JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.40.126

104.207.40.126 was found in our database!

This IP was reported 150 times. Confidence of Abuse is 21%: ?

21%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.40.126

Whois 104.207.40.126

IP Abuse Reports for 104.207.40.126:

This IP address has been reported a total of 150 times from 25 distinct sources. 104.207.40.126 was first reported on June 11th 2024, and the most recent report was 8 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Sklurk	2026-06-20 04:01:17 (8 hours ago)	Web App Attack	Web App Attack
🇬🇧 PeravixGroup	2026-05-22 11:37:08 (4 weeks ago)	Honeypot detection: Elasticsearch unauthorized access / data leak attempt on port 9200. Severity: ME ... show more Honeypot detection: Elasticsearch unauthorized access / data leak attempt on port 9200. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇨🇳 ThreatBook.io	2026-05-17 22:34:03 (1 month ago)	ThreatBook Intelligence: vpn_proxy,Gateway more details on https://threatbook.io/ip/104.207.40.126 2 ... show more ThreatBook Intelligence: vpn_proxy,Gateway more details on https://threatbook.io/ip/104.207.40.126 2026-05-17 10:54:59 / 2026-05-17 11:14:32 / 2026-05-17 11:18:45 / 2026-05-17 11:19:30 / show less	Web App Attack
🇪🇸 librebit	2026-05-17 04:58:05 (1 month ago)	Brute force	Brute-Force
🇨🇳 ThreatBook.io	2026-04-23 22:31:44 (1 month ago)	ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/104.207.40.126 2026-04-23 0 ... show more ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/104.207.40.126 2026-04-23 05:42:21 /video/index.php?c=search&catid=23%20and%20(select%201%20from%20(select%20count(),concat(md5(1),floor(rand(0)2))x%20from%20information_schema.tables%20group%20by%20x)a) show less	Web App Attack
🇺🇸 mnsf	2026-03-27 01:05:43 (2 months ago)	Scanning/Probing (23)	Brute-Force Web App Attack
🇨🇳 ThreatBook.io	2026-03-17 22:34:26 (3 months ago)	ThreatBook Intelligence: Zombie,vpn_proxy more details on https://threatbook.io/ip/104.207.40.126 20 ... show more ThreatBook Intelligence: Zombie,vpn_proxy more details on https://threatbook.io/ip/104.207.40.126 2026-03-17 03:29:53 / 2026-03-17 03:29:54 /?debug=command&expression=%23context%5b%22xwork.MethodAccessor.denyMethodExecution%22%5d%3dfalse%2c%23f%3d%23_memberAccess.getClass%28%29.getDeclaredField%28%22allowStaticMethodAccess%22%29%2c%23f.setAccessible%28true%29%2c%23f.set%28%23_memberAccess%2ctrue%29%2c%23a%[email protected]@getRuntime%28%29.exec%28%22netstat%20-an%22%29.getInputStream%28%29%2c%23b%3dnew%20java.io.InputStreamReader%28%23a%29%2c%23c%3dnew%20java.io.BufferedReader%28%23b%29%2c%23d%3dnew%20char%5b50000%5d%2c%23c.read%28%23d%29%2c%23genxor%3d%23context.get%28%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22%29.getWriter%28%29%2c%23genxor.println%28%23d%29%2c%23genxor.flush%28%29%2c%23genxor.close%28%29 show less	Web App Attack
🇩🇪 F242	2026-01-30 05:49:34 (4 months ago)	Wordpress Login or XMLRPC abuse	Web App Attack
🇪🇸 10dencehispahard SL	2026-01-23 07:30:54 (4 months ago)	Wordpress probing for vulnerabilities	Hacking Exploited Host
Anonymous	2026-01-18 16:57:00 (5 months ago)	botnet	DDoS Attack
🇺🇸 Starburst SysOp Team	2026-01-10 09:02:51 (5 months ago)	(mod_security-custom) mod_security (id:210492) triggered by 104.207.40.126 (US/United States/Virgini ... show more (mod_security-custom) mod_security (id:210492) triggered by 104.207.40.126 (US/United States/Virginia/Ashburn/-/[AS200373 DREI-K-TECH-GMBH]): 1 in the last 3600 secs (0-srv1) show less	Hacking
🇨🇭 ALPHANET	2025-12-30 10:50:06 (5 months ago)	web exploits	Hacking Exploited Host Web App Attack
Anonymous	2025-12-30 08:26:40 (5 months ago)	"GET /.git/HEAD HTTP/1.1"	Hacking Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-12-29 14:01:43 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-12-29 05:41:46 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.126 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.126 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 00:41:39.811372 2025] [security2:error] [pid 10004:tid 10004] [client 104.207.40.126:38097] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "zazuza.com"] [uri "/.svn/wc.db"] [unique_id "aVIUkyirLSMUeYyOmbqCygAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 150 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇬 79.124.40.126

🇵🇭 136.158.59.121

🇧🇷 131.100.242.102

🇨🇳 101.126.26.93

🇺🇸 2607:f8b0:400e:c1e::125

🇨🇱 200.89.69.247

🇪🇸 185.121.15.184

🇨🇭 104.244.79.40

🇮🇩 103.150.226.59

🇳🇱 85.11.167.11

🇦🇺 45.134.20.105

🇬🇧 35.203.211.151

🇬🇧 35.203.211.59

🇨🇳 114.254.1.141

🇳🇱 45.148.10.152

🇨🇦 20.151.217.82

🇩🇪 167.94.146.35

🇮🇳 103.181.110.153

🇿🇦 102.66.144.62

🇷🇴 80.94.92.166