧🇩 113.11.34.221

🇺🇸 74.87.117.150

🇺🇸 44.60.197.152