JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.40.221

104.207.40.221 was found in our database!

This IP was reported 141 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.40.221

Whois 104.207.40.221

IP Abuse Reports for 104.207.40.221:

This IP address has been reported a total of 141 times from 22 distinct sources. 104.207.40.221 was first reported on June 8th 2024, and the most recent report was 3 months ago.

Old Reports: The most recent abuse report for this IP address is from 3 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 tilellit.pro	2026-02-16 03:50:56 (3 months ago)	Fail2Ban banned 104.207.40.221 for security violations in jail wp-armour. Log: 2026/02/16 03:50:55 [ ... show more Fail2Ban banned 104.207.40.221 for security violations in jail wp-armour. Log: 2026/02/16 03:50:55 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 104.207.40.221 \| Target: wplogin" , client: 104.207.40.221, server: [REDACTED], request: "POST /wp-login.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED], referrer: "https://comerciogallego.es/wp-login.php" ... show less	Web Spam
🇫🇷 mrcrassi	2026-02-03 11:22:24 (4 months ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (POST meth ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (POST method) Endpoint: /wp-login.php UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇦🇺 oncord	2026-01-21 12:37:08 (4 months ago)	Form spam	Web Spam
🇺🇸 fbarela	2026-01-02 11:00:20 (5 months ago)	FortiGate SSL VPN login failures.	Hacking Brute-Force
🇩🇪 iNetWorker	2025-12-30 11:46:39 (5 months ago)	trolling for resource vulnerabilities	Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 08:23:20 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.221 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 03:23:15.213591 2025] [security2:error] [pid 28029:tid 28029] [client 104.207.40.221:22363] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "energycapitalinvestments.com"] [uri "/.env"] [unique_id "aVI6cxR1lfrFxoZ1_XaCIwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 06:49:31 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.221 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 01:49:25.192105 2025] [security2:error] [pid 2644682:tid 2644710] [client 104.207.40.221:58479] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tonysergio.com"] [uri "/.git/HEAD"] [unique_id "aVIkdYbE9pXjh74wbNaJYAAAAJg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 05:37:32 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.221 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 00:37:27.052916 2025] [security2:error] [pid 16742:tid 16742] [client 104.207.40.221:34091] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sylversheers.com"] [uri "/.git/HEAD"] [unique_id "aVITl_YCUrMa1ONE1YamKwAAAC8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 03:24:14 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.221 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 22:24:08.650620 2025] [security2:error] [pid 27349:tid 27349] [client 104.207.40.221:57391] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "agirlwithaguitar.com"] [uri "/.svn/wc.db"] [unique_id "aVH0WBzSPdX3tVoTKOUagQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-12-12 16:09:07 (5 months ago)	botnet	DDoS Attack
🇺🇸 TPI-Abuse	2025-11-27 21:36:07 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.221 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 27 16:35:59.511637 2025] [security2:error] [pid 643134:tid 643134] [client 104.207.40.221:56411] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fiasdesigns.com"] [uri "/.git/HEAD"] [unique_id "aSjEPx6CvsNolC25xCu_LgAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-27 21:13:21 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.221 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 27 16:13:17.490350 2025] [security2:error] [pid 22400:tid 22400] [client 104.207.40.221:35125] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dvdmasters.com"] [uri "/.git/HEAD"] [unique_id "aSi-7ZIQLBVGU94jhPwAOAAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 07:16:26 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.221 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 02:16:19.382970 2025] [security2:error] [pid 17177:tid 17177] [client 104.207.40.221:49111] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.natursac.com"] [uri "/.svn/wc.db"] [unique_id "aSVXw12lp9QoKuVXdVjOyAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 05:54:26 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.221 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 00:54:23.560516 2025] [security2:error] [pid 25296:tid 25296] [client 104.207.40.221:36077] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "embossednapkins.com"] [uri "/.env"] [unique_id "aSVEjyizYcrYuypUJ6_5wgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-14 03:12:25 (6 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack

Showing 1 to 15 of 141 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇭🇰 199.45.154.115

🇰🇷 112.216.129.27

🇵🇭 27.110.166.67

🇲🇽 177.246.33.188

🇫🇷 173.249.0.223

🇮🇹 151.95.211.132

🇺🇸 143.198.117.94

🇸🇬 134.185.85.99

🇭🇰 103.243.24.124

🇬🇧 35.203.211.215

🇩🇪 213.209.159.56

🇧🇷 205.210.31.226

🇧🇷 201.77.124.248

🇺🇸 192.142.2.40

🇬🇧 185.127.71.147

🇺🇸 172.202.117.217

🇺🇸 167.99.60.61

🇮🇳 103.21.79.242

🇩🇪 94.156.232.116

🇺🇸 66.132.172.224