JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 140.235.3.160

140.235.3.160 was found in our database!

This IP was reported 11 times. Confidence of Abuse is 0%: ?

ISP	DirectBackup LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS26548
Domain Name	directbackup.co
Country	🇺🇸 United States of America
City	Seattle, Washington

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 140.235.3.160

Whois 140.235.3.160

IP Abuse Reports for 140.235.3.160:

This IP address has been reported a total of 11 times from 9 distinct sources. 140.235.3.160 was first reported on May 6th 2025, and the most recent report was 3 months ago.

Old Reports: The most recent abuse report for this IP address is from 3 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇪 voormedia	2026-02-09 05:09:17 (3 months ago)	Accessed trap at '/xmlrpc.php'	Web App Attack
🇪🇸 el-brujo	2026-02-05 13:35:51 (3 months ago)	Cloudflare WAF: Request Path: /xmlrpc.php Request Query: Host: foro.elhacker.net userAgent: Mozilla ... show more Cloudflare WAF: Request Path: /xmlrpc.php Request Query: Host: foro.elhacker.net userAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:146.0) Gecko/20100101 Firefox/146.0 Action: managed_challenge Source: firewallManaged ASN Description: PUREVOLTAGE-INC - PureVoltage Hosting Inc. Country: US Method: POST Timestamp: 2026-02-05T13:35:51Z ruleId: 5de7edfa648c4d6891dc3e7f84534ffa. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇩🇪 MusicLibrary	2026-02-05 12:12:31 (3 months ago)	Attempted access to non existent wordpress urls	Bad Web Bot
Anonymous	2026-01-30 03:43:53 (4 months ago)	Attempted brute force login to web vpn 2 time(s); last attempt for 2026.01.30 is noted in report tim ... show more Attempted brute force login to web vpn 2 time(s); last attempt for 2026.01.30 is noted in report timestamp show less	Hacking Brute-Force
🇮🇩 Burayot	2026-01-02 20:24:39 (5 months ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 140.235.3.160 (US/United States/-): ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 140.235.3.160 (US/United States/-): 1 in the last 3600 secs show less	Web App Attack
🇺🇸 nowyouknow	2025-12-19 08:28:08 (5 months ago)	(From [email protected]) Hello Team, I typed your main service keywords into Google ... show more (From [email protected]) Hello Team, I typed your main service keywords into Google today, and I noticed something frustrating. Your website is professionally designed, but it’s buried on Page 2. Meanwhile, 2 or 3 of your direct competitors, who frankly have weaker websites than you—are sitting at the top of Page 1. They are effectively "stealing" leads that were looking for you. They aren't better than you; they just have better SEO signals. I’ve already analyzed exactly what they are doing differently. If you want to see the comparison report, just reply "Yes" and I’ll send it over. Cheers, QIK show less	Phishing Web Spam
🇺🇸 TPI-Abuse	2025-11-07 05:20:48 (6 months ago)	(mod_security) mod_security (id:225170) triggered by 140.235.3.160 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 140.235.3.160 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 07 00:20:39.196983 2025] [security2:error] [pid 5851:tid 5851] [client 140.235.3.160:35761] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|bernsteinip.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "bernsteinip.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aQ2Bp7FYvdCtXhqaSS1dwwAAAAs"], referer: https://bernsteinip.com/wp-json/wp/v2/users/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-24 07:23:45 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 140.235.3.160 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 140.235.3.160 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 24 03:23:35.001682 2025] [security2:error] [pid 17195:tid 17195] [client 140.235.3.160:39589] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|jolankagroup.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "jolankagroup.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aPspdraPGxMiXxw-s8WYGgAAAAQ"], referer: https://jolankagroup.com/wp-json/wp/v2/users/ show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 el-brujo	2025-10-17 07:21:37 (7 months ago)	17/Oct/2025:09:21:36.994717 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 17/Oct/2025:09:21:36.994717 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 140.235.3.160] ModSecurity: Warning. Match of "rx ^[\\\\\\\\w/.+-]+(?:\\\\\\\\s?;\\\\\\\\s?(?:action\|boundary\|charset\|type\|start(?:-info)?)\\\\\\\\s?=\\\\\\\\s?['\\\\"\\\\\\\\w.()+,/:=?<>@-]+)*$" against "REQUEST_HEADERS:Content-Type" required. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "933"] [id "920470"] [msg "Illegal Content-Type header"] [data "application/x-www-form-urlencoded, application/x-www-form-urlencoded"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "foro.elhacker.net"] [uri "/wp-login.php"] [unique_id "aPHugDiL_DmiwpkEoBNsdwAGZAg"] ... show less	Hacking Web App Attack
Anonymous	2025-10-17 02:14:28 (7 months ago)	wordpress-trap	Web App Attack
🇩🇪 FeG Deutschland	2025-05-06 01:11:13 (1 year ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 27	Exploited Host Web App Attack

Showing 1 to 11 of 11 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇵🇭 138.84.67.100

🇫🇮 46.62.131.178

🇭🇰 168.76.131.178

🇺🇸 162.216.150.207

🇸🇬 152.32.218.244

🇧🇬 78.128.114.102

🇩🇪 77.22.211.47

🇩🇪 69.5.169.201

🇮🇳 49.205.177.134

🇯🇵 8.216.12.44

🇺🇦 5.149.210.148

🇺🇸 4.157.250.195

🇧🇪 207.175.40.228

🇬🇧 195.206.182.200

🇫🇷 185.255.126.2

🇩🇪 167.94.146.39

🇺🇸 147.185.132.171

🇷🇴 92.118.39.236

🇺🇸 66.132.186.241

🇩🇪 43.165.62.10