JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.238.49.133

104.238.49.133 was found in our database!

This IP was reported 9 times. Confidence of Abuse is 0%: ?

ISP	Web2Objects LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS62874
Domain Name	web2objects.com
Country	🇺🇸 United States of America
City	Dallas, Texas

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.238.49.133

Whois 104.238.49.133

IP Abuse Reports for 104.238.49.133:

This IP address has been reported a total of 9 times from 4 distinct sources. 104.238.49.133 was first reported on January 26th 2025, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-01-18 02:13:34 (4 months ago)	(mod_security) mod_security (id:221260) triggered by 104.238.49.133 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:221260) triggered by 104.238.49.133 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 21:13:27.494782 2026] [security2:error] [pid 10679:tid 10679] [client 104.238.49.133:56077] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|cpcalendars.nbcnewsradio.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/debug.cgi"] [unique_id "aWxBxzYW8A3tnJWfHUzztwAAAAQ"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 18:18:23 (5 months ago)	(mod_security) mod_security (id:211190) triggered by 104.238.49.133 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:211190) triggered by 104.238.49.133 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 13:17:28.080303 2025] [security2:error] [pid 12486:tid 12543] [client 104.238.49.133:34879] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|www.kettlehill.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /viewrq.php?format=ps&var_filename=../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kettlehill.com"] [uri "/viewrq.php"] [unique_id "aVLFuJEinm-CivtncBS4QwAAAVE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-03 03:04:30 (6 months ago)	(mod_security) mod_security (id:217200) triggered by 104.238.49.133 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:217200) triggered by 104.238.49.133 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 22:04:22.570511 2025] [security2:error] [pid 23563:tid 23563] [client 104.238.49.133:56265] ModSecurity: Access denied with code 403 (phase 1). Match of "endsWith /wp-cron.php" against "REQUEST_FILENAME" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "103"] [id "217200"] [rev "2"] [msg "COMODO WAF: HTTP/1.1 POST request missing Content-Length Header\|\|autoconfig.farmers123.com:80\|F\|2"] [data "/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "autoconfig.farmers123.com"] [uri "/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh"] [unique_id "aS-otidnxfQpYp4MjQTNMgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-29 13:20:16 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 104.238.49.133 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.238.49.133 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 29 09:20:13.578374 2025] [security2:error] [pid 8387:tid 8387] [client 104.238.49.133:57137] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autoconfig.nbcnewsradio.com"] [uri "/.env.autoconfig"] [unique_id "aQIUjV1nnD9aG9BPdGG8gQAAACo"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇪 RoboSOC	2025-10-16 08:47:38 (7 months ago)	phpunit Remote Code Execution Vulnerability, PTR: PTR record not found	Hacking
🇺🇸 TPI-Abuse	2025-07-27 01:51:08 (10 months ago)	(mod_security) mod_security (id:240950) triggered by 104.238.49.133 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240950) triggered by 104.238.49.133 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 21:51:04.182056 2025] [security2:error] [pid 729661:tid 729814] [client 104.238.49.133:37331] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)\|\|ftp.kettlehill.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "ftp.kettlehill.net"] [uri "/_users/org.couchdb.user:poc"] [unique_id "aIWGCCvVOfzaMkf4tyJKYgAAAMw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-29 16:20:19 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 104.238.49.133 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 104.238.49.133 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 12:19:50.862082 2025] [security2:error] [pid 2956908:tid 2956908] [client 104.238.49.133:41651] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.farmers123.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.farmers123.com"] [uri "/log/errors.log"] [unique_id "aDiJJiRYFKQ3XqbBsEqGMAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-03-03 19:05:37 (1 year ago)	botnet	DDoS Attack
Anonymous	2025-01-26 03:50:06 (1 year ago)	\| SQL injection attempt.	Hacking SQL Injection Web App Attack

Showing 1 to 9 of 9 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇭🇰 223.197.178.95

🇨🇳 221.226.17.34

🇦🇪 165.154.12.108

🇨🇳 123.245.84.159

🇷🇴 80.94.92.182

🇺🇸 64.95.14.233

🇸🇬 43.106.26.173

🇬🇧 2a06:4880:2000::29

🇺🇸 136.107.147.227

🇵🇭 126.209.84.26

🇦🇺 103.25.181.191

🇳🇱 45.148.10.152

🇬🇧 35.203.211.193

🇨🇳 223.76.158.107

🇬🇧 188.240.59.25

🇿🇦 169.0.149.18

🇺🇸 139.28.94.31

🇺🇸 138.124.123.129

🇮🇳 82.25.125.77

🇧🇷 45.189.94.135