JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 37.140.192.12

37.140.192.12 was found in our database!

This IP was reported 27 times. Confidence of Abuse is 0%: ?

ISP	Reg.Ru Hosting
Usage Type	Content Delivery Network
ASN	AS197695
Hostname(s)	server106.hosting.reg.ru
Domain Name	reg.ru
Country	🇷🇺 Russian Federation
City	Moscow, Moscow

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 37.140.192.12

Whois 37.140.192.12

IP Abuse Reports for 37.140.192.12:

This IP address has been reported a total of 27 times from 13 distinct sources. 37.140.192.12 was first reported on March 30th 2023, and the most recent report was 1 year ago.

Old Reports: The most recent abuse report for this IP address is from 1 year ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 LRob.fr	2025-05-01 21:30:27 (1 year ago)	Repeated attacks detected by Fail2Ban in recidive jail	Hacking
🇩🇪 LRob.fr	2025-05-01 18:30:09 (1 year ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
Anonymous	2025-05-01 16:46:23 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇫🇷 danirod	2025-04-30 16:26:10 (1 year ago)	(WordPress / Loginizer) Automated login attempt to /xmlrpc.php	Brute-Force Web App Attack
Anonymous	2025-04-29 18:15:48 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇸🇬 Nookie	2025-04-29 00:36:19 (1 year ago)	From Phishing Email. IP hosted phishing site for credential theft: zovbest.ru/form/hiworksmain1andma ... show more From Phishing Email. IP hosted phishing site for credential theft: zovbest.ru/form/hiworksmain1andmain2only/index.htm show less	Phishing Email Spam
Anonymous	2025-04-16 13:58:32 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇩🇪 LRob.fr	2025-04-03 08:00:14 (1 year ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
Anonymous	2025-04-03 01:43:18 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇩🇪 Ba-Yu	2025-04-02 21:27:30 (1 year ago)	WP-xmlrpc exploit	Web Spam Blog Spam Hacking Exploited Host Web App Attack
🇮🇹 IRT@Unisi	2025-03-29 21:02:03 (1 year ago)	web_app3:WordPress.REST.API.Username.Enumeration.Information.Disclosure	Web App Attack
🇺🇸 TPI-Abuse	2025-03-29 08:12:48 (1 year ago)	(mod_security) mod_security (id:225170) triggered by 37.140.192.12 (server106.hosting.reg.ru): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 37.140.192.12 (server106.hosting.reg.ru): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 29 04:12:41.489109 2025] [security2:error] [pid 993637:tid 993637] [client 37.140.192.12:43970] [client 37.140.192.12] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|321q.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "321q.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z-erecKpigJXoRrhDWcItAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-03-29 07:50:19 (1 year ago)	(mod_security) mod_security (id:225170) triggered by 37.140.192.12 (server106.hosting.reg.ru): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 37.140.192.12 (server106.hosting.reg.ru): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 29 03:50:16.307783 2025] [security2:error] [pid 409348:tid 409348] [client 37.140.192.12:52766] [client 37.140.192.12] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|artigelisim.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "artigelisim.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z-emOOAlPxISPP22gYIj4AAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-03-28 06:03:30 (1 year ago)	(mod_security) mod_security (id:225170) triggered by 37.140.192.12 (server106.hosting.reg.ru): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 37.140.192.12 (server106.hosting.reg.ru): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 28 02:03:25.356026 2025] [security2:error] [pid 26804:tid 26804] [client 37.140.192.12:45066] [client 37.140.192.12] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|americanvaluesbooks.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "americanvaluesbooks.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z-Y7reWxl8O8e2iLZedFZwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 bsoft.de	2025-03-25 15:17:14 (1 year ago)	37.140.192.12 - - [25/Mar/2025:16:17:10 +0100] "GET /wp-json/wp/v2/users HTTP/1.1" 404 144 "-" "Mozi ... show more 37.140.192.12 - - [25/Mar/2025:16:17:10 +0100] "GET /wp-json/wp/v2/users HTTP/1.1" 404 144 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 37.140.192.12 - - [25/Mar/2025:16:17:11 +0100] "GET /wp-json/wp/v2/users HTTP/1.1" 404 144 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" 37.140.192.12 - - [25/Mar/2025:16:17:12 +0100] "GET /wp-json/wp/v2/users HTTP/1.1" 404 144 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" show less	Web App Attack

Showing 1 to 15 of 27 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇯🇵 172.104.100.117

🇩🇪 167.172.108.197

🇺🇸 64.62.156.202

🇳🇱 45.156.87.216

🇺🇸 34.132.217.233

🇨🇳 223.95.205.121

🇮🇩 202.51.214.98

🇭🇰 193.176.211.160

🇺🇸 146.190.144.77

🇸🇬 143.198.84.129

🇮🇳 122.176.38.108

🇲🇾 115.133.202.100

🇳🇱 91.92.42.10

🇱🇻 84.15.218.175

🇫🇮 74.125.46.156

🇺🇸 34.29.80.248

🇭🇰 47.79.79.158

🇮🇳 45.40.57.23

🇺🇸 45.33.12.122

🇷🇺 37.28.181.78