JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 192.0.101.140

192.0.101.140 was found in our database!

This IP was reported 31 times. Confidence of Abuse is 0%: ?

ISP	Automattic, Inc
Usage Type	Data Center/Web Hosting/Transit
ASN	AS2635
Hostname(s)	wordpress.com
Domain Name	automattic.com
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 192.0.101.140

Whois 192.0.101.140

IP Abuse Reports for 192.0.101.140:

This IP address has been reported a total of 31 times from 11 distinct sources. 192.0.101.140 was first reported on February 25th 2021, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-01-18 13:30:58 (4 months ago)	(mod_security) mod_security (id:240335) triggered by 192.0.101.140 (wordpress.com): 1 in the last 30 ... show more (mod_security) mod_security (id:240335) triggered by 192.0.101.140 (wordpress.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 18 08:30:50.996525 2026] [security2:error] [pid 14557:tid 14557] [client 192.0.101.140:61056] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 192.0.101.140 (+1 hits since last alert)\|www.dixiegeek.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.dixiegeek.com"] [uri "/xmlrpc.php"] [unique_id "aWzgiqLSsufjG6fqbL71WQAAAAU"], referer: https://www.dixiegeek.com/xmlrpc.php?for=jetpack&token=1q9Je5bEbzwhrQxb5lIM%2A4y%21EWgzQ3%24m%3A1%3A0&timestamp=1768743050&nonce=kRzavU6Ghz&body-hash=METbiCw%2BtMQdctk0fdLMNlXOKKM%3D&signature=9nVLbh7EwjHpQIfM4cEZ7cYS4ac%3D show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-18 13:47:22 (9 months ago)	(mod_security) mod_security (id:240335) triggered by 192.0.101.140 (wordpress.com): 1 in the last 30 ... show more (mod_security) mod_security (id:240335) triggered by 192.0.101.140 (wordpress.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 18 09:47:16.918309 2025] [security2:error] [pid 19237:tid 19237] [client 192.0.101.140:48050] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 192.0.101.140 (+1 hits since last alert)\|www.dixiegeek.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.dixiegeek.com"] [uri "/xmlrpc.php"] [unique_id "aKMu5MZrTCyEXJJZdyNYfQAAABI"], referer: https://www.dixiegeek.com/xmlrpc.php?for=jetpack&token=1q9Je5bEbzwhrQxb5lIM%2A4y%21EWgzQ3%24m%3A1%3A0&timestamp=1755524836&nonce=9n04UxD37u&body-hash=METbiCw%2BtMQdctk0fdLMNlXOKKM%3D&signature=2%2FczFn5UG0OOKsPvUEMnXPfdTFc%3D show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 10dencehispahard SL	2025-05-15 05:10:13 (1 year ago)	WP probing for vulnerabilities	Hacking Exploited Host
🇺🇸 TPI-Abuse	2025-03-04 13:26:25 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 192.0.101.140 (wordpress.com): 1 in the last 30 ... show more (mod_security) mod_security (id:240335) triggered by 192.0.101.140 (wordpress.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 04 08:26:22.348901 2025] [security2:error] [pid 7404:tid 7404] [client 192.0.101.140:32122] [client 192.0.101.140] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 192.0.101.140 (+1 hits since last alert)\|www.dixiegeek.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.dixiegeek.com"] [uri "/xmlrpc.php"] [unique_id "Z8b_fvPZyGoHRPmFeMrvUgAAAAI"], referer: http://www.dixiegeek.com/xmlrpc.php?for=jetpack&token=1q9Je5bEbzwhrQxb5lIM%2A4y%21EWgzQ3%24m%3A1%3A0&timestamp=1741094782&nonce=MsBsuRi0m2&body-hash=METbiCw%2BtMQdctk0fdLMNlXOKKM%3D&signature=gtZ8iFugtkjETEoqbakd422rM7Q%3D show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-11-11 13:07:47 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 192.0.101.140 (wordpress.com): 1 in the last 30 ... show more (mod_security) mod_security (id:240335) triggered by 192.0.101.140 (wordpress.