JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 136.0.105.132

136.0.105.132 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 25%: ?

25%

ISP	Ace Data Centers II, L.L.C.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396362
Hostname(s)	136-0-105-132.ips.acedatacenter.com
Domain Name	acedatacenter.com
Country	🇺🇸 United States of America
City	New York City, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 136.0.105.132

Whois 136.0.105.132

IP Abuse Reports for 136.0.105.132:

This IP address has been reported a total of 19 times from 6 distinct sources. 136.0.105.132 was first reported on February 23rd 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-05-28 22:04:05 (1 week ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-27. show less	Web App Attack SSH Hacking
🇬🇧 thetomtaylor.co.uk	2026-05-28 04:08:01 (1 week ago)	Fail2Ban - [WEB]Custom exploit pattern detected on customexploits ... [ice01,ice02,wa02]	Hacking Brute-Force Bad Web Bot Web App Attack
🇦🇹 Starburst SysOp Team	2026-05-28 02:28:02 (1 week ago)	Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-ams6-1)	Hacking Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-05-28 01:05:03 (2 weeks ago)	Fail2Ban - [WEB]Custom exploit pattern detected on customexploits ... [wa01]	Hacking Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 21:51:18 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 136.0.105.132 (136-0-105-132.ips.acedatacenter. ... show more (mod_security) mod_security (id:210492) triggered by 136.0.105.132 (136-0-105-132.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 17:51:14.147630 2026] [security2:error] [pid 9894:tid 9894] [client 136.0.105.132:56287] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "badwaterclaims.helpkccare.org"] [uri "/.env.dev"] [unique_id "ahdnUlMYxbReR6f9rRc1agAAAAY"], referer: https://www.google.com/search?q=badwaterclaims.helpkccare.org show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 19:10:36 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 136.0.105.132 (136-0-105-132.ips.acedatacenter. ... show more (mod_security) mod_security (id:210492) triggered by 136.0.105.132 (136-0-105-132.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 15:10:29.544475 2026] [security2:error] [pid 20666:tid 20712] [client 136.0.105.132:43259] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gmentz.com"] [uri "/.env.backup"] [unique_id "ahdBpTzFBNmsGzCg3ReSVwAAAFI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 17:44:17 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 136.0.105.132 (136-0-105-132.ips.acedatacenter. ... show more (mod_security) mod_security (id:210492) triggered by 136.0.105.132 (136-0-105-132.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 13:44:06.663030 2026] [security2:error] [pid 5516:tid 5516] [client 136.0.105.132:47653] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.westsacneighborsfair.webserviceswest.com"] [uri "/wp-config.php"] [unique_id "ahctZk0MLVGQ0B39ezOkSAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 11:54:37 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 136.0.105.132 (136-0-105-132.ips.acedatacenter. ... show more (mod_security) mod_security (id:210492) triggered by 136.0.105.132 (136-0-105-132.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 07:54:29.169036 2026] [security2:error] [pid 12146:tid 12146] [client 136.0.105.132:45031] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.closedfortheseason.com"] [uri "/.env.dev"] [unique_id "ahbbddYcGDAFKxWMmqu4iwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 00:40:17 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 136.0.105.132 (136-0-105-132.ips.acedatacenter. ... show more (mod_security) mod_security (id:210492) triggered by 136.0.105.132 (136-0-105-132.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 20:40:13.666039 2026] [security2:error] [pid 5626:tid 5626] [client 136.0.105.132:33295] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cptaxadvisors.com"] [uri "/.env.backup"] [unique_id "ahY9bR_GLnHULprAF6zEmgAAAAA"], referer: https://www.google.com/search?q=cptaxadvisors.