JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 194.32.120.140

194.32.120.140 was found in our database!

This IP was reported 70 times. Confidence of Abuse is 26%: ?

26%

ISP	VPN Consumer London, United Kingdom
Usage Type	Data Center/Web Hosting/Transit
ASN	AS42831
Domain Name	vpnconsumer.com
Country	🇬🇧 United Kingdom of Great Britain and Northern Ireland
City	London, England

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 194.32.120.140

Whois 194.32.120.140

IP Abuse Reports for 194.32.120.140:

This IP address has been reported a total of 70 times from 38 distinct sources. 194.32.120.140 was first reported on June 28th 2022, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇦 Mediashaker	2026-06-18 19:20:14 (5 days ago)	(apache-scanners) Failed apache-scanners trigger with match [redacted] from 194.32.120.140 (GB/Unite ... show more (apache-scanners) Failed apache-scanners trigger with match [redacted] from 194.32.120.140 (GB/United Kingdom/-) show less	Port Scan
🇩🇪 LRob.fr	2026-06-18 14:30:04 (6 days ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
🇫🇷 SpaceHost-Server	2026-06-10 22:28:19 (1 week ago)		Brute-Force Web App Attack
🇫🇷 SpaceHost-Server	2026-06-09 22:27:38 (2 weeks ago)		Brute-Force Web App Attack
🇯🇵 demonsword	2026-06-05 09:59:36 (2 weeks ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: account.jetbrains.com:443 show less	Open Proxy Port Scan
🇺🇸 fortypoundhead	2026-04-10 06:52:49 (2 months ago)	Banned IP Address	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-02-27 19:42:20 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 194.32.120.140 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 194.32.120.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 27 14:42:17.196212 2026] [security2:error] [pid 9057:tid 9057] [client 194.32.120.140:23025] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|phantomquailkennel.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "phantomquailkennel.com"] [uri "/backups/backup.sql"] [unique_id "aaHzmZQnBPqI2VRm0NKE8AAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-24 23:29:10 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 194.32.120.140 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 194.32.120.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 24 18:29:06.623252 2026] [security2:error] [pid 5599:tid 5599] [client 194.32.120.140:40977] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.spectorworld.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.spectorworld.com"] [uri "/restore/sql.sql"] [unique_id "aZ40QsiAFcPAQ4NZFDKzFgAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-02-13 21:05:52 (4 months ago)	Request Overload (141)	Brute-Force Web App Attack
🇺🇸 myagent.site	2026-02-13 17:33:50 (4 months ago)	Blocking for trying to access an exploit file: //style.php	Hacking
🇺🇦 URAN Publishing Service	2026-02-13 10:19:34 (4 months ago)	194.32.120.140 - - [13/Feb/2026:12:19:33 +0200] "GET //wp-content/plugins/dummyyummy/wp-signup.php H ... show more 194.32.120.140 - - [13/Feb/2026:12:19:33 +0200] "GET //wp-content/plugins/dummyyummy/wp-signup.php HTTP/1.1" 404 271 "-" "Go-http-client/1.1" 194.32.120.140 - - [13/Feb/2026:12:19:34 +0200] "GET //wp-content/themes/twenty/twenty.php HTTP/1.1" 404 271 "-" "Go-http-client/1.1" ... show less	Web App Attack
🇩🇪 BlueWire Hosting	2026-02-07 17:30:04 (4 months ago)	Suspicious HTTP(s) activity without a user agent provided	Bad Web Bot
🇺🇸 TPI-Abuse	2026-02-07 17:25:49 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 194.32.120.140 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 194.32.120.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 07 12:25:45.504313 2026] [security2:error] [pid 5409:tid 5498] [client 194.32.120.140:26161] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dpscsde.com"] [uri "/back/sftp-config.json"] [unique_id "aYd1mS6-Hunvpk0gGP_89QAAAIQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 cmbplf	2026-01-28 23:14:46 (4 months ago)	251 requests with url.path /.well-known/pki-validation/.php 222 requests with url.path /.well-k ... show more 251 requests with url.path /.well-known/pki-validation/.php 222 requests with url.path /.well-known/acme-challenge/*.php show less	Brute-Force Bad Web Bot
🇺🇸 kosada.com	2026-01-27 17:41:58 (4 months ago)	Web vulnerability probing: /wp-content/uploads/wpr-addons/forms/b1ack.php	Web App Attack

Showing 1 to 15 of 70 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 195.96.139.182

🇨🇳 180.159.79.88

🇺🇸 172.69.134.245

🇮🇩 157.10.182.14

🇷🇴 141.98.83.111

🇫🇮 135.181.182.250

🇰🇷 121.165.187.77

🇮🇪 108.130.223.55

🇺🇸 87.58.199.37

🇧🇭 84.255.184.6

🇧🇬 79.124.58.118

🇱🇹 45.227.254.170

🇫🇷 2a04:cec0:11aa:3252:4c09:102:fb6c:3eee

🇨🇳 223.109.252.230

🇧🇷 177.12.182.167

🇺🇸 147.182.132.210

🇻🇳 123.18.87.177

🇨🇳 118.145.242.91

🇺🇸 99.93.177.9

🇹🇷 78.171.41.131