JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 140.235.1.35

140.235.1.35 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 16%: ?

16%

ISP	DirectBackup LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS26548
Domain Name	directbackup.co
Country	🇺🇸 United States of America
City	Seattle, Washington

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 140.235.1.35

Whois 140.235.1.35

IP Abuse Reports for 140.235.1.35:

This IP address has been reported a total of 14 times from 10 distinct sources. 140.235.1.35 was first reported on October 26th 2025, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 NetGuard	2026-05-27 23:35:10 (3 weeks ago)	#honeypot #netguard247 #ciscoasa Captured by NetGuard 24/7 T-Pot honeypot (netguard24-7.com). Timest ... show more #honeypot #netguard247 #ciscoasa Captured by NetGuard 24/7 T-Pot honeypot (netguard24-7.com). Timestamp: 2026-05-27T23:35:10.123+00:00 Attacker IP: 140.235.1.35 \| Port: N/A \| Country: United States Honeypot: ciscoasa \| Attack: unknown Source: NetGuard 24/7 (netguard24-7.com) \| PhantomGrid Defense show less	Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 23:15:53 (1 month ago)	(mod_security) mod_security (id:218580) triggered by 140.235.1.35 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:218580) triggered by 140.235.1.35 (-): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 19:15:42.826358 2026] [security2:error] [pid 23027:tid 23027] [client 140.235.1.35:41033] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\/\\\\[!+](?:[\\\\w\\\\s=_\\\\-()]+)?\\\\*\\\\/)" at ARGS:action. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/22_SQL_SQLi.conf"] [line "76"] [id "218580"] [rev "1"] [msg "COMODO WAF: MySQL in-line comment detected.\|\|3905ccn.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "3905ccn.org"] [uri "/lookupLicensee.php"] [unique_id "agepHiCmBnS93cncPI9nvwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 tjs	2026-05-12 13:15:00 (1 month ago)	web attack	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-04-29 09:42:54 (1 month ago)	(mod_security) mod_security (id:210350) triggered by 140.235.1.35 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210350) triggered by 140.235.1.35 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 29 05:42:41.499022 2026] [security2:error] [pid 1153:tid 1153] [client 140.235.1.35:63859] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|backstore.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "backstore.com"] [uri "/backstore/HT-5005.htm"] [unique_id "afHSkW_57U4Lj531KoHPvAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 noise.agency	2026-04-27 23:25:16 (1 month ago)	(mod_security) mod_security triggered on hostname [redacted] 140.235.1.35 (US/United States/-)	SQL Injection
🇺🇸 TPI-Abuse	2026-03-10 22:11:35 (3 months ago)	(mod_security) mod_security (id:210350) triggered by 140.235.1.35 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210350) triggered by 140.235.1.35 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 10 18:11:25.031480 2026] [security2:error] [pid 31044:tid 31044] [client 140.235.1.35:12629] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.sublimationconsultants.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.sublimationconsultants.com"] [uri "/robots.txt"] [unique_id "abCXDRU1A2Y4IWTpJr_8uQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-03-04 23:36:39 (3 months ago)	attempts to hack passwords	Brute-Force Web App Attack
🇳🇱 jjnxpct	2026-03-04 04:52:13 (3 months ago)	Automated security incident from hosting server. ModSecurity blocked suspicious request targeting UR ... show more Automated security incident from hosting server. ModSecurity blocked suspicious request targeting URI: / (Rule ID: 920210) - Multiple/Conflicting Connection Header Data Found show less	Web App Attack
Anonymous	2026-01-31 14:14:59 (4 months ago)	Attempted brute force login to web vpn 1 time(s); last attempt for 2026.01.31 is noted in report tim ... show more Attempted brute force login to web vpn 1 time(s); last attempt for 2026.01.31 is noted in report timestamp show less	Hacking Brute-Force
🇱🇻 garmtech.com	2026-01-25 03:13:30 (4 months ago)	IM360 WAF: Attempt to upload malware	Hacking
Anonymous	2026-01-19 00:00:00 (5 months ago)	Brute force against VPN	Brute-Force Bad Web Bot
🇫🇷 masterguru	2025-12-23 11:03:05 (5 months ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 140.235.1.35 (US/United States/-): 1 in the la ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 140.235.1.35 (US/United States/-): 1 in the last 3600 secs (0-197) show less	Hacking
🇱🇻 garmtech.com	2025-12-05 23:58:16 (6 months ago)	IM360 WAF: Attempt to upload malware	Hacking
🇱🇻 garmtech.com	2025-10-26 17:53:22 (7 months ago)	IM360 WAF: Attempt to upload malware	Hacking

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 209.85.222.67

🇳🇱 176.65.139.235

🇲🇾 47.250.184.9

🇺🇸 2604:a880:400:d1:0:4:9e83:b001

🇺🇸 209.85.210.194

🇧🇦 195.222.57.190

🇸🇬 165.154.29.185

🇮🇩 103.168.135.187

🇨🇳 47.95.234.23

🇫🇷 45.81.243.62

🇺🇸 35.237.105.112

🇧🇪 209.85.221.43

🇺🇸 168.158.39.68

🇬🇭 154.161.255.214

🇨🇳 115.190.138.119

🇻🇳 103.82.21.8

🇺🇸 91.230.168.254

🇺🇸 73.161.96.107

🇨🇳 59.52.102.58

🇨🇴 45.65.235.231