JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 140.235.2.37

140.235.2.37 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 19%: ?

19%

ISP	DirectBackup LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS26548
Domain Name	directbackup.co
Country	🇺🇸 United States of America
City	Seattle, Washington

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 140.235.2.37

Whois 140.235.2.37

IP Abuse Reports for 140.235.2.37:

This IP address has been reported a total of 10 times from 9 distinct sources. 140.235.2.37 was first reported on May 7th 2025, and the most recent report was 12 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 el-brujo	2026-06-15 09:30:03 (12 hours ago)	Cloudflare WAF: Request Path: /register2.html Request Query: Host: foro.elhacker.net userAgent: Moz ... show more Cloudflare WAF: Request Path: /register2.html Request Query: Host: foro.elhacker.net userAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:149.0) Gecko/20100101 Firefox/149.0 Action: managed_challenge Source: firewallCustom ASN Description: PureVoltage Hosting Inc. Country: US Method: POST Timestamp: 2026-06-15T09:30:03Z ruleId: 5012d84c6d9f467499149a3cd38d0b9d. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇺🇸 kosada.com	2026-06-03 10:44:27 (1 week ago)	Web password guessing	Brute-Force
🇮🇩 Burayot	2026-04-30 00:43:55 (1 month ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 140.235.2.37 (US/United States/-): ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 140.235.2.37 (US/United States/-): 2 in the last 3600 secs show less	Web App Attack
Anonymous	2026-01-19 00:00:00 (4 months ago)	Brute force against VPN	Brute-Force Bad Web Bot
Anonymous	2026-01-17 17:21:12 (4 months ago)	Attempted brute force login to web vpn 1 time(s); last attempt for 2026.01.17 is noted in report tim ... show more Attempted brute force login to web vpn 1 time(s); last attempt for 2026.01.17 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2026-01-14 03:26:18 (5 months ago)	WordPress Brute Force	Brute-Force
🇱🇻 garmtech.com	2025-12-29 00:43:50 (5 months ago)	IM360 WAF: Attempt to upload malware	Hacking
🇺🇸 TPI-Abuse	2025-12-20 05:27:29 (5 months ago)	(mod_security) mod_security (id:210350) triggered by 140.235.2.37 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210350) triggered by 140.235.2.37 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 20 00:27:20.356041 2025] [security2:error] [pid 29675:tid 29675] [client 140.235.2.37:9683] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.birdlovesfish.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.birdlovesfish.com"] [uri "/"] [unique_id "aUYzuMo0ilEAypNhst6BowAAADk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-15 02:37:42 (6 months ago)	(mod_security) mod_security (id:210350) triggered by 140.235.2.37 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210350) triggered by 140.235.2.37 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 14 21:37:31.551767 2025] [security2:error] [pid 31123:tid 31123] [client 140.235.2.37:16507] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|renjunews.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "renjunews.com"] [uri "/"] [unique_id "aT90a6deAoggHCkjdMPYPgAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 masterguru	2025-05-07 01:31:40 (1 year ago)	wp-login request blocked, no referer. Pattern match "wp-login.php" at REQUEST_URI. (5001900-122)	Web App Attack

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇿🇦 197.95.122.253

🇧🇷 170.238.128.201

🇨🇳 42.180.4.166

🇨🇳 8.152.193.140

🇿🇦 197.87.116.209

🇪🇬 197.39.158.125

🇧🇷 190.115.84.25

🇮🇳 122.185.237.142

🇨🇳 122.51.47.10

🇮🇳 103.120.176.124

🇵🇰 103.18.14.249

🇺🇸 50.118.184.103

🇦🇺 15.135.112.243

🇰🇿 2.134.15.12

🇷🇴 2.57.122.238

🇪🇬 197.37.140.4

🇪🇬 197.35.243.210

🇪🇬 197.35.236.237

🇸🇬 188.166.251.103

🇮🇶 185.166.25.150