JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.22.24.194

104.22.24.194 was found in our database!

This IP was reported 22 times. Confidence of Abuse is 0%: ?

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇺🇸 United States of America
City	Atlanta, Georgia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Important Note: 104.22.24.194 is an IP address from within our whitelist belonging to the subnet 104.16.0.0/13, which we identify as: "Cloudflare Reverse Proxy".

Whitelisted netblocks are typically owned by trusted entities, such as Google or Microsoft who may use them for search engine spiders. However, these same entities sometimes also provide cloud servers and mail services which are easily abused. Pay special attention when trusting or distrusting these IPs.

Report 104.22.24.194

Whois 104.22.24.194

IP Abuse Reports for 104.22.24.194:

This IP address has been reported a total of 22 times from 9 distinct sources. 104.22.24.194 was first reported on December 11th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-20 11:13:29 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 104.22.24.194 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.22.24.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 07:13:21.663584 2026] [security2:error] [pid 20818:tid 20818] [client 104.22.24.194:9238] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cageliners.net"] [uri "/.env.backup"] [unique_id "ajZ10SFpSx2_IJiPjrjMfwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 06:35:29 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 104.22.24.194 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.22.24.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 02:35:23.531262 2026] [security2:error] [pid 4910:tid 4910] [client 104.22.24.194:14273] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "countrysideinnkingston.com"] [uri "/.env.local"] [unique_id "ajY0q4VSjxfmGogY0sF_jgAAAAc"], referer: https://www.google.com/search?q=countrysideinnkingston.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-17 05:06:04 (4 days ago)	Abuse Detected (3)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 11:53:13 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 104.22.24.194 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.22.24.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 07:53:06.929116 2026] [security2:error] [pid 15663:tid 15668] [client 104.22.24.194:11863] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thebiglies.us"] [uri "/.env.production"] [unique_id "ai6WIuVHV6cO72m6eJHS-QAAAAM"], referer: https://www.google.com/search?q=thebiglies.us show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 F242	2026-05-18 14:22:29 (1 month ago)	Wordpress soft lock	Web App Attack
🇨🇳 ThreatBook.io	2026-05-17 01:09:15 (1 month ago)	ThreatBook Intelligence: cdn more details on http://threatbook.io/ip/104.22.24.194 2026-05-16 19:16: ... show more ThreatBook Intelligence: cdn more details on http://threatbook.io/ip/104.22.24.194 2026-05-16 19:16:20 / show less	Web App Attack
🇺🇸 TPI-Abuse	2026-05-09 16:27:53 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 104.22.24.194 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.22.24.194 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 09 12:27:47.849959 2026] [security2:error] [pid 29749:tid 29749] [client 104.22.24.194:10606] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "enriquejezik.com"] [uri "/.git/config"] [unique_id "af9ggyh7xlPoqTwF_NyCNAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 chrisj	2026-05-08 16:46:52 (1 month ago)	[Fri May 08 16:46:52.365455 