JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.238.49.87

104.238.49.87 was found in our database!

This IP was reported 11 times. Confidence of Abuse is 0%: ?

ISP	Web2Objects LLC
Usage Type	Fixed Line ISP
ASN	AS62874
Domain Name	web2objects.com
Country	🇺🇸 United States of America
City	Dallas, Texas

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.238.49.87

Whois 104.238.49.87

IP Abuse Reports for 104.238.49.87:

This IP address has been reported a total of 11 times from 6 distinct sources. 104.238.49.87 was first reported on December 14th 2023, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 Roderic	2026-05-01 00:46:12 (1 month ago)	(apache-useragents) Failed apache-useragents trigger with match [redacted])	Bad Web Bot
🇺🇸 TPI-Abuse	2026-01-27 02:53:07 (4 months ago)	(mod_security) mod_security (id:211190) triggered by 104.238.49.87 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:211190) triggered by 104.238.49.87 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 26 21:52:55.555490 2026] [security2:error] [pid 16656:tid 16667] [client 104.238.49.87:42887] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|www.kettlehill.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /index.php?option=com_biblestudy&id=1&view=studieslist&controller=../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kettlehill.com"] [uri "/index.php"] [unique_id "aXgohz4D1upuVdMC6K4GcAAAAEg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-17 08:20:21 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 104.238.49.87 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.238.49.87 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 03:20:14.720395 2026] [security2:error] [pid 18069:tid 18069] [client 104.238.49.87:50969] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/wp-config.php.txt"] [unique_id "aWtGPslw7PVc4fS9Bgd2hAAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇹 Erpelstolz	2025-11-25 10:54:37 (6 months ago)	VM 131: 104.238.49.87 - - [25/Nov/2025:11:54:26 +0100] "GET /...%5C...%5C...%5C...%5C...%5C...%5C... ... show more VM 131: 104.238.49.87 - - [25/Nov/2025:11:54:26 +0100] "GET /...%5C...%5C...%5C...%5C...%5C...%5C...%5C...%5C...%5Cwindows%5Cwin.ini HTTP/1.1" 404 8450 show less	Web App Attack
🇺🇸 TPI-Abuse	2025-10-28 22:52:08 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 104.238.49.87 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 104.238.49.87 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 18:52:04.458791 2025] [security2:error] [pid 5637:tid 5637] [client 104.238.49.87:37703] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.nbcnewsradio.com\|F\|2"] [data ".com.db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.nbcnewsradio.com"] [uri "/nbcnewsradio.com.db"] [unique_id "aQFJFMmeygRTHGyOgVt4JwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 SCHAPPY	2025-08-06 21:20:02 (10 months ago)	IP was involved in L7 DDoS attack.	DDoS Attack
🇺🇸 TPI-Abuse	2025-07-26 23:37:40 (10 months ago)	(mod_security) mod_security (id:221260) triggered by 104.238.49.87 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:221260) triggered by 104.238.49.87 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 19:36:44.057551 2025] [security2:error] [pid 26224:tid 26569] [client 104.238.49.87:41847] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|cpanel.kettlehill.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.kettlehill.net"] [uri "/test.cgi"] [unique_id "aIVmjPTFOSR3bM1_Ra8XhwAAANA"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-29 19:57:47 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 104.238.49.87 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 104.238.49.87 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 15:57:32.978773 2025] [security2:error] [pid 3362199:tid 3362199] [client 104.238.49.87:41359] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whm.farmers123.com"] [uri "/.env.local"] [unique_id "aDi8LGmQMOKBJTZUKhlUPgAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-02-27 14:59:49 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 104.238.49.87 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 104.238.49.87 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 27 09:59:19.409938 2025] [security2:error] [pid 27063:tid 27217] [client 104.238.49.87:41653] [client 104.238.49.87] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.kettlehill.net\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.net"] [uri "/wp-content/mysql.sql"] [unique_id "Z8B9x8nGgNPGej7DPucTfQAAAIo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-01-15 06:10:54 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack
Anonymