JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 140.235.0.138

140.235.0.138 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 40%: ?

40%

ISP	DirectBackup LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS26548
Domain Name	directbackup.co
Country	🇺🇸 United States of America
City	Seattle, Washington

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 140.235.0.138

Whois 140.235.0.138

IP Abuse Reports for 140.235.0.138:

This IP address has been reported a total of 12 times from 10 distinct sources. 140.235.0.138 was first reported on October 19th 2025, and the most recent report was 6 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇿 ptlab	2026-06-11 00:45:39 (6 hours ago)	Detected wp_login attack from WP-host.	Hacking Web App Attack
🇲🇹 Malta	2026-06-10 18:46:20 (11 hours ago)	140.235.0.138 - - [10/Jun/2026:20:46:20 +0200] "GET /wp-json/wp/v2/users HTTP/1.1" "Mozilla/5.0 (X11 ... show more 140.235.0.138 - - [10/Jun/2026:20:46:20 +0200] "GET /wp-json/wp/v2/users HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" show less	Hacking Web App Attack VPN IP
🇫🇷 tilellit.pro	2026-06-04 13:43:47 (6 days ago)	Fail2Ban banned 140.235.0.138 for security violations in jail wp-armour. Log: 2026/06/04 13:43:47 [e ... show more Fail2Ban banned 140.235.0.138 for security violations in jail wp-armour. Log: 2026/06/04 13:43:47 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 140.235.0.138 \| Target: wplogin" , client: 140.235.0.138, server: [REDACTED], request: "POST /wp-login.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED], referrer: "https://comerciogallego.es/wp-login.php" ... show less	Web Spam
🇺🇸 TPI-Abuse	2026-06-03 09:14:24 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 140.235.0.138 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 140.235.0.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 05:14:10.498049 2026] [security2:error] [pid 6836:tid 6836] [client 140.235.0.138:53099] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|vitalitywebb.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "vitalitywebb.com"] [uri "/backstore/Barcalounger/Images/Churchill II Recliner/Art Burl/originals/Thumbs.db"] [unique_id "ah_wYqzfNFmtWJBTT9nhJwAAABU"], referer: https://vitalitywebb.com/backstore/Barcalounger/Images/Churchill%20II%20Recliner/Art%20Burl/originals/ show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Baking333	2026-06-02 01:48:24 (1 week ago)	[redacted] 140.235.0.138 - - [02/Jun/2026:02:48:18 +0100] "GET /[redacted] HTTP/1.1" 302 1557 0/8772 ... show more [redacted] 140.235.0.138 - - [02/Jun/2026:02:48:18 +0100] "GET /[redacted] HTTP/1.1" 302 1557 0/87722 "https://[redacted]" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" [redacted] 140.235.0.138 - - [02/Jun/2026:02:48:21 +0100] "GET /[redacted] HTTP/1.1" 302 1558 0/181438 "https://[redacted]" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" show less	Bad Web Bot Web App Attack
🇨🇭 backslash	2026-05-20 22:06:00 (3 weeks ago)	block ruleset 798ECF92F12ADC636D3520C2890AF17ADEFDE3BE	Bad Web Bot
🇩🇪 HandyTreff.de	2026-05-20 16:07:27 (3 weeks ago)	Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -40.769 (Bad < -10 / Very Bad < -20 ... show more Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -40.769 (Bad < -10 / Very Bad < -20 / Extreme < -35) \| UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.4263.6 show less	Web App Attack Bad Web Bot
🇨🇭 backslash	2026-04-16 15:27:14 (1 month ago)	block ruleset 798ECF92F12ADC636D3520C2890AF17ADEFDE3BE	Bad Web Bot
Anonymous	2025-12-17 02:36:16 (5 months ago)	Attempted brute force login to web vpn 2 time(s); last attempt for 2025.12.17 is noted in report tim ... show more Attempted brute force login to web vpn 2 time(s); last attempt for 2025.12.17 is noted in report timestamp show less	Hacking Brute-Force
🇺🇸 TPI-Abuse	2025-12-02 20:04:23 (6 months ago)	(mod_security) mod_security (id:210350) triggered by 140.235.0.138 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 140.235.0.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 15:04:12.796229 2025] [security2:error] [pid 6866:tid 6866] [client 140.235.0.138:42079] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|oweng.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "oweng.com"] [uri "/"] [unique_id "aS9GPE3UF1CskRqk_Wla-gAAADI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 fbarela	2025-10-31 13:00:30 (7 months ago)	FortiGate SSL VPN login failures.	Hacking Brute-Force
🇮🇩 BPS-StatisticsIndonesia	2025-10-19 15:58:02 (7 months ago)	XML RPC Scan Activities	Brute-Force Web App Attack

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇷 185.255.91.157

🇳🇱 167.71.71.11

🇺🇸 165.22.176.31

🇫🇮 147.185.133.215

🇨🇦 85.217.149.32

🇬🇧 35.203.210.249

🇧🇪 35.195.3.235

🇧🇷 200.210.71.39

🇬🇧 193.163.125.193

🇨🇳 113.221.96.100

🇪🇬 84.36.23.43

🇺🇸 35.193.225.121

🇨🇳 14.120.126.66

🇩🇪 188.245.190.97

🇧🇴 181.188.187.140

🇺🇸 162.216.149.62

🇸🇬 152.32.219.77

🇷🇺 89.250.223.251

🇨🇦 85.217.149.45

🇭🇰 47.86.3.155