JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.40.234

104.207.40.234 was found in our database!

This IP was reported 153 times. Confidence of Abuse is 8%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.40.234

Whois 104.207.40.234

IP Abuse Reports for 104.207.40.234:

This IP address has been reported a total of 153 times from 20 distinct sources. 104.207.40.234 was first reported on June 11th 2024, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 masterguru	2026-05-12 11:54:37 (1 month ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.40.234 (US/United States/-): 1 in the ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.40.234 (US/United States/-): 1 in the last 3600 secs (0-193) show less	Hacking
🇫🇷 masterguru	2026-05-01 10:41:20 (1 month ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.40.234 (US/United States/-): 1 in the ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.40.234 (US/United States/-): 1 in the last 3600 secs (0-195) show less	Hacking
🇫🇷 masterguru	2026-04-26 17:44:53 (1 month ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.40.234 (US/United States/-): 1 in the ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.40.234 (US/United States/-): 1 in the last 3600 secs (0-197) show less	Hacking
🇫🇷 solution.it	2026-04-25 19:55:11 (1 month ago)	[Sat Apr 25 21:55:11.070280 2026] [php7:error] [pid 2523751:tid 2523751] [client 104.207.40.234:4816 ... show more [Sat Apr 25 21:55:11.070280 2026] [php7:error] [pid 2523751:tid 2523751] [client 104.207.40.234:48165] script '/var/www/html/blog.solution.it/wp-login.php' not found or unable to stat show less	Web App Attack
🇺🇸 TPI-Abuse	2026-03-05 08:15:47 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.234 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.234 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 05 03:15:39.123587 2026] [security2:error] [pid 2915:tid 2930] [client 104.207.40.234:27705] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.howardhallis.com"] [uri "/.git/objects/c7/eef3b7d890287c69a61011150b5612a23ac1bc"] [unique_id "aak7q2bdh7c6FWT9QFVN1AAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-22 18:12:00 (3 months ago)	(mod_security) mod_security (id:225170) triggered by 104.207.40.234 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 104.207.40.234 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 22 13:11:53.494236 2026] [security2:error] [pid 18209:tid 18209] [client 104.207.40.234:24387] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|marveldirectory.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "marveldirectory.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aZtG6R6kIyLuKI1brafMeAAAABs"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-19 21:03:24 (3 months ago)	(mod_security) mod_security (id:225170) triggered by 104.207.40.234 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 104.207.40.234 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 19 16:03:19.210722 2026] [security2:error] [pid 523:tid 523] [client 104.207.40.234:29897] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|herrell.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "herrell.net"] [uri "/wp-json/wp/v2/users"] [unique_id "aZd6l7fKY0T_xnw1KeZj_gAAAAQ"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 02:40:14 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.234 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.234 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 17 21:40:10.306404 2026] [security2:error] [pid 6249:tid 6249] [client 104.207.40.234:53589] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "representacionesthompson.com"] [uri "/api/.env"] [unique_id "aZUmig49E6UsnmcP0AjHxAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 VHosting	2026-01-03 05:20:05 (5 months ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-12-31 01:00:54 (5 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
Anonymous	2025-12-09 15:35:03 (6 months ago)	botnet	DDoS Attack
🇺🇸 TPI-Abuse	2025-11-24 07:58:05 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.234 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.234 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 02:57:53.247260 2025] [security2:error] [pid 1573:tid 1573] [client 104.207.40.234:54275] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.c470techarchive.net"] [uri "/.git/HEAD"] [unique_id "aSQQAV_vkdSPrhEk7ePEkgAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 04:33:07 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.234 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.234 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 23:33:00.714691 2025] [security2:error] [pid 17214:tid 17214] [client 104.207.40.234:25561] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.qovintheloop.org"] [uri "/.svn/wc.db"] [unique_id "aSPf_JnxeJdMxFz_cjo0YAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-14 15:09:11 (6 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
Anonymous	2025-11-01 14:39:58 (7 months ago)	Attempted brute force login to web vpn 1 time(s); last attempt for 2025.11.01 is noted in report tim ... show more Attempted brute force login to web vpn 1 time(s); last attempt for 2025.11.01 is noted in report timestamp show less	Hacking Brute-Force

Showing 1 to 15 of 153 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇭🇰 220.241.80.45

🇵🇱 194.180.49.220

🇲🇾 49.124.159.192

🇳🇱 45.148.10.147

🇫🇷 45.128.134.195

🇺🇸 162.216.150.57

🇺🇸 66.132.172.246

🇹🇷 5.47.158.139

🇰🇷 211.40.167.121

🇨🇳 124.223.111.30

🇮🇳 122.177.247.216

🇮🇳 117.211.209.140

🇳🇱 104.23.168.52

🇺🇸 50.6.224.135

🇩🇪 31.76.111.27

🇺🇸 18.189.74.1

🇧🇷 177.174.89.99

🇰🇷 123.58.200.120

🇮🇷 94.182.136.110

🇱🇹 45.227.254.170