JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 140.235.3.92

140.235.3.92 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 1%: ?

ISP	DirectBackup LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS26548
Domain Name	directbackup.co
Country	🇺🇸 United States of America
City	Seattle, Washington

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 140.235.3.92

Whois 140.235.3.92

IP Abuse Reports for 140.235.3.92:

This IP address has been reported a total of 19 times from 11 distinct sources. 140.235.3.92 was first reported on August 27th 2025, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-05-13 20:31:02 (3 weeks ago)	(mod_security) mod_security (id:218580) triggered by 140.235.3.92 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:218580) triggered by 140.235.3.92 (-): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 13 16:30:55.186552 2026] [security2:error] [pid 16169:tid 16169] [client 140.235.3.92:56791] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:\\\\/\\\\[!+](?:[\\\\w\\\\s=_\\\\-()]+)?\\\\*\\\\/)" at ARGS:/category/361/start-12. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/22_SQL_SQLi.conf"] [line "76"] [id "218580"] [rev "1"] [msg "COMODO WAF: MySQL in-line comment detected.\|\|www.genesis-castle.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "www.genesis-castle.com"] [uri "/gallery/index.php"] [unique_id "agTffy7BqW5y8QzdLnkdIgAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 MusicLibrary	2026-03-28 13:47:11 (2 months ago)	Attempted access to non existent wordpress urls	Bad Web Bot
Anonymous	2026-03-24 23:16:02 (2 months ago)	Attempt to scan vulnerabilities	Hacking
🇮🇩 BPS-StatisticsIndonesia	2026-03-20 21:07:43 (2 months ago)	XML RPC Scan Activities: "2026-03-21T04:07:43.742+07:00" "/xmlrpc.php" "140.235.3.92" "Chrome/93.3 S ... show more XML RPC Scan Activities: "2026-03-21T04:07:43.742+07:00" "/xmlrpc.php" "140.235.3.92" "Chrome/93.3 Safari/533.53" show less	Web App Attack Brute-Force
🇮🇩 BPS-StatisticsIndonesia	2026-03-16 21:37:16 (2 months ago)	XML RPC Scan Activities: "2026-03-17T04:37:16.555+07:00" "/xmlrpc.php" "140.235.3.92" "Mozilla/5.0 ( ... show more XML RPC Scan Activities: "2026-03-17T04:37:16.555+07:00" "/xmlrpc.php" "140.235.3.92" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:145.0) Gecko/20100101 Firefox/145.0" show less	Web App Attack Brute-Force
Anonymous	2026-03-16 08:30:52 (2 months ago)	"GET /xmlrpc.php HTTP/1.1"	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-03-14 10:08:57 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 140.235.3.92 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 140.235.3.92 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 14 06:08:48.809226 2026] [security2:error] [pid 5290:tid 5290] [client 140.235.3.92:30679] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|vitalitywebb.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "vitalitywebb.com"] [uri "/backstore/Barcalounger/Images/Bella II/Thumbs.db"] [unique_id "abUzsFT3V5Mow7CvbAQhCAAAAB8"], referer: https://vitalitywebb.com/backstore/Barcalounger/Images/Bella%20II/ show less	Brute-Force Bad Web Bot Web App Attack
🇮🇩 BPS-StatisticsIndonesia	2026-03-13 17:53:00 (2 months ago)	XML RPC Scan Activities: "2026-03-14T00:53:00.696+07:00" "/xmlrpc.php" "140.235.3.92" "AppleWebKit/5 ... show more XML RPC Scan Activities: "2026-03-14T00:53:00.696+07:00" "/xmlrpc.php" "140.235.3.92" "AppleWebKit/531.31 (KHTML, like Gecko111)" show less	Web App Attack Brute-Force
🇮🇩 BPS-StatisticsIndonesia	2026-03-12 18:18:22 (2 months ago)	XML RPC Scan Activities: "2026-03-13T01:18:22.283+07:00" "/xmlrpc.php" "140.235.3.92" "AppleWebKit/5 ... show more XML RPC Scan Activities: "2026-03-13T01:18:22.283+07:00" "/xmlrpc.php" "140.235.3.92" "AppleWebKit/538.38 (KHTML, like Gecko111)" show less	Web App Attack Brute-Force
🇺🇸 Penny Packer	2026-02-10 04:08:16 (3 months ago)	Fail2Ban apache-tripwires	Web App Attack
🇪🇸 el-brujo	2026-02-05 13:35:51 (4 months ago)	Cloudflare WAF: Request Path: /xmlrpc.php Request Query: Host: foro.elhacker.net userAgent: Mozilla ... show more Cloudflare WAF: Request Path: /xmlrpc.php Request Query: Host: foro.elhacker.net userAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:146.0) Gecko/20100101 Firefox/146.0 Action: managed_challenge Source: firewallManaged ASN Description: PUREVOLTAGE-INC - PureVoltage Hosting Inc. Country: US Method: POST Timestamp: 2026-02-05T13:35:51Z ruleId: 5de7edfa648c4d6891dc3e7f84534ffa. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇨🇭 backslash	2026-02-04 02:20:21 (4 months ago)	block ruleset 798ECF92F12ADC636D3520C2890AF17ADEFDE3BE	Bad Web Bot
🇨🇭 backslash	2026-01-02 11:40:19 (5 months ago)	block ruleset 798ECF92F12ADC636D3520C2890AF17ADEFDE3BE	Bad Web Bot
🇱🇻 garmtech.com	2025-12-28 18:04:45 (5 months ago)	IM360 WAF: Attempt to upload malware	Hacking
🇺🇸 fbarela	2025-11-06 14:00:43 (7 months ago)	FortiGate SSL VPN login failures.	Hacking Brute-Force

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 180.76.183.253

🇺🇸 172.190.24.225

🇺🇸 149.72.229.181

🇲🇾 47.250.155.223

🇸🇬 47.84.132.182

🇺🇸 35.169.206.177

🇮🇷 5.235.205.171

🇨🇳 221.194.152.152

🇩🇪 128.14.225.253

🇻🇳 103.237.144.204

🇮🇩 103.165.139.145

🇮🇹 93.92.74.139

🇺🇸 66.132.172.152

🇵🇱 57.128.225.99

🇺🇸 34.182.141.172

🇺🇸 8.229.40.113

🇨🇦 192.178.64.22

🇺🇸 159.223.176.166

🇨🇳 115.48.152.102

🇭🇰 112.119.21.245