JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.207.40.94

104.207.40.94 was found in our database!

This IP was reported 148 times. Confidence of Abuse is 42%: ?

42%

ISP	3xK Tech GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS200373
Domain Name	3xktech.cloud
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.207.40.94

Whois 104.207.40.94

IP Abuse Reports for 104.207.40.94:

This IP address has been reported a total of 148 times from 26 distinct sources. 104.207.40.94 was first reported on June 6th 2024, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 lostswordfish.com	2026-05-31 10:28:04 (5 days ago)	Wordfence waf block on jestrellafoundation	Web App Attack
🇫🇷 ELYAZ	2026-05-31 09:24:31 (5 days ago)	(y4) Failed scan -byebye- from 104.207.40.94 (US/United States/-): (CF_ENABLE)	Hacking
🇲🇹 Malta	2026-05-31 06:20:25 (5 days ago)	104.207.40.94 - - [31/May/2026:08:20:25 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows N ... show more 104.207.40.94 - - [31/May/2026:08:20:25 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" Brute-force password attempt show less	Hacking Web App Attack Brute-Force
Anonymous	2026-05-29 15:14:55 (6 days ago)	[ns41.kdns.gr] httpd-login-spray-site: sites=apnoia.gr; logs=/var/log/httpd/domains/apnoia.gr.log; s ... show more [ns41.kdns.gr] httpd-login-spray-site: sites=apnoia.gr; logs=/var/log/httpd/domains/apnoia.gr.log; samples=site_wide=true \| distinct_ips=17 \| /wp-login.php show less	Hacking Web App Attack
Anonymous	2026-05-28 06:58:09 (1 week ago)	Web attack blocked by Wordfence on mergel.nu (1 hit). Reported by CRMON.	Web App Attack
🇩🇪 iNetWorker	2026-05-25 22:38:51 (1 week ago)	trolling for resource vulnerabilities	Web App Attack
🇲🇽 octageeks.com	2026-05-24 04:10:15 (1 week ago)	Wordpress malicious attack:[octaflood]	Web App Attack
🇺🇸 oncord	2026-03-06 01:31:59 (2 months ago)	Form spam	Web Spam
🇺🇸 TPI-Abuse	2026-02-24 11:07:20 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.94 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 24 06:07:16.413196 2026] [security2:error] [pid 4881:tid 4881] [client 104.207.40.94:36901] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "touchmypython.bwill.dev"] [uri "/.git/config"] [unique_id "aZ2GZArWxn0I1kk1xCh4-AAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-23 20:53:38 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.94 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 23 15:53:35.392492 2026] [security2:error] [pid 24856:tid 24856] [client 104.207.40.94:25447] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nysinyd.com.greighhouse.com"] [uri "/.git/config"] [unique_id "aZy-T9XkpWAE8IDwpyZnXwAAAB8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-23 14:14:51 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 104.207.40.94 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.207.40.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 23 09:14:43.427577 2026] [security2:error] [pid 8594:tid 8619] [client 104.207.40.94:43621] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gsji.org.aafm.us"] [uri "/.git/config"] [unique_id "aZxg05OeMuX08u-hHqg74wAAAFQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-02-18 19:34:24 (3 months ago)	Forum/form spam	Web Spam
🇫🇷 mrcrassi	2026-02-10 13:27:22 (3 months ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (POST meth ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (POST method) Endpoint: /wp-login.php UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-01-29 03:57:34 (4 months ago)	(mod_security) mod_security (id:225170) triggered by 104.207.40.94 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 104.207.40.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 28 22:57:27.450625 2026] [security2:error] [pid 17842:tid 17842] [client 104.207.40.94:60221] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|primacomm.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "primacomm.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aXrapzJODac3n3zzQRG6XgAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 VHosting	2025-12-24 02:55:35 (5 months ago)	Detected attack and reported by a human	DDoS Attack Brute-Force Bad Web Bot Exploited Host Web App Attack SSH

Showing 1 to 15 of 148 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 204.14.188.117

🇨🇳 39.144.154.242

🇧🇷 2804:f60:6c36:0:84b9:c71d:18ee:dc28

🇨🇳 222.138.68.29

🇨🇳 218.7.160.28

🇷🇺 217.116.58.7

🇺🇸 216.218.206.85

🇰🇬 212.241.4.182

🇰🇿 212.154.225.30

🇲🇽 201.77.97.235

🇲🇽 200.108.184.37

🇹🇿 197.186.9.234

🇦🇷 191.83.208.74

🇳🇱 185.242.226.90

🇫🇷 185.177.72.100

🇮🇱 176.106.225.14

🇩🇿 154.242.55.105

🇩🇿 154.241.3.90

🇭🇰 150.5.169.138

🇬🇧 144.126.239.217