2026] [proxy_fcgi:error] [pid 202462:tid 202462] [client 104.22.24.194:9 ... show more [Fri May 08 16:46:52.365455 2026] [proxy_fcgi:error] [pid 202462:tid 202462] [client 104.22.24.194:9588] AH01071: Got error 'Primary script unknown' [Fri May 08 16:46:52.397733 2026] [proxy_fcgi:error] [pid 202462:tid 202462] [client 104.22.24.194:9588] AH01071: Got error 'Primary script unknown' [Fri May 08 16:46:52.432621 2026] [proxy_fcgi:error] [pid 202462:tid 202462] [client 104.22.24.194:9588] AH01071: Got error 'Primary script unknown' ... show less	Brute-Force
🇺🇸 chrisj	2026-04-15 22:25:49 (2 months ago)	[Wed Apr 15 22:25:48.593095 2026] [proxy_fcgi:error] [pid 228646:tid 228646] [client 104.22.24.194:1 ... show more [Wed Apr 15 22:25:48.593095 2026] [proxy_fcgi:error] [pid 228646:tid 228646] [client 104.22.24.194:10139] AH01071: Got error 'Primary script unknown' [Wed Apr 15 22:25:48.804854 2026] [proxy_fcgi:error] [pid 228646:tid 228646] [client 104.22.24.194:10139] AH01071: Got error 'Primary script unknown' [Wed Apr 15 22:25:49.019211 2026] [proxy_fcgi:error] [pid 228646:tid 228646] [client 104.22.24.194:10139] AH01071: Got error 'Primary script unknown' ... show less	Brute-Force
🇺🇸 chrisj	2026-04-14 23:38:18 (2 months ago)	[Tue Apr 14 23:38:17.450568 2026] [proxy_fcgi:error] [pid 205377:tid 205377] [client 104.22.24.194:1 ... show more [Tue Apr 14 23:38:17.450568 2026] [proxy_fcgi:error] [pid 205377:tid 205377] [client 104.22.24.194:13660] AH01071: Got error 'Primary script unknown' [Tue Apr 14 23:38:17.902151 2026] [proxy_fcgi:error] [pid 205377:tid 205377] [client 104.22.24.194:13660] AH01071: Got error 'Primary script unknown' [Tue Apr 14 23:38:18.142928 2026] [proxy_fcgi:error] [pid 205377:tid 205377] [client 104.22.24.194:13660] AH01071: Got error 'Primary script unknown' ... show less	Brute-Force
🇩🇪 acadeova	2026-04-11 18:17:40 (2 months ago)	🚨 Recon detected (nft drop) SRC=104.22.24.194 Observed=TCP dpt=80 in=enp0s6 ttl=56 Time=recent(journ ... show more 🚨 Recon detected (nft drop) SRC=104.22.24.194 Observed=TCP dpt=80 in=enp0s6 ttl=56 Time=recent(journalctl: 10 minutes ago) Assessment=Generic scanning / reconnaissance (PORT_SCAN) show less	Port Scan
🇺🇸 myagent.site	2026-04-06 04:35:07 (2 months ago)	Blocking for trying to access an exploit file: /private/.env	Hacking
🇺🇸 myagent.site	2026-03-20 21:35:20 (3 months ago)	Blocking for trying to access an exploit file: /.env.dev	Hacking
🇺🇸 myagent.site	2026-03-20 05:04:38 (3 months ago)	Blocking for trying to access an exploit file: /.env.local.backup	Hacking
🇺🇸 chrisj	2026-03-11 02:30:22 (3 months ago)	[Wed Mar 11 02:30:21.075661 2026] [proxy_fcgi:error] [pid 1328008:tid 1328008] [client 104.22.24.194 ... show more [Wed Mar 11 02:30:21.075661 2026] [proxy_fcgi:error] [pid 1328008:tid 1328008] [client 104.22.24.194:12577] AH01071: Got error 'Primary script unknown' [Wed Mar 11 02:30:21.324035 2026] [proxy_fcgi:error] [pid 1328008:tid 1328008] [client 104.22.24.194:12577] AH01071: Got error 'Primary script unknown' [Wed Mar 11 02:30:22.066824 2026] [proxy_fcgi:error] [pid 1328008:tid 1328008] [client 104.22.24.194:12577] AH01071: Got error 'Primary script unknown' ... show less	Brute-Force

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇬 185.151.146.206

🇯🇵 168.138.213.115

🇳🇱 91.92.40.13

🇳🇱 91.92.40.4

🇳🇱 57.153.174.154

🇳🇱 45.128.199.96

🇺🇸 44.33.52.134

🇺🇸 18.97.26.106

🇧🇪 198.235.24.181

🇹🇼 198.235.24.94

🇳🇱 192.144.91.177

🇲🇽 187.192.86.153

🇨🇳 59.63.163.2

🇨🇦 54.39.89.116

🇮🇳 49.205.147.49

🇨🇳 49.84.226.110

🇳🇱 45.128.199.197

🇳🇱 45.128.199.97

🇺🇸 44.31.168.101

🇨🇳 14.103.114.196