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 00:22:34 (2 weeks ago)	(mod_security) mod_security (id:210730) triggered by 136.0.105.132 (136-0-105-132.ips.acedatacenter. ... show more (mod_security) mod_security (id:210730) triggered by 136.0.105.132 (136-0-105-132.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 20:22:29.862300 2026] [security2:error] [pid 28302:tid 28302] [client 136.0.105.132:36467] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|poolservices.com.jhonbens.com\|F\|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "poolservices.com.jhonbens.com"] [uri "/config/master.key"] [unique_id "ahY5RfcvW0IvfJNgqqz8_QAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-17 10:34:38 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 136.0.105.132 (136-0-105-132.ips.acedatacenter. ... show more (mod_security) mod_security (id:210492) triggered by 136.0.105.132 (136-0-105-132.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 05:34:28.137067 2026] [security2:error] [pid 16100:tid 16100] [client 136.0.105.132:52981] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/wp-config.php.orig"] [unique_id "aWtltNyjjN5RW8sBZkvSYwAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 19:07:37 (5 months ago)	(mod_security) mod_security (id:212620) triggered by 136.0.105.132 (136-0-105-132.ips.acedatacenter. ... show more (mod_security) mod_security (id:212620) triggered by 136.0.105.132 (136-0-105-132.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 14:07:23.374109 2025] [security2:error] [pid 22840:tid 22947] [client 136.0.105.132:52805] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|www.kettlehill.net\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /wp-login.php?action=register&redirect_to=x\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.kettlehill.net"] [uri "/wp-login.php"] [unique_id "aVLRa_USdzJ-gbjPWKhQ6QAAAI4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-28 00:44:09 (6 months ago)	(mod_security) mod_security (id:211190) triggered by 136.0.105.132 (136-0-105-132.ips.acedatacenter. ... show more (mod_security) mod_security (id:211190) triggered by 136.0.105.132 (136-0-105-132.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 27 19:44:04.837422 2025] [security2:error] [pid 5561:tid 5687] [client 136.0.105.132:51125] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|www.kettlehill.net\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /downloader.php?file=../../../../../../../../../../../../../etc/passwd%00.jpg"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kettlehill.net"] [uri "/downloader.php"] [unique_id "aSjwVF4xc9V5fyPJJx0gdAAAAMU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-12 04:36:52 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 136.0.105.132 (136-0-105-132.ips.acedatacenter. ... show more (mod_security) mod_security (id:210730) triggered by 136.0.105.132 (136-0-105-132.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 11 23:36:26.556632 2025] [security2:error] [pid 2039:tid 2039] [client 136.0.105.132:46475] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.nbcnewsradio.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.nbcnewsradio.com"] [uri "/..../..../..../..../..../..../..../..../..../windows/win.ini"] [unique_id "aRQOyu0kKve9XnHSisyynAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-29 19:35:27 (7 months ago)	(mod_security) mod_security (id:221260) triggered by 136.0.105.132 (136-0-105-132.ips.acedatacenter. ... show more (mod_security) mod_security (id:221260) triggered by 136.0.105.132 (136-0-105-132.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 29 15:35:20.127395 2025] [security2:error] [pid 24172:tid 24172] [client 136.0.105.132:59443] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|www.davispickering.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.davispickering.com"] [uri "/debug.cgi"] [unique_id "aQJseHslnMo0RQ3kTqCePAAAAA0"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇭🇰 199.45.154.189

🇻🇳 157.66.80.97

🇫🇮 147.185.133.218

🇧🇬 79.124.62.230

🇳🇱 51.158.249.10

🇬🇧 35.203.211.206

🇺🇸 216.25.89.116

🇰🇷 210.183.21.53

🇪🇨 200.24.141.83

🇪🇨 181.196.12.218

🇻🇳 180.93.245.203

🇭🇰 156.245.246.50

🇯🇵 133.88.121.12

🇱🇰 124.43.10.224

🇨🇳 118.196.27.130

🇮🇩 110.138.133.23

🇺🇸 107.180.88.176

🇺🇸 91.230.168.162

🇧🇬 79.110.118.226

🇩🇪 69.5.169.130