JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 3.67.2.140

3.67.2.140 was found in our database!

This IP was reported 22 times. Confidence of Abuse is 46%: ?

46%

ISP	A100 ROW GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS16509
Hostname(s)	ec2-3-67-2-140.eu-central-1.compute.amazonaws.com
Domain Name	amazon.com
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 3.67.2.140

Whois 3.67.2.140

IP Abuse Reports for 3.67.2.140:

This IP address has been reported a total of 22 times from 15 distinct sources. 3.67.2.140 was first reported on December 10th 2025, and the most recent report was 19 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 4server	2026-06-11 18:42:01 (19 hours ago)	[ThuJun1120:41:55.1432402026][security2:error][pid2447227:tid2447307][client3.67.2.140:0]ModSecurity ... show more [ThuJun1120:41:55.1432402026][security2:error][pid2447227:tid2447307][client3.67.2.140:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\\$\(\?:\\\\\\\\\(\(\?:\\\\\\\\\(.\\\\\\\\\$\\|.\\)\\\\\\\\\)\\|\\\\\\\\{.\\\\\\\\\}\)\\|[\<\>]\\\\\\\\$.\\\\\\\\\$\)\"atARGS:0.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"396\"][id\"393655\"][rev\"17\"][msg\"Atomicorp.comWAFRules:PossibleRemoteCommandExecution:UnixShellExpressionFound\"][data\"MatchedData:\${encodeuricomponent$string\(res$\)}307\`}\)_chunks:\$q2_formdata:{get:\$1:constructor:constructor}}}foundwithinARGS:0:{then:\$1:__proto__:thenstatus:resolved_modelreason:-1value:{then:\$b1337}_response:{_prefix:varres=$function\(${var_r=typeofrequire\!==undefined\?require:$process.mainmodule\?process.mainmodule.require.bind\(process.mainmodule$:$typeofglobalthis.require\!==undefined\?globalthis.require:null$\)return12899339148110000}\)throwobject.assign$newerror\(next_redirect${...\"][tag\"attack-rce\"][hos show less	Port Scan Brute-Force Web App Attack
🇫🇷 masterguru	2026-06-11 07:28:18 (1 day ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 3.67.2.140 (DE/Germany/ec2-3-67-2-140 ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 3.67.2.140 (DE/Germany/ec2-3-67-2-140.eu-central-1.compute.amazonaws.com): 1 in the last 3600 secs (0-195) show less	Hacking
🇺🇸 nyt	2026-06-11 05:05:25 (1 day ago)	Bare UA + POST	Web App Attack
🇺🇸 Starburst SysOp Team	2026-06-11 03:50:17 (1 day ago)	Malware host detected by rbl.malware.expert. RBL lookup of 140.2.67.3.rbl.malware.expert succeeded a ... show more Malware host detected by rbl.malware.expert. RBL lookup of 140.2.67.3.rbl.malware.expert succeeded at REMOTE_ADDR. (400010-iad5-2) show less	Hacking
🇮🇪 RoboSOC	2026-06-10 11:28:52 (2 days ago)	React Server Components Remote Code Execution Vulnerability, PTR: ec2-3-67-2-140.eu-central-1.comput ... show more React Server Components Remote Code Execution Vulnerability, PTR: ec2-3-67-2-140.eu-central-1.compute.amazonaws.com. show less	Hacking
🇯🇵 VXG-NET	2026-06-02 02:33:51 (1 week ago)	port=80, indicator_type=code-execution	Hacking
Anonymous	2026-06-01 12:28:00 (1 week ago)	React.Server.Components.react-flight.Remote.Code.Execution	Hacking
🇮🇪 RoboSOC	2026-05-31 21:48:48 (1 week ago)	React Server Components Remote Code Execution Vulnerability, PTR: ec2-3-67-2-140.eu-central-1.comput ... show more React Server Components Remote Code Execution Vulnerability, PTR: ec2-3-67-2-140.eu-central-1.compute.amazonaws.com. show less	Hacking
🇫🇷 masterguru	2026-05-27 12:24:01 (2 weeks ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 3.67.2.140 (DE/Germany/ec2-3-67-2-140 ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 3.67.2.140 (DE/Germany/ec2-3-67-2-140.eu-central-1.compute.amazonaws.com): 1 in the last 3600 secs (0-197) show less	Hacking
🇫🇷 masterguru	2026-01-26 15:40:43 (4 months ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 3.67.2.140 (DE/Germany/ec2-3-67-2-140 ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 3.67.2.140 (DE/Germany/ec2-3-67-2-140.eu-central-1.compute.amazonaws.com): 1 in the last 3600 secs (0-195) show less	Hacking
🇩🇪 iNetWorker	2026-01-25 16:24:40 (4 months ago)	trolling for resource vulnerabilities	Web App Attack
🇫🇷 masterguru	2026-01-23 06:53:20 (4 months ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 3.67.2.140 (DE/Germany/ec2-3-67-2-140 ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 3.67.2.140 (DE/Germany/ec2-3-67-2-140.eu-central-1.compute.amazonaws.com): 1 in the last 3600 secs (0-196) show less	Hacking
🇺🇸 JustMeHere	2026-01-23 05:49:40 (4 months ago)	[Fri Jan 23 00:49:34.450194 2026] [security2:error] [pid 1253:tid 1288] [client 3.67.2.140:18461] Mo ... show more [Fri Jan 23 00:49:34.450194 2026] [security2:error] [pid 1253:tid 1288] [client 3.67.2.140:18461] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 45)"] [ver "OWASP_CRS/4.15.0"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "learn.kiwiconsulting.yorknation.com"] [uri "/"] [unique_id "aXML7vZxC0fh3u1pIZroaQAAAMc"] ... show less	Web App Attack
🇫🇷 masterguru	2026-01-22 16:34:04 (4 months ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 3.67.2.140 (DE/Germany/ec2-3-67-2-140 ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 3.67.2.140 (DE/Germany/ec2-3-67-2-140.eu-central-1.compute.amazonaws.com): 1 in the last 3600 secs (0-193) show less	Hacking
🇫🇷 masterguru	2026-01-22 16:18:48 (4 months ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 3.67.2.140 (DE/Germany/ec2-3-67-2-140 ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 3.67.2.140 (DE/Germany/ec2-3-67-2-140.eu-central-1.compute.amazonaws.com): 1 in the last 3600 secs (0-195) show less	Hacking

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 172.206.225.82

🇧🇩 103.239.252.132

🇺🇸 66.52.70.140

🇬🇧 172.71.26.44

🇩🇪 139.19.117.131

🇨🇳 106.37.170.66

🇸🇪 83.177.199.97

🇺🇸 64.62.156.195

🇲🇾 49.124.155.162

🇨🇴 45.167.250.45

🇬🇭 41.155.88.155

🇬🇧 2a06:4880:8000::a5

🇺🇸 198.199.85.66

🇺🇸 172.171.243.12

🇺🇸 136.109.251.157

🇨🇳 115.56.238.174

🇺🇸 91.230.168.148

🇸🇬 68.183.185.195

🇺🇸 52.180.137.14

🇬🇧 35.203.210.63