JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 192.3.140.104

192.3.140.104 was found in our database!

This IP was reported 31 times. Confidence of Abuse is 90%: ?

90%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	192-3-140-104-host.colocrossing.com
Domain Name	hostpapa.com
Country	🇺🇸 United States of America
City	Buffalo, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 192.3.140.104

Whois 192.3.140.104

IP Abuse Reports for 192.3.140.104:

This IP address has been reported a total of 31 times from 16 distinct sources. 192.3.140.104 was first reported on March 30th 2025, and the most recent report was 10 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 dynamix	2026-06-17 16:48:14 (10 minutes ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇩🇪 LRob.fr	2026-06-17 05:30:03 (11 hours ago)	Repeated attacks detected by Fail2Ban in recidive jail	Hacking
🇩🇪 LRob.fr	2026-06-17 03:30:08 (13 hours ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2026-06-16 21:59:20 (18 hours ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-15. show less	Web App Attack SSH Hacking
🇩🇪 Vegascosmetics	2026-06-16 21:31:16 (19 hours ago)	(Kingcopy.org-AI-IDS-Report):IP automatically blocked after suspicious activity. Vegas Security	DDoS Attack Hacking Exploited Host
🇺🇸 xmission.com	2026-06-16 08:13:21 (1 day ago)	Blocked by UFW (TCP on 51866) Source port: 9000 TTL: 51 Packet length: 76 TOS: 0x08 This report (fo ... show more Blocked by UFW (TCP on 51866) Source port: 9000 TTL: 51 Packet length: 76 TOS: 0x08 This report (for 192.3.140.104) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 oncord	2026-06-16 06:53:01 (1 day ago)	Form spam	Web Spam
🇩🇪 LRob.fr	2026-06-15 23:30:18 (1 day ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇩🇪 _ArminS_	2026-06-15 23:21:12 (1 day ago)	WEB-Scan 64158:80 detected 2026.06.16 01:21:12 blocked until 2026.08.04 18:23:59	Port Scan
🇺🇸 TPI-Abuse	2026-06-15 19:17:35 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 192.3.140.104 (192-3-140-104-host.colocrossing. ... show more (mod_security) mod_security (id:225170) triggered by 192.3.140.104 (192-3-140-104-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 15:17:29.951787 2026] [security2:error] [pid 834:tid 834] [client 192.3.140.104:23922] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|ablogisticsgroup.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ablogisticsgroup.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajBPycSeW7ifoKcOUY6_kAAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-06-15 14:56:40 (2 days ago)	Blocked by UFW (TCP on 52376) Source port: 9000 TTL: 51 Packet length: 76 TOS: 0x08 This report (fo ... show more Blocked by UFW (TCP on 52376) Source port: 9000 TTL: 51 Packet length: 76 TOS: 0x08 This report (for 192.3.140.104) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇬🇧 anycast_ac	2026-06-15 14:48:51 (2 days ago)	[WebProtection] L4/L7 attack source · L4-443-CC-DROP · 5 hits/window	Port Scan
🇩🇪 anycast_ac	2026-06-15 14:26:59 (2 days ago)	[DDoS Attacker] This IP was attacking website nucleardlc.fun and sent 9571 requests on port 443	DDoS Attack Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 11:59:50 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 192.3.140.104 (192-3-140-104-host.colocrossing. ... show more (mod_security) mod_security (id:210492) triggered by 192.3.140.104 (192-3-140-104-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 07:59:47.584738 2026] [security2:error] [pid 5770:tid 5770] [client 192.3.140.104:55352] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.wglennburns.com"] [uri "/.git/config"] [unique_id "ai_pM8XVrnoJkQaJ-mr7ggAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 11:22:43 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 192.3.140.104 (192-3-140-104-host.colocrossing. ... show more (mod_security) mod_security (id:210492) triggered by 192.3.140.104 (192-3-140-104-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 07:22:35.443421 2026] [security2:error] [pid 1379:tid 1379] [client 192.3.140.104:36712] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "backspaced.com.blockdredge.com"] [uri "/.git/config"] [unique_id "ai_ge9UCTTsnu6FcjLtvawAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 31 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 218.13.26.42

🇨🇳 139.227.161.248

🇺🇸 74.249.177.110

🇸🇬 2a09:bac5:55fa:18d2::279:11

🇺🇸 212.192.28.11

🇳🇱 45.148.10.151

🇩🇪 45.135.194.15

🇭🇰 199.45.154.188

🇺🇸 142.248.80.164

🇷🇺 95.215.108.47

🇳🇱 64.89.162.167

🇮🇳 4.247.141.61

🇷🇴 2.57.122.177

🇺🇸 205.210.31.25

🇧🇦 185.65.107.14

🇳🇱 176.65.139.85

🇧🇷 45.205.1.5

🇸🇨 45.194.67.146

🇺🇸 20.64.105.194

🇷🇴 2.57.122.238