JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.40.231

104.207.40.231 was found in our database!

This IP was reported 143 times. Confidence of Abuse is 3%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.40.231

Whois 104.207.40.231

IP Abuse Reports for 104.207.40.231:

This IP address has been reported a total of 143 times from 15 distinct sources. 104.207.40.231 was first reported on June 4th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 Epimetheus	2026-05-30 15:17:12 (1 week ago)	Unauthorized access attempts: [GET] /wp-sitemap.xml UA: Mozilla/5.0	Web App Attack
🇵🇱 sefinek.net	2026-04-02 21:56:27 (2 months ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action: MANAGED_CHALLENGE \| Protocol: HTTP/1.1 (G ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action: MANAGED_CHALLENGE \| Protocol: HTTP/1.1 (GET) \| Endpoint: /tools/ip-checker \| UA: Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 • Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇩🇪 HandyTreff.de	2026-03-28 17:19:11 (2 months ago)	Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -50.149 (Bad < -10 / Very Bad < -20 ... show more Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -50.149 (Bad < -10 / Very Bad < -20 / Extreme < -35) \| UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 show less	Web App Attack Bad Web Bot
🇺🇸 TPI-Abuse	2026-02-12 06:23:50 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.231 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.231 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 01:23:44.607464 2026] [security2:error] [pid 473:tid 473] [client 104.207.40.231:25073] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "artspacecleveland.com"] [uri "/backend/.env"] [unique_id "aY1x8CYuIkiUZ6VxRBxchwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 jjnxpct	2026-02-11 04:53:23 (3 months ago)	Automated security incident from hosting server. ModSecurity blocked suspicious request targeting UR ... show more Automated security incident from hosting server. ModSecurity blocked suspicious request targeting URI: /backend/.env (Rule ID: 930130) - Restricted File Access Attempt [Suspicious: .env found within REQUEST_FILENAME: /backend/.env] show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-02-10 00:34:34 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.231 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.231 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 19:34:24.638975 2026] [security2:error] [pid 21373:tid 21373] [client 104.207.40.231:53133] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kevinfranz.com"] [uri "/backend/.env"] [unique_id "aYp9ENzNIExHqWk4WO_GUAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 22:47:50 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.231 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.231 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 17:47:45.342834 2026] [security2:error] [pid 3856:tid 3856] [client 104.207.40.231:29519] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "houstoun.me"] [uri "/.env.staging"] [unique_id "aYpkEbTPugGorw8pEcffSQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-09 22:14:11 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.231 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.231 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 17:14:04.762183 2026] [security2:error] [pid 16852:tid 16852] [client 104.207.40.231:16939] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hotglassgallery.com"] [uri "/admin/.env"] [unique_id "aYpcLMmoUBfDDdTvtr9yBgAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-12-31 00:58:25 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-12-09 06:16:31 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.231 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.231 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 09 01:16:24.347502 2025] [security2:error] [pid 9742:tid 9742] [client 104.207.40.231:43837] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lamporix.com"] [uri "/.env"] [unique_id "aTe-uDsaXIL4NcuEFeG9ngAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-07 15:45:23 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.231 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.231 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 10:45:15.994636 2025] [security2:error] [pid 10505:tid 10505] [client 104.207.40.231:51931] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "xirin.org"] [uri "/.svn/wc.db"] [unique_id "aTWhC3HNrZ5arJc9ACYASQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2025-12-06 23:01:21 (5 months ago)	Auto-ban: >3000 req/min op 2025-12-06	Hacking Web App Attack SSH
🇺🇸 TPI-Abuse	2025-12-05 14:59:06 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.231 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.231 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 09:59:02.340999 2025] [security2:error] [pid 4400:tid 4406] [client 104.207.40.231:60435] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "oldestgunclub.com"] [uri "/.git/HEAD"] [unique_id "aTLzNvZZra6JoAZ8eRloFgAAAIQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 12:34:00 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.231 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.231 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 07:33:55.163733 2025] [security2:error] [pid 8324:tid 8324] [client 104.207.40.231:57269] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "theyoungstrategist.com"] [uri "/.git/HEAD"] [unique_id "aTLRM-ZMX3Z27u5jqw8W4AAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-05 11:45:13 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.231 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.231 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 05 06:45:05.591837 2025] [security2:error] [pid 19215:tid 19215] [client 104.207.40.231:39797] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "joepaladino.com"] [uri "/.svn/wc.db"] [unique_id "aTLFwdXOs4nx6wb7hfFSmwAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 143 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 194.50.235.135

🇩🇪 185.244.40.213

🇫🇮 74.125.74.25

🇺🇸 65.49.1.120

🇬🇧 31.14.254.46

🇨🇷 201.207.239.236

🇸🇦 154.205.134.214

🇫🇮 147.185.133.191

🇬🇧 31.14.254.32

🇬🇧 5.226.140.9

🇦🇲 5.77.202.208

🇨🇳 222.138.150.61

🇨🇳 123.160.175.168

🇻🇳 113.172.138.183

🇭🇰 101.36.112.103

🇫🇷 85.217.140.46

🇺🇸 72.240.125.133

🇷🇴 2.57.121.25

🇩🇪 213.209.159.241

🇺🇸 185.92.182.129