JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 40.76.239.98

40.76.239.98 was found in our database!

This IP was reported 42 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 40.76.239.98

Whois 40.76.239.98

IP Abuse Reports for 40.76.239.98:

This IP address has been reported a total of 42 times from 35 distinct sources. 40.76.239.98 was first reported on July 26th 2025, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 BSG Webmaster	2026-06-02 07:00:08 (2 days ago)	Port scanning (Port 443)	Port Scan Hacking
Anonymous	2026-06-02 07:00:00 (2 days ago)	SSH Brute-Force	DDoS Attack Port Scan Hacking Brute-Force SSH
🇳🇱 i-turnradio.nl	2026-06-02 06:36:20 (2 days ago)	2026-06-02 08:36:20 (CET) ~ Blocked by abusescan risk assessment	Web App Attack
Anonymous	2026-06-02 06:12:26 (2 days ago)	Jun 2 08:12:22 mail2 Nextcloud[26095]: {"reqId":"ah50RlcTG0qxfDl0FgN2PAAAAJU","level":1,"time":"202 ... show more Jun 2 08:12:22 mail2 Nextcloud[26095]: {"reqId":"ah50RlcTG0qxfDl0FgN2PAAAAJU","level":1,"time":"2026-06-02T06:12:22+00:00","remoteAddr":"40.76.239.98","user":"--","app":"core","method":"GET","url":"/.git/config","scriptName":"/index.php","message":"Trusted domain error. \"40.76.239.98\" tried to access using \"178.254.3.7\" as host.","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36","version":"32.0.9.2","data":{"app":"core"}} Jun 2 08:12:23 mail2 Nextcloud[25889]: {"reqId":"ah50R1cTG0qxfDl0FgN2PQAAAIk","level":1,"time":"2026-06-02T06:12:23+00:00","remoteAddr":"40.76.239.98","user":"--","app":"core","method":"GET","url":"/.env","scriptName":"/index.php","message":"Trusted domain error. \"40.76.239.98\" tried to access using \"178.254.3.7\" as host.","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36","version":"32.0.9.2","data":{"app":"core"}} Jun ... show less	Brute-Force Web App Attack
🇹🇼 ip4.tw	2026-06-02 06:06:01 (2 days ago)	Malicious web scan	Hacking Web App Attack
🇧🇷 SOC Blue Team	2026-06-02 05:28:17 (2 days ago)	IPs get by Hunting on SIEM	Phishing Web Spam Port Scan Hacking
🇫🇷 dynamix	2026-06-02 05:27:50 (2 days ago)	Multiple WAF Violations	Web App Attack
🇩🇪 Enno	2026-06-02 05:24:34 (2 days ago)	P04::Fail2Ban: automated bot scanning / credential probing detected.	Web App Attack Bad Web Bot
🇮🇪 AutosOnShow	2026-06-02 05:09:06 (2 days ago)	blocked for webapp attack \| path requested: /.git/config \| seen at 2026-06-02 05:08:07.730 \|	Web App Attack
🇺🇸 mnsf	2026-06-02 05:06:32 (2 days ago)	Too many Status 50X (13)	Brute-Force Web App Attack
🇩🇪 ISPLtd	2026-06-02 04:47:18 (2 days ago)	Jun 2 01:47:17 40.76.239.98 TCP SPT=1679 DPT=2083 SYN Jun 2 01:47:17 40.76.239.98 TCP SPT=1682 DPT ... show more Jun 2 01:47:17 40.76.239.98 TCP SPT=1679 DPT=2083 SYN Jun 2 01:47:17 40.76.239.98 TCP SPT=1682 DPT=2086 SYN Jun 2 01:47:17 40.76.239.98 TCP SPT=1716 DPT=8080 ... show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-02 04:41:57 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 40.76.239.98 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 40.76.239.98 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 00:41:53.560096 2026] [security2:error] [pid 9295:tid 9295] [client 40.76.239.98:1690] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.102"] [uri "/.git/HEAD"] [unique_id "ah5fEc_kN_hqJGw-QfTdpgAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇭🇰 www.winos.me	2026-06-02 04:31:06 (2 days ago)	Shield: Layer4 Port 9 Trap	Port Scan Hacking
🇺🇸 TPI-Abuse	2026-06-02 03:49:25 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 40.76.239.98 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 40.76.239.98 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 23:49:17.978092 2026] [security2:error] [pid 5321:tid 5321] [client 40.76.239.98:1236] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.182"] [uri "/.git/HEAD"] [unique_id "ah5SvbsktAGLLSYLzx1_cQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 MPL	2026-06-02 03:37:44 (2 days ago)	tcp port scan (16 or more attempts)	Port Scan

Showing 1 to 15 of 42 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 193.163.125.178

🇸🇬 178.128.51.84

🇭🇰 165.154.20.228

🇮🇹 151.33.254.25

🇹🇼 114.33.120.106

🇮🇹 93.92.77.208

🇲🇩 92.115.5.137

🇨🇿 91.224.90.50

🇨🇦 85.217.149.65

🇸🇦 37.56.107.146

🇹🇼 34.80.84.68

🇭🇰 199.45.154.177

🇮🇳 128.199.24.40

🇨🇳 106.13.68.234

🇲🇰 92.55.69.185

🇺🇸 76.191.148.235

🇺🇸 208.67.220.123

🇮🇩 180.250.210.133

🇯🇵 160.251.233.37

🇳🇱 160.119.69.14