JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 64.105.88.36

64.105.88.36 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 53%: ?

53%

ISP	GTT Americas, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Hostname(s)	h-64-105-88-36.snva.ca.globalcapacity.com
Domain Name	gtt.net
Country	🇳🇿 New Zealand
City	Auckland, Auckland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 64.105.88.36

Whois 64.105.88.36

IP Abuse Reports for 64.105.88.36:

This IP address has been reported a total of 21 times from 8 distinct sources. 64.105.88.36 was first reported on June 25th 2026, and the most recent report was 11 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 openstrike.co.uk	2026-06-30 05:14:31 (11 hours ago)	2 attacks on password grabbing URLs: GET /.vscode/sftp.json HTTP/1.1	Hacking
🇺🇸 TPI-Abuse	2026-06-30 02:47:22 (14 hours ago)	(mod_security) mod_security (id:210492) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapa ... show more (mod_security) mod_security (id:210492) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapacity.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 22:47:15.104646 2026] [security2:error] [pid 11752:tid 11774] [client 64.105.88.36:63064] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "darrylrichards.com"] [uri "/sftp-config.json"] [unique_id "akMuM4dyoty2gPM1ZlI-zAAAANQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-30 01:40:39 (15 hours ago)	(mod_security) mod_security (id:210492) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapa ... show more (mod_security) mod_security (id:210492) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapacity.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 21:40:36.424108 2026] [security2:error] [pid 24748:tid 24748] [client 64.105.88.36:10840] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "darlinghernandez.com"] [uri "/sftp-config.json"] [unique_id "akMelErZb5WC8XI0-JWKegAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mccsoft.io	2026-06-29 15:01:58 (1 day ago)	Web application attack / vulnerability scanning against our public nginx web server (TCP 80/443). So ... show more Web application attack / vulnerability scanning against our public nginx web server (TCP 80/443). Source matched a blocked-path security rule (jail nginx-444); server returned HTTP 444 (connection closed without response). TCP three-way handshake completed (full HTTP request received). show less	Bad Web Bot Web App Attack
🇩🇪 4server	2026-06-29 10:47:44 (1 day ago)	[MonJun2912:47:37.9668102026][security2:error][pid2864568:tid2864698][client64.105.88.36:0]ModSecuri ... show more [MonJun2912:47:37.9668102026][security2:error][pid2864568:tid2864698][client64.105.88.36:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\\\\\\\\.vscode/\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"1189\"][id\"350593\"][rev\"1\"][msg\"Atomicorp.comWAFRules:AttackBlocked-Dataleakage-attempttoaccessstoredvscodepasswords\"][severity\"CRITICAL\"][hostname\"danielasilvia.ch\"][uri\"/.vscode/sftp.json\"][unique_id\"akJNSb5NWxClIj9FLFZ7kQAAAQ4\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-29 09:56:28 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapa ... show more (mod_security) mod_security (id:210492) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapacity.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 05:56:24.114765 2026] [security2:error] [pid 14746:tid 14746] [client 64.105.88.36:44492] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "danialias.com"] [uri "/sftp-config.json"] [unique_id "akJBSIBl_9cTKT3Dz2xdLwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-29 07:34:04 (1 day ago)	(mod_security) mod_security (id:949110) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapa ... show more (mod_security) mod_security (id:949110) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapacity.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 03:34:00.171712 2026] [security2:error] [pid 11408:tid 11408] [client 64.105.88.36:29178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "danchujkoassoc.com"] [uri "/sftp-config.json"] [unique_id "akIf6PsUfu_oOiEibF65NwAAADw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 22:03:39 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapa ... show more (mod_security) mod_security (id:210492) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapacity.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 18:03:31.324820 2026] [security2:error] [pid 29892:tid 29892] [client 64.105.88.36:15116] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "daisydoesoap.com"] [uri "/sftp-config.json"] [unique_id "akGaMwfcP_BvfbZeeHyY-gAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 FeG Deutschland	2026-06-28 17:41:23 (1 day ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇮🇩 Burayot	2026-06-28 11:54:05 (2 days ago)	LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 64.105.88.36 (NZ/New Zealand/h-64-10 ... show more LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 64.105.88.36 (NZ/New Zealand/h-64-105-88-36.snva.ca.globalcapacity.com): 1 in the last 3600 secs show less	Web App Attack
🇨🇭 4server	2026-06-27 22:31:03 (2 days ago)	[SunJun2800:30:56.8513782026][security2:error][pid3067140:tid3067142][client64.105.88.36:0]ModSecuri ... show more [SunJun2800:30:56.8513782026][security2:error][pid3067140:tid3067142][client64.105.88.36:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"cybertelgroup.com\"][uri\"/sftp-config.json\"][unique_id\"akBPIFn4Csl6f6EEXXR2PAAAAAA\"] show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-27 12:15:32 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapa ... show more (mod_security) mod_security (id:210492) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapacity.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 08:15:26.879801 2026] [security2:error] [pid 22471:tid 22471] [client 64.105.88.36:30230] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "custominktees.us"] [uri "/sftp-config.json"] [unique_id "aj--3ivn3TMzaPGEP4NDlgAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-27 02:51:21 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapa ... show more (mod_security) mod_security (id:210492) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapacity.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 22:51:13.332716 2026] [security2:error] [pid 13981:tid 13981] [client 64.105.88.36:8402] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.cubbylure.com"] [uri "/sftp-config.json"] [unique_id "aj86oVZZgvxeA9vhLV7iSAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-27 01:47:02 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapa ... show more (mod_security) mod_security (id:210492) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapacity.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 21:46:56.183030 2026] [security2:error] [pid 31161:tid 31161] [client 64.105.88.36:44326] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.ctrussell.us"] [uri "/ctrussell.html/sftp-config.json"] [unique_id "aj8rkNXKDv1x-UwoR6aTUwAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 CrystalMaker	2026-06-26 20:15:08 (3 days ago)	Vulnerability scan - GET /sftp-config.json	Hacking

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 188.166.68.252

🇸🇪 170.168.241.113

🇰🇷 125.142.37.91

🇸🇬 119.28.101.155

🇷🇴 80.94.95.43

🇧🇪 35.190.215.72

🇨🇳 218.13.26.42

🇺🇸 165.154.182.92

🇮🇩 163.7.9.55

🇨🇳 106.63.26.156

🇸🇬 47.84.86.191

🇹🇭 45.194.70.253

🇸🇬 43.156.212.86

🇲🇦 41.141.183.125

🇵🇰 39.55.131.43

🇬🇧 2.57.17.91

🇳🇱 178.16.54.226

🇺🇸 154.217.253.190

🇮🇳 106.192.188.88

🇸🇬 101.47.158.56