JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.40.249

104.207.40.249 was found in our database!

This IP was reported 147 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.40.249

Whois 104.207.40.249

IP Abuse Reports for 104.207.40.249:

This IP address has been reported a total of 147 times from 19 distinct sources. 104.207.40.249 was first reported on June 4th 2024, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-05-03 14:46:11 (1 month ago)	Forum/form spam	Web Spam
Anonymous	2026-03-17 18:54:01 (2 months ago)	attempts to hack passwords	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-02-21 15:34:31 (3 months ago)	(mod_security) mod_security (id:225170) triggered by 104.207.40.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 104.207.40.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 21 10:34:27.143234 2026] [security2:error] [pid 28017:tid 28017] [client 104.207.40.249:53379] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|rjdyckarchitect.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "rjdyckarchitect.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aZnQg9PtYH57M7fpmcTAhgAAAAg"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-02-20 01:41:36 (3 months ago)	attempts to hack passwords	Brute-Force Web App Attack
🇫🇷 tilellit.pro	2026-02-11 22:55:41 (3 months ago)	Fail2Ban banned 104.207.40.249 for security violations in jail wp-armour. Log: 2026/02/11 22:55:41 [ ... show more Fail2Ban banned 104.207.40.249 for security violations in jail wp-armour. Log: 2026/02/11 22:55:41 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 104.207.40.249 \| Target: wplogin" , client: 104.207.40.249, server: [REDACTED], request: "POST /wp-login.php HTTP/2.0", upstream: [REDACTED], host: [REDACTED], referrer: "https://comerciogallego.es/wp-login.php" ... show less	Web Spam
🇩🇪 LRob.fr	2026-02-11 14:36:18 (3 months ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇺🇸 fbarela	2026-01-14 07:00:07 (4 months ago)	FortiGate SSL VPN login failures.	Hacking Brute-Force
🇺🇸 TPI-Abuse	2025-12-30 12:21:42 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 30 07:21:33.728285 2025] [security2:error] [pid 12609:tid 12609] [client 104.207.40.249:40871] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.trafficstopper.com"] [uri "/.git/HEAD"] [unique_id "aVPDzTuOE4azitW5pI9GlQAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 12:31:17 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 07:31:10.964964 2025] [security2:error] [pid 23532:tid 23532] [client 104.207.40.249:11507] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "trailermesomewhere.com"] [uri "/.svn/wc.db"] [unique_id "aVJ0jo2RadHVSGD1nDwQ6QAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 Shaik Sai Meera	2025-12-29 08:25:14 (5 months ago)	IM360 WAF: Hidden file access	Brute-Force
🇺🇸 TPI-Abuse	2025-12-29 08:17:36 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 03:17:31.356970 2025] [security2:error] [pid 14178:tid 14178] [client 104.207.40.249:21339] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "beckersystems.com"] [uri "/.env"] [unique_id "aVI5G69CCLGD8heN4LPi3AAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 07:16:17 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 02:16:09.808299 2025] [security2:error] [pid 22043:tid 22098] [client 104.207.40.249:51347] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ewoolsey.com"] [uri "/.env"] [unique_id "aVIqueo-JHkotc-RqBJcHAAAAVY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 04:22:40 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 23:22:34.551048 2025] [security2:error] [pid 8535:tid 8535] [client 104.207.40.249:11633] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bayfieldwis.com"] [uri "/.svn/wc.db"] [unique_id "aVICCqCzxAaGq6Q4yd1ZNwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 benou2	2025-12-05 19:00:12 (5 months ago)	crowdsecurity/http-cve-probing	Port Scan Hacking
Anonymous	2025-11-14 00:08:21 (6 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack

Showing 1 to 15 of 147 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 223.155.196.71

🇬🇧 193.163.125.118

🇮🇹 185.197.9.52

🇵🇪 179.7.114.236

🇺🇸 134.209.120.216

🇨🇳 122.236.103.177

🇧🇩 103.155.59.157

🇻🇳 14.191.254.215

🇨🇳 14.19.20.182

🇻🇳 2402:800:63ba:c576:22a:ceff:df37:1f48

🇹🇼 198.235.24.44

🇹🇿 196.249.113.70

🇰🇿 188.130.157.187

🇺🇿 188.113.249.73

🇷🇺 178.157.166.21

🇰🇿 178.90.224.43

🇰🇿 178.89.101.107

🇨🇲 165.210.39.226

🇺🇸 164.92.82.91

🇮🇩 163.7.8.79