JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 37.235.49.104

37.235.49.104 was found in our database!

This IP was reported 8 times. Confidence of Abuse is 30%: ?

30%

ISP	EDIS Infrastructure in Iceland
Usage Type	Data Center/Web Hosting/Transit
ASN	AS50613
Hostname(s)	104-49-235-37.static.edis.at
Domain Name	edis.at
Country	🇮🇸 Iceland
City	Hafnarfjordur, Capital Region

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 37.235.49.104

Whois 37.235.49.104

IP Abuse Reports for 37.235.49.104:

This IP address has been reported a total of 8 times from 5 distinct sources. 37.235.49.104 was first reported on May 14th 2026, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-05-31 14:18:53 (5 days ago)	(mod_security) mod_security (id:217210) triggered by 37.235.49.104 (104-49-235-37.static.edis.at): 1 ... show more (mod_security) mod_security (id:217210) triggered by 37.235.49.104 (104-49-235-37.static.edis.at): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 10:18:46.865755 2026] [security2:error] [pid 6947:tid 6947] [client 37.235.49.104:30684] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./](?::\\\\d+)?)?/[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S])?\|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?\|options \\\\)\\\\s+[\\\\w\\\\./]+\|get /[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line\|\|haverhillhouse.com:443\|F\|4"] [data "CONNECT haverhillhouse.com:443 HTTP/1.1"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "haverhillhouse.com"] [uri "/"] [unique_id "ahxDRo3av5aAXqNawLEOagAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-30 23:26:35 (5 days ago)	(mod_security) mod_security (id:217210) triggered by 37.235.49.104 (104-49-235-37.static.edis.at): 1 ... show more (mod_security) mod_security (id:217210) triggered by 37.235.49.104 (104-49-235-37.static.edis.at): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 30 19:26:30.572118 2026] [security2:error] [pid 28579:tid 28579] [client 37.235.49.104:35946] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./](?::\\\\d+)?)?/[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S])?\|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?\|options \\\\)\\\\s+[\\\\w\\\\./]+\|get /[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line\|\|bodiehistory.com:443\|F\|4"] [data "CONNECT bodiehistory.com:443 HTTP/1.1"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "bodiehistory.com"] [uri "/"] [unique_id "ahtyJo29ZLePs1rzh9o_igAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-05-30 01:51:13 (6 days ago)	37.235.49.104 - - [29/May/2026:17:41:44 -0600] "CONNECT dooce.com:443 HTTP/1.1" 400 150 "-" "-" 37.2 ... show more 37.235.49.104 - - [29/May/2026:17:41:44 -0600] "CONNECT dooce.com:443 HTTP/1.1" 400 150 "-" "-" 37.235.49.104 - - [29/May/2026:17:52:51 -0600] "CONNECT dooce.com:443 HTTP/1.1" 400 150 "-" "-" 37.235.49.104 - - [29/May/2026:18:37:45 -0600] "CONNECT dooce.com:443 HTTP/1.1" 400 150 "-" "-" 37.235.49.104 - - [29/May/2026:19:03:04 -0600] "CONNECT dooce.com:443 HTTP/1.1" 400 150 "-" "-" 37.235.49.104 - - [29/May/2026:19:51:13 -0600] "CONNECT dooce.com:443 HTTP/1.1" 400 150 "-" "-" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 04:22:15 (1 week ago)	(mod_security) mod_security (id:217210) triggered by 37.235.49.104 (104-49-235-37.static.edis.at): 1 ... show more (mod_security) mod_security (id:217210) triggered by 37.235.49.104 (104-49-235-37.static.edis.at): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 00:22:09.021313 2026] [security2:error] [pid 23886:tid 23942] [client 37.235.49.104:43554] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./](?::\\\\d+)?)?/[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S])?\|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?\|options \\\\)\\\\s+[\\\\w\\\\./]+\|get /[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line\|\|whatismetamodern.com:443\|F\|4"] [data "CONNECT whatismetamodern.com:443 HTTP/1.1"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "whatismetamodern.com"] [uri "/"] [unique_id "ahfC8TfXoUdn1LIp0MUwlAAAAVc"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 Origon	2026-05-28 03:43:48 (1 week ago)	http-open-proxy - IP: 37.235.49.104 - time="2026-05-28T05:43:48+02:00" level=info msg="(555f66b4f6a ... show more http-open-proxy - IP: 37.235.49.104 - time="2026-05-28T05:43:48+02:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-open-proxy by ip 37.235.49.104 (IS/50613) : 4h ban on Ip 37.235.49.104" module=db show less	Web App Attack
🇩🇪 Ivan Rezinkin	2026-05-25 12:22:17 (1 week ago)	DDoS attack against sub.cocooloco.ru (181.214.231.116) - L7 connection flood, observed sustained SYN ... show more DDoS attack against sub.cocooloco.ru (181.214.231.116) - L7 connection flood, observed sustained SYN traffic causing TCP listen-queue overflow. Auto-banned at 5/sec threshold via iptables hashlimit. Timestamp: 2026-05-25T12:21:02Z show less	DDoS Attack Email Spam
🇩🇪 ghostwarriors	2026-05-20 22:20:21 (2 weeks ago)	Webpage scraping	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-14 20:41:11 (3 weeks ago)	(mod_security) mod_security (id:217210) triggered by 37.235.49.104 (104-49-235-37.static.edis.at): 1 ... show more (mod_security) mod_security (id:217210) triggered by 37.235.49.104 (104-49-235-37.static.edis.at): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 14 16:41:05.743794 2026] [security2:error] [pid 17542:tid 17542] [client 37.235.49.104:15128] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./](?::\\\\d+)?)?/[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S])?\|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?\|options \\\\)\\\\s+[\\\\w\\\\./]+\|get /[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line\|\|bobfaw.com:443\|F\|4"] [data "CONNECT bobfaw.com:443 HTTP/1.1"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "bobfaw.com"] [uri "/"] [unique_id "agYzYYEmWftFLp9FSPaLZgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 8 of 8 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇬 198.55.106.49

🇧🇷 186.219.141.4

🇫🇮 147.185.133.241

🇺🇸 103.4.251.99

🇱🇹 81.30.98.158

🇺🇸 65.49.1.92

🇳🇱 45.142.193.171

🇳🇱 176.65.148.244

🇺🇸 164.90.151.212

🇩🇪 130.12.181.108

🇺🇸 76.183.36.73

🇧🇪 74.125.47.149

🇺🇸 66.93.5.219

🇧🇷 45.194.67.2

🇺🇸 44.205.224.35

🇬🇧 35.203.210.9

🇺🇸 20.29.47.111

🇧🇦 185.212.111.101

🇮🇳 128.185.254.162

🇭🇰 123.58.212.28