JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 40.114.79.135

40.114.79.135 was found in our database!

This IP was reported 137 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 40.114.79.135

Whois 40.114.79.135

IP Abuse Reports for 40.114.79.135:

This IP address has been reported a total of 137 times from 88 distinct sources. 40.114.79.135 was first reported on June 11th 2026, and the most recent report was 26 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 Charlesiv	2026-06-16 12:01:24 (26 minutes ago)	Triggered Cloudflare WAF (botFight) from US. Action taken: MANAGED_CHALLENGE ASN: 8075 (Microsoft Co ... show more Triggered Cloudflare WAF (botFight) from US. Action taken: MANAGED_CHALLENGE ASN: 8075 (Microsoft Corporation) Protocol: HTTP/1.1 (POST method) Endpoint: / Timestamp: 2026-06-16T10:58:44Z Ray ID: a0c94d14cef1c814 UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36 show less	Bad Web Bot
🇫🇮 oh.mg	2026-06-16 11:32:21 (55 minutes ago)	[Tue Jun 16 13:32:20.440733 2026] [security2:error] [pid 3442028:tid 3442039] [client 40.114.79.135: ... show more [Tue Jun 16 13:32:20.440733 2026] [security2:error] [pid 3442028:tid 3442039] [client 40.114.79.135:2266] [client 40.114.79.135] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 50)"] [ver "OWASP_CRS/4.10.0-dev"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "oh.ke"] [uri "/"] [unique_id "ajE0RPFrfIPszuqApL27-QAAAIk"], referer: https://oh.ke/ [Tue Jun 16 13:32:20.529767 2026] [security2:error] [pid 3443754:tid 3443762] [client 40.114.79.135:2278] [client 40.114.79.135] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 50)"] [ver "OWASP_CRS/4.10.0 ... show less	Web App Attack Bad Web Bot
🇺🇸 cwytech	2026-06-16 11:19:44 (1 hour ago)	Fleet-wide ban from the Ghostfleet 👻. Triggered by scenario: cwy/web-asn-lockdown-high.	Bad Web Bot Web App Attack
🇬🇧 poundawebsiteltd	2026-06-16 11:19:28 (1 hour ago)	Web App Attack (ModSecurity Block). Evidence: [REDACTED_DOMAIN]:443 40.114.79.135 - - [16/Jun/2026:1 ... show more Web App Attack (ModSecurity Block). Evidence: [REDACTED_DOMAIN]:443 40.114.79.135 - - [16/Jun/2026:12:19:23 +0100] POST / HTTP/1.1 404 915 https://[REDACTED_DOMAIN]/ Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36 show less	Web App Attack
🇩🇪 Hary74656	2026-06-16 11:05:12 (1 hour ago)	[Tue Jun 16 13:05:02.852415 2026] [security2:error] [pid 304639:tid 304739] [client 40.114.79.135:37 ... show more [Tue Jun 16 13:05:02.852415 2026] [security2:error] [pid 304639:tid 304739] [client 40.114.79.135:37888] [client 40.114.79.135] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_\|_js_function)\|(?:new\\\\s+Function\|\\\\beval)\\\\s\\\$\|String\\\\s\\\\.\\\\sfromCharCode\|function\\\\s\\\\(\\\\s\\\$\\\\s{\|this\\\\.constructor)\|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "70"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: String.fromCharCode found within ARGS:0: {\\x22x_2605fc0d\\x22:\\x22e883d9f6290ca5b8\\x22,\\x22ns_2cfd942b\\x22:null,\\x22status\\x22:\\x22resolved_model\\x22,\\x22__35739f13\\x22:false,\\x22x_d78d1347\\x22:false,\\x22reason\\x22:-1,\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var uavo=[].slice.call(arguments,1)[0];var utxp=uavo;try{var _v=((0,eval)(global[String.f ... show less	Web App Attack
Anonymous	2026-06-16 10:30:05 (1 hour ago)	IP banned by Fail2Ban in jail nginx-abusive-ips	Web App Attack Brute-Force Bad Web Bot
🇺🇸 Starburst SysOp Team	2026-06-16 09:42:56 (2 hours ago)	Malware host detected by rbl.malware.expert. RBL lookup of 135.79.114.40.rbl.malware.expert succeede ... show more Malware host detected by rbl.malware.expert. RBL lookup of 135.79.114.40.rbl.malware.expert succeeded at REMOTE_ADDR. (400010-mnz6-1) show less	Hacking
Anonymous	2026-06-16 09:24:29 (3 hours ago)	FortiWeb WAF: 206 attacks detected. Threat Score: 9915. Types: Client Management(103), Signature Det ... show more FortiWeb WAF: 206 attacks detected. Threat Score: 9915. Types: Client Management(103), Signature Detection(80), HTTP Protocol Constraints(23). Origin: United States. show less	Web App Attack
