JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.40.121

104.207.40.121 was found in our database!

This IP was reported 137 times. Confidence of Abuse is 2%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.40.121

Whois 104.207.40.121

IP Abuse Reports for 104.207.40.121:

This IP address has been reported a total of 137 times from 18 distinct sources. 104.207.40.121 was first reported on June 5th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 raph	2026-05-29 08:42:51 (1 week ago)	[Wordpress] crawler /wp-admin/, /wp-content/, etc.	Bad Web Bot Web App Attack
🇦🇺 RedBear IT	2026-03-26 10:00:37 (2 months ago)	"DDoS against public endpoint"	DDoS Attack
🇺🇸 windowsforum	2026-03-16 18:34:33 (2 months ago)	Spam bot registration: triggers=timing, js_challenge, inv_honeypot, pow_fail, username=Efrain6434	Web Spam Bad Web Bot
🇺🇸 TPI-Abuse	2025-11-26 09:25:32 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.121 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 04:25:28.324991 2025] [security2:error] [pid 28567:tid 28567] [client 104.207.40.121:41001] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.veneye.com"] [uri "/.env"] [unique_id "aSbHiKIZ9UxUd71GN3ZA-QAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 05:31:09 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.121 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 00:31:02.655717 2025] [security2:error] [pid 18695:tid 18695] [client 104.207.40.121:41569] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.my1611.com"] [uri "/.git/HEAD"] [unique_id "aSaQlnIHsOomzV62bvF1uQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 06:01:53 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.121 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 01:01:39.659404 2025] [security2:error] [pid 13756:tid 13837] [client 104.207.40.121:57393] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.alexlogic.com"] [uri "/.svn/wc.db"] [unique_id "aSVGQy2vRx1ksuNuFaHNWgAAAMo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 04:11:38 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.121 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 23:11:30.477807 2025] [security2:error] [pid 32566:tid 32566] [client 104.207.40.121:33409] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.businesscriticalthinking.com"] [uri "/.git/HEAD"] [unique_id "aSUschDbkDOaTUpdA1uRmgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 00:21:32 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.121 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 19:21:26.253795 2025] [security2:error] [pid 17794:tid 17794] [client 104.207.40.121:14753] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.pocosfarm.com"] [uri "/.env"] [unique_id "aST2hr9VNPjx_xC9kWyxSgAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 04:31:08 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.121 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:31:01.060719 2025] [security2:error] [pid 9316:tid 9316] [client 104.207.40.121:55461] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.germanflatts.mohawk-ny.org"] [uri "/.env"] [unique_id "aSPfhRsDsu4oX7QsgK774gAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 as211431.net	2025-11-05 16:37:31 (7 months ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: /user/register/ UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇵🇱 sefinek.net	2025-10-27 18:49:05 (7 months ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: / UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 OPR/89.0.4447.51 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
Anonymous	2025-10-18 05:11:53 (7 months ago)	Attempted brute force login to web vpn 2 time(s); last attempt for 2025.10.18 is noted in report tim ... show more Attempted brute force login to web vpn 2 time(s); last attempt for 2025.10.18 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-10-17 20:17:07 (7 months ago)	Attempted brute force login to web vpn 1 time(s); last attempt for 2025.10.17 is noted in report tim ... show more Attempted brute force login to web vpn 1 time(s); last attempt for 2025.10.17 is noted in report timestamp show less	Hacking Brute-Force
🇨🇦 wil.com	2025-10-15 13:39:38 (7 months ago)	GlobalProtect login attempts with user ggagliardi.	VPN IP Brute-Force
🇳🇱 GabrielJST	2025-10-13 14:38:48 (7 months ago)	Port Scan detected from 104.207.40.121 (US/United States/-).	Port Scan

Showing 1 to 15 of 137 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 211.252.42.171

🇬🇧 188.240.59.41

🇮🇹 172.253.12.221

🇧🇩 103.213.238.91

🇺🇸 40.77.167.76

🇨🇴 190.145.140.190

🇺🇸 138.68.243.18

🇭🇰 101.36.122.129

🇷🇴 92.118.39.236

🇳🇱 45.148.10.152

🇸🇳 41.82.50.218

🇺🇸 40.77.167.73

🇺🇸 40.77.167.72

🇬🇧 31.14.254.80

🇨🇳 222.212.83.51

🇩🇪 209.50.182.111

🇧🇷 205.210.31.231

🇺🇸 47.230.46.189

🇺🇸 40.77.167.67

🇺🇸 40.77.167.55