JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.40.173

104.207.40.173 was found in our database!

This IP was reported 146 times. Confidence of Abuse is 13%: ?

13%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.40.173

Whois 104.207.40.173

IP Abuse Reports for 104.207.40.173:

This IP address has been reported a total of 146 times from 18 distinct sources. 104.207.40.173 was first reported on June 18th 2024, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-05-18 22:00:48 (3 weeks ago)	Auto-ban: >3000 req/min op 2026-05-18	Web App Attack SSH Hacking
🇩🇪 pigro	2026-05-05 12:47:45 (1 month ago)	104.207.40.173 - - [05/May/2026:14:47:45 +0200] "GET /umd/sodo-search.min.js HTTP/1.1" 301 5 "-" "Mo ... show more 104.207.40.173 - - [05/May/2026:14:47:45 +0200] "GET /umd/sodo-search.min.js HTTP/1.1" 301 5 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser; Avant Browser; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)" 104.207.40.173 - - [05/May/2026:14:47:45 +0200] "GET /umd/portal.min.js HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Linux; Android 5.1.1; KYF39 Build/100.0.2039; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/55.0.2883.91 Mobile Safari/537.36" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-05-01 18:18:23 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.173 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 01 14:18:18.020848 2026] [security2:error] [pid 13640:tid 13640] [client 104.207.40.173:28049] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.furballaudio.com"] [uri "/.env"] [unique_id "afTuauMdwcobWElf_DiaawAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-03-03 12:34:51 (3 months ago)	Forum/form spam	Web Spam
🇦🇺 oncord	2026-02-27 21:28:11 (3 months ago)	Form spam	Web Spam
🇺🇸 TPI-Abuse	2026-02-15 11:50:05 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.173 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 06:49:57.871646 2026] [security2:error] [pid 18466:tid 18466] [client 104.207.40.173:54245] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "paintedoverwhite.com"] [uri "/.env"] [unique_id "aZGy5b8zXCtih3e3C7HZQgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 11:19:27 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.173 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 06:19:20.855666 2026] [security2:error] [pid 26031:tid 26031] [client 104.207.40.173:35239] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sellingcarshandbook.org"] [uri "/config/.env"] [unique_id "aZGruE9ALFZqwSW5_wkvpgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 07:04:07 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.173 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 02:04:02.194309 2026] [security2:error] [pid 970136:tid 970136] [client 104.207.40.173:54137] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "origenial.com"] [uri "/app/.git/config"] [unique_id "aZFv4uOxNSSyTX0eeHPPKQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2026-02-15 06:29:13 (3 months ago)	Blocking for trying to access an exploit file: /.env.local	Hacking
🇩🇪 Bedios GmbH	2026-02-15 06:13:01 (3 months ago)	Login credentials theft attempt	Hacking
🇺🇸 mnsf	2026-02-15 06:07:35 (3 months ago)	Scanning/Probing (25)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 04:48:36 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.173 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 23:48:31.851588 2026] [security2:error] [pid 9723:tid 9723] [client 104.207.40.173:50089] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sanvicentedelraspeig.com"] [uri "/.env.staging"] [unique_id "aZFQHy5RygejMSM5flyh0AAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 04:22:38 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.173 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 23:22:33.096197 2026] [security2:error] [pid 25243:tid 25243] [client 104.207.40.173:9363] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "san-marino-boat-registration.com"] [uri "/.git/config"] [unique_id "aZFKCQPgyOIv_Y-PNW-EgwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 03:21:46 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.173 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 22:21:41.462512 2026] [security2:error] [pid 28910:tid 28910] [client 104.207.40.173:64901] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "polydorou.eu"] [uri "/new/.git/config"] [unique_id "aZE7xe-HE81V1WYDbEYnZgAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 02:15:57 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.173 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 14 21:15:51.126123 2026] [security2:error] [pid 23287:tid 23335] [client 104.207.40.173:33935] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "newports.net"] [uri "/dev/.git/config"] [unique_id "aZEsV46jtjP5LgwlR2nOrQAAAc4"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 146 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇦 66.85.30.4

🇨🇳 220.243.133.81

🇮🇳 203.192.232.180

🇭🇰 199.45.155.68

🇺🇸 165.154.254.11

🇪🇪 158.173.75.194

🇺🇸 34.135.200.178

🇮🇹 31.3.182.38

🇷🇴 2.57.122.238

🇩🇪 141.11.107.166

🇭🇰 113.28.86.1

🇰🇷 112.167.99.220

🇹🇼 34.80.76.54

🇱🇧 213.204.107.89

🇧🇴 200.105.172.184

🇳🇬 196.1.187.122

🇧🇷 131.196.87.72

🇻🇳 118.70.182.193

🇰🇷 112.216.129.27

🇫🇷 84.247.129.208