JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 40.84.216.81

40.84.216.81 was found in our database!

This IP was reported 37 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	San Antonio, Texas

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 40.84.216.81

Whois 40.84.216.81

IP Abuse Reports for 40.84.216.81:

This IP address has been reported a total of 37 times from 31 distinct sources. 40.84.216.81 was first reported on June 4th 2026, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Vegascosmetics	2026-06-04 23:42:48 (1 hour ago)	Kingcopy(AI-IDS) Report: IP automatically blocked after PHP/webshell probe. Vegas Security System	DDoS Attack Hacking Bad Web Bot
Anonymous	2026-06-04 22:39:38 (2 hours ago)	"POST /wp/xmlrpc.php HTTP/1.1"	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 20:29:45 (4 hours ago)	(mod_security) mod_security (id:240335) triggered by 40.84.216.81 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 40.84.216.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 16:29:41.335917 2026] [security2:error] [pid 24480:tid 24480] [client 40.84.216.81:63941] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 40.84.216.81 (+1 hits since last alert)\|ultratecnologia.com.mx\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "ultratecnologia.com.mx"] [uri "/wp/xmlrpc.php"] [unique_id "aiHgNXUtzU6Fbv8ihSeKDwAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 conseilgouz	2026-06-04 20:27:48 (4 hours ago)	joe-Direct access to plugin not allowed.	Hacking
🇺🇸 kosada.com	2026-06-04 20:24:26 (4 hours ago)	Web vulnerability probing: /wp/xmlrpc.php	Web App Attack
🇩🇪 Selckie	2026-06-04 20:21:47 (5 hours ago)	fail2ban: NGINX unusual impact	Web App Attack
Anonymous	2026-06-04 20:09:26 (5 hours ago)	Backdrop CMS module - malicious activity detected	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 19:54:03 (5 hours ago)	(mod_security) mod_security (id:240335) triggered by 40.84.216.81 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 40.84.216.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 15:53:59.120075 2026] [security2:error] [pid 29283:tid 29283] [client 40.84.216.81:63596] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 40.84.216.81 (+1 hits since last alert)\|tourissue.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tourissue.com"] [uri "/wp/xmlrpc.php"] [unique_id "aiHX12RnqBJi87hGJIsMBwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 FutureFm	2026-06-04 19:51:00 (5 hours ago)	40.84.216.81 - - [04/Jun/2026:21:40:52 +0200] "POST /wp/xmlrpc.php	Brute-Force Hacking
🇳🇱 i-turnradio.nl	2026-06-04 19:38:52 (5 hours ago)	2026-06-04 @ 21:38:52 (CET) ~ Blocked for trying to access: /wp/xmlrpc.php	Web App Attack
🇬🇧 SilverZippo	2026-06-04 19:35:06 (5 hours ago)	Web App Attack	Web App Attack
🇳🇱 ipoac.nl	2026-06-04 19:34:20 (5 hours ago)	-:443 40.84.216.81 - - [04/Jun/2026:21:34:19 +0200] - "POST /wp/xmlrpc.php HTTP/1.1" 404 7441 "-" "M ... show more -:443 40.84.216.81 - - [04/Jun/2026:21:34:19 +0200] - "POST /wp/xmlrpc.php HTTP/1.1" 404 7441 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" show less	Bad Web Bot
🇺🇸 Equity Steward	2026-06-04 19:30:35 (5 hours ago)	Automated threat intelligence block — AbuseIPDB confidence 97%, 22 prior reports. IP contacted equit ... show more Automated threat intelligence block — AbuseIPDB confidence 97%, 22 prior reports. IP contacted equitysteward.org. ISP: Microsoft Corporation. Auto-blocked at 2026-06-04T19:30:30.598Z. show less	Bad Web Bot Web App Attack
Anonymous	2026-06-04 19:28:00 (5 hours ago)	40.84.216.81 - - [05/Jun/2026:03:27:59 +0800] "POST /wp/xmlrpc.php HTTP/1.1" 404 196 "-" "Mozilla/5. ... show more 40.84.216.81 - - [05/Jun/2026:03:27:59 +0800] "POST /wp/xmlrpc.php HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" ... show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 19:26:47 (5 hours ago)	(mod_security) mod_security (id:240335) triggered by 40.84.216.81 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 40.84.216.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 15:26:42.180882 2026] [security2:error] [pid 30859:tid 30859] [client 40.84.216.81:63942] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 40.84.216.81 (+1 hits since last alert)\|brooklynmeeting.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "brooklynmeeting.org"] [uri "/wp/xmlrpc.php"] [unique_id "aiHRctYch7BnZqW9RFf9JQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 37 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 49.207.241.214

🇳🇱 45.156.87.166

🇺🇸 216.180.246.224

🇺🇸 207.90.244.10

🇧🇷 205.210.31.221

🇺🇸 205.210.31.105

🇧🇷 201.77.124.248

🇧🇪 198.235.24.195

🇹🇼 198.235.24.53

🇺🇸 172.212.200.195

🇩🇪 159.69.86.170

🇵🇰 153.117.13.164

🇨🇳 101.126.14.37

🇫🇷 91.196.152.210

🇨🇦 70.81.127.119

🇰🇷 58.224.62.29

🇸🇬 43.173.132.98

🇬🇧 35.203.211.38

🇷🇴 2.57.122.238

🇧🇦 195.222.57.190