🇩🇪 NetShield-DE	2026-06-16 09:07:21 (3 hours ago)	Auto-report via Fail2Ban aggregation. IP observed in jails: abuseipdb. Events: 1. First: 2026-06-16T ... show more Auto-report via Fail2Ban aggregation. IP observed in jails: abuseipdb. Events: 1. First: 2026-06-16T11:07:01+0200. Last: 2026-06-16T11:07:01+0200. Samples: - 2026-06-14 00:35:14,051 fail2ban.actions [3599610]: NOTICE [abuseipdb] Ban 40.114.79.135 show less	Web App Attack
🇫🇷 masterguru	2026-06-16 08:39:04 (3 hours ago)	Node.js Injection Attack. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_\|_js_function)\|(?:new ... show more Node.js Injection Attack. Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_\|_js_function)\|(?:new\\\\s+Function\|\\\\beval)\\\\s\\\$\|String\\\\s\\\\.\\\\sfromCharCode\|function\\\\s\\\\(\\\\s\\\$\\\\s{\|this\\\\.constructor)\|module\\\\.exports\\\\s*=)" at ARGS:0. (934100-135) show less	Hacking
🇩🇪 NetShield-DE	2026-06-16 04:07:23 (8 hours ago)	Auto-report via Fail2Ban aggregation. IP observed in jails: abuseipdb. Events: 1. First: 2026-06-16T ... show more Auto-report via Fail2Ban aggregation. IP observed in jails: abuseipdb. Events: 1. First: 2026-06-16T06:07:01+0200. Last: 2026-06-16T06:07:01+0200. Samples: - 2026-06-14 00:35:14,051 fail2ban.actions [3599610]: NOTICE [abuseipdb] Ban 40.114.79.135 show less	Web App Attack
🇨🇭 4server	2026-06-16 03:58:36 (8 hours ago)	[TueJun1605:58:33.1743512026][security2:error][pid2311002:tid2311205][client40.114.79.135:0]ModSecur ... show more [TueJun1605:58:33.1743512026][security2:error][pid2311002:tid2311205][client40.114.79.135:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?i$\\\\\\\\b$\?:i\(\?:s\(\?:_\(\?:in\(\?:t\(\?:eger$\?\\|finite\)\\|n$\?:u\(\?:meric\\|ll$\\|an\)\\|$\?:calla\\|dou$ble\\|s$\?:calar\\|tring$\\|f$\?:inite\\|loat$\\|re$\?:source\\|al$\\|l$\?:ink\\|ong$\\|a$\?:rray$\?\\|object\\|bool\)\\|set\)\\|n$\?:\(\?:clud\\|vok$e\\|t$\?:div\\|val$\)\\|$\?:mplod\\|dat$e\\|conv\)\\|s$\?:t\(\?:r\(\?:\(\?:le\\|sp$n\\|...\"atARGS:0.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"582\"][id\"380026\"][rev\"27\"][msg\"Atomicorp.comWAFRules:PHPpayloaddetected\"][data\"split$\\\\x5c\\\\x22\\\\x5c\\\\x22$.reverse.join$\\\\x5c\\\\x22\\\\x5c\\\\x22$].from\(\'kgfzew5jigz1bmn0aw9ukcl7ci8vigzhc3rfcmvjb25fdjyg4ocuihnpz25hdhvyzs1yb3rhdgvkihjly29uihbhewxvywqkly8gq2hhbmdlcybmcm9tihy1ogovlyagic0gumfuzg9taxplzcb0b3atbgv2zwwgslnptibrzxlzichubybmaxhlzcbzy2hlbwegdg8gzmluz2vychjpbnqpci8vicaglsbwyxjpywjszsbvdxrwdxqgc3rydwn show less	Hacking Web App Attack
🇮🇩 securejdprop	2026-06-16 01:21:52 (11 hours ago)	This IP was detected by CrowdSec triggering crowdsecurity/vpatch-CVE-2025-55182. WAF block: crowdsec ... show more This IP was detected by CrowdSec triggering crowdsecurity/vpatch-CVE-2025-55182. WAF block: crowdsecurity/vpatch-CVE-2025-55182 from 40.114.79.135 (172.19.0.4) show less	Hacking
🇩🇪 Philister11	2026-06-16 00:52:56 (11 hours ago)	CrowdSec: LePresidente/http-generic-403-bf (US/AS8075)	Web App Attack Brute-Force
🇨🇦 ISPLtd	2026-06-16 00:40:51 (11 hours ago)	40.114.79.135 - - [15/Jun/2026:21:40:51 -0300] "POST / 40.114.79.135 - - [15/Jun/2026:21:40:51 -0300 ... show more 40.114.79.135 - - [15/Jun/2026:21:40:51 -0300] "POST / 40.114.79.135 - - [15/Jun/2026:21:40:51 -0300] "POST / ... show less	Hacking Web App Attack

Showing 1 to 15 of 137 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 171.37.190.96

🇺🇸 150.107.38.252

🇰🇷 121.125.67.137

🇨🇳 118.212.122.20

🇨🇳 111.113.88.93

🇺🇸 20.46.226.81

🇵🇰 206.42.124.114

🇵🇦 190.32.246.14

🇲🇽 187.184.159.140

🇺🇸 162.216.150.84

🇫🇮 147.185.133.35

🇺🇸 124.198.131.39

🇹🇼 118.163.199.181

🇨🇳 117.29.104.115

🇵🇱 95.214.53.196

🇳🇱 91.229.105.132

🇷🇸 77.105.37.219

🇹🇭 58.10.68.175

🇸🇬 47.128.120.236

🇬🇹 190.151.130.5