JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.40.28

104.207.40.28 was found in our database!

This IP was reported 140 times. Confidence of Abuse is 0%: ?

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.40.28

Whois 104.207.40.28

IP Abuse Reports for 104.207.40.28:

This IP address has been reported a total of 140 times from 22 distinct sources. 104.207.40.28 was first reported on June 4th 2024, and the most recent report was 2 months ago.

Old Reports: The most recent abuse report for this IP address is from 2 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 masterguru	2026-03-26 15:29:29 (2 months ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.40.28 (US/United States/-): 1 in the l ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 104.207.40.28 (US/United States/-): 1 in the last 3600 secs (0-193) show less	Hacking
🇦🇺 RedBear IT	2026-03-26 10:00:37 (2 months ago)	"DDoS against public endpoint"	DDoS Attack
🇱🇻 garmtech.com	2026-03-19 15:48:17 (2 months ago)	IM360 WAF: WordPress plugin/theme auto install block	Web App Attack
🇨🇦 SSH-Admin	2026-02-08 04:00:04 (3 months ago)	Probing for Exploits	Exploited Host Web App Attack
🇮🇹 VHosting	2025-12-23 21:45:12 (5 months ago)	Detected attack and reported by a human	DDoS Attack Brute-Force Bad Web Bot Exploited Host Web App Attack SSH
🇨🇦 SSH-Admin	2025-12-10 23:38:07 (5 months ago)	Probing for Exploits	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 23:07:05 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 18:06:58.899264 2025] [security2:error] [pid 3006:tid 3009] [client 104.207.40.28:60889] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.vivierae.com"] [uri "/.git/HEAD"] [unique_id "aSeIEtBqVInmcfgb3z3JhwAAAMA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 21:06:55 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 26 16:06:46.193038 2025] [security2:error] [pid 374576:tid 374600] [client 104.207.40.28:22659] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.cqaie.aafm.us"] [uri "/.svn/wc.db"] [unique_id "aSdr5hAUe6QO7wXo78VhdAAAAJU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 07:05:39 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 02:05:31.877743 2025] [security2:error] [pid 26878:tid 26878] [client 104.207.40.28:50747] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.wardellbrown.com"] [uri "/.svn/wc.db"] [unique_id "aSVVO6xEnfhmEpowZod0YAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 05:57:30 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 00:57:25.074880 2025] [security2:error] [pid 5404:tid 5404] [client 104.207.40.28:44265] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.dhsgrad.net"] [uri "/.svn/wc.db"] [unique_id "aSVFRW5_OeSrv2XGrycr5AAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 01:47:22 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 20:47:14.880194 2025] [security2:error] [pid 7388:tid 7388] [client 104.207.40.28:11939] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "staging.lindenwoodpark.org"] [uri "/.git/HEAD"] [unique_id "aSUKovwMqiqsRdoPnkrPbgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 01:09:37 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 20:09:32.155127 2025] [security2:error] [pid 18533:tid 18533] [client 104.207.40.28:9615] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.genevainvestors.internetnameregistration.com"] [uri "/.git/HEAD"] [unique_id "aSUBzCI8mh7YwhLXFqcnSQAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 00:51:06 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.28 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 19:50:59.917897 2025] [security2:error] [pid 19533:tid 19533] [client 104.207.40.28:39683] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.akmanoto.com"] [uri "/.git/HEAD"] [unique_id "aST9c3IdNhtImgTuVmSaJAAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2025-11-24 22:21:07 (6 months ago)	Attempted access to sensitive endpoint (/.git/HEAD) detected. Automated scan or unauthorized probing ... show more Attempted access to sensitive endpoint (/.git/HEAD) detected. Automated scan or unauthorized probing. show less	Web App Attack
🇺🇸 techboy117	2025-11-14 00:21:07 (6 months ago)	Blocking due to password spraying.	Brute-Force

Showing 1 to 15 of 140 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇦 216.126.86.177

🇺🇸 216.25.89.72

🇺🇸 216.9.237.75

🇨🇳 203.76.241.18

🇲🇳 203.23.199.88

🇸🇬 68.183.234.194

🇳🇱 45.148.10.151

🇫🇮 45.82.109.136

🇺🇸 40.76.250.51

🇯🇵 23.129.251.228

🇯🇵 23.129.251.72

🇭🇰 199.45.154.178

🇲🇽 187.190.35.163

🇧🇷 187.107.88.97

🇮🇳 182.95.189.66

🇸🇬 118.26.111.107

🇧🇷 45.205.1.243

🇭🇰 223.197.248.209

🇧🇷 187.110.238.50

🇮🇷 185.255.210.33