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 11 08:07:40.780060 2024] [security2:error] [pid 30504:tid 30504] [client 192.0.101.140:18134] [client 192.0.101.140] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 192.0.101.140 (+1 hits since last alert)\|www.dixiegeek.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.dixiegeek.com"] [uri "/xmlrpc.php"] [unique_id "ZzIBnIYP9qltidqVHgW7hQAAAAs"], referer: https://www.dixiegeek.com/xmlrpc.php?for=jetpack&token=1q9Je5bEbzwhrQxb5lIM%2A4y%21EWgzQ3%24m%3A1%3A0&timestamp=1731330460&nonce=enuzxl3vc4&body-hash=METbiCw%2BtMQdctk0fdLMNlXOKKM%3D&signature=JPpMtXDDgLmsOJCyBAeNpW5DVqs%3D show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Ba-Yu	2024-10-05 14:10:11 (1 year ago)	WordPress hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack
🇦🇺 MAGIC	2024-06-25 06:12:37 (1 year ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇺🇸 TPI-Abuse	2024-06-12 12:22:16 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 192.0.101.140 (wordpress.com): 1 in the last 30 ... show more (mod_security) mod_security (id:240335) triggered by 192.0.101.140 (wordpress.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 12 08:22:08.751640 2024] [security2:error] [pid 18173] [client 192.0.101.140:47164] [client 192.0.101.140] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 192.0.101.140 (+1 hits since last alert)\|www.dixiegeek.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.dixiegeek.com"] [uri "/xmlrpc.php"] [unique_id "ZmmS8OhjXNnygN8Z8at_PwAAAB4"], referer: https://www.dixiegeek.com/xmlrpc.php?for=jetpack&token=1q9Je5bEbzwhrQxb5lIM%2A4y%21EWgzQ3%24m%3A1%3A0&timestamp=1718194928&nonce=qpQiQMITR8&body-hash=METbiCw%2BtMQdctk0fdLMNlXOKKM%3D&signature=U3qLP%2FNqvorN2JeAVyLp3fG929c%3D show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-06-02 04:59:45 (2 years ago)	(mod_security) mod_security (id:240335) triggered by 192.0.101.140 (wordpress.com): 1 in the last 30 ... show more (mod_security) mod_security (id:240335) triggered by 192.0.101.140 (wordpress.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 02 00:59:38.888118 2024] [security2:error] [pid 14734] [client 192.0.101.140:4730] [client 192.0.101.140] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 192.0.101.140 (+1 hits since last alert)\|solarizelouisville.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "solarizelouisville.com"] [uri "/xmlrpc.php"] [unique_id "Zlv8OpQ8N0Vq7JNdoEn1BQAAAA0"], referer: https://solarizelouisville.com/xmlrpc.php?for=jetpack&token=N3%2AGP42Z1%21gz%2ARmJa%40lJr5I1FNi%26vC%21Y%3A1%3A0&timestamp=1717304378&nonce=tMaiTPdi2r&body-hash=METbiCw%2BtMQdctk0fdLMNlXOKKM%3D&signature=YBMxWB%2FYhqHVtkrFqGFa6DMpffU%3D show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2024-05-13 01:22:48 (2 years ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2024-04-30 07:10:37 (2 years ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2024-04-26 11:46:08 (2 years ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2024-04-25 04:31:57 (2 years ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2024-04-16 01:17:25 (2 years ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇩🇰 wnbhosting.dk	2023-01-10 16:54:11 (3 years ago)	WP xmlrpc [2023-01-10T12:54:11+01:00]	Hacking Web App Attack

Showing 1 to 15 of 31 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 87.236.176.75

🇫🇮 2a00:1450:4010:c1e::126

🇨🇳 222.71.205.34

🇺🇸 216.25.89.139

🇬🇧 195.96.139.206

🇬🇧 195.96.139.191

🇺🇸 172.202.118.119

🇺🇸 162.216.150.20

🇺🇸 129.212.183.98

🇨🇳 114.66.37.45

🇨🇳 111.61.175.118

🇭🇰 101.36.112.103

🇬🇧 87.236.176.95

🇩🇪 69.5.169.84

🇺🇸 65.49.1.42

🇷🇺 62.183.54.253

🇨🇳 47.92.232.23

🇦🇪 47.91.125.252

🇳🇱 45.148.10.240

🇨🇳 39.98.47.90