JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 146.103.55.120

146.103.55.120 was found in our database!

This IP was reported 8 times. Confidence of Abuse is 16%: ?

16%

ISP	Brander Group Inc
Usage Type	Data Center/Web Hosting/Transit
ASN	AS40676
Domain Name	brandergroup.net
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 146.103.55.120

Whois 146.103.55.120

IP Abuse Reports for 146.103.55.120:

This IP address has been reported a total of 8 times from 3 distinct sources. 146.103.55.120 was first reported on May 26th 2026, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-05-27 22:01:06 (3 weeks ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-26. show less	Web App Attack SSH Hacking
🇺🇸 OceanTreasure	2026-05-27 19:40:08 (3 weeks ago)	tcp/80; wp-config* exposure (R21): "GET /wp-config.php.save" @ 2026-05-27T19:37:41Z	Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 18:44:26 (3 weeks ago)	(mod_security) mod_security (id:949110) triggered by 146.103.55.120 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:949110) triggered by 146.103.55.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 14:43:41.079309 2026] [security2:error] [pid 6648:tid 6648] [client 146.103.55.120:56453] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tsmdsc.cescfoundation.org"] [uri "/app/config/parameters.yml"] [unique_id "ahc7XQ7PVVDfGKZYWCJnEAAAABE"], referer: https://www.google.com/search?q=www.tsmdsc.cescfoundation.org show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 17:44:05 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 146.103.55.120 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 146.103.55.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 13:43:58.813194 2026] [security2:error] [pid 22623:tid 22623] [client 146.103.55.120:58099] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bryteandbroderick.org"] [uri "/.env.php"] [unique_id "ahctXnIL91WTSEv8gHmx4QAAAAc"], referer: https://www.google.com/search?q=bryteandbroderick.org show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 00:57:57 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 146.103.55.120 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 146.103.55.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 20:57:50.551592 2026] [security2:error] [pid 19544:tid 19544] [client 146.103.55.120:53751] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "johnlittlehorn.com"] [uri "/sftp-config.json"] [unique_id "ahZBjpxyAdt4o7nfCmOG-gAAABg"], referer: https://www.google.com/search?q=johnlittlehorn.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 00:32:54 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 146.103.55.120 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 146.103.55.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 20:32:48.620473 2026] [security2:error] [pid 18929:tid 18929] [client 146.103.55.120:40153] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/config/parameters.yml" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "stthomastrainer.com"] [uri "/app/config/parameters.yml"] [unique_id "ahY7sEjIA5GluAZ0ehbP1AAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 23:51:51 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 146.103.55.120 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 146.103.55.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 19:51:06.307095 2026] [security2:error] [pid 27396:tid 27396] [client 146.103.55.120:41769] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.asfmglobal.com"] [uri "/wp-config.php.swp"] [unique_id "ahYx6sijbeqSVIIprR5A0AAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 17:53:56 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 146.103.55.120 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 146.103.55.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 13:53:45.795199 2026] [security2:error] [pid 23031:tid 23031] [client 146.103.55.120:42783] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|krugmans.net\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "krugmans.net"] [uri "/config/database.php.bak"] [unique_id "ahXeKV2DxduJX73Iyc3YrQAAAB0"], referer: https://www.google.com/search?q=krugmans.net show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 8 of 8 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇪 198.235.24.131

🇮🇳 128.185.209.30

🇷🇸 109.93.201.253

🇹🇭 102.129.138.199

🇺🇸 66.132.172.184

🇺🇸 64.62.156.218

🇷🇴 2.57.121.112

🇺🇸 2607:f8b0:4001:c62::12e

🇷🇺 212.3.137.136

🇨🇳 112.82.218.232

🇭🇰 101.36.108.133

🇮🇷 85.198.19.242

🇨🇴 69.6.234.27

🇺🇸 66.132.186.187

🇫🇷 2001:41d0:33d:9200::402

🇨🇳 49.75.102.29

🇺🇸 2604:a880:400:d1:0:4:9e91:4001

🇰🇬 213.109.66.53

🇺🇸 172.245.21.30

🇸🇪 171.25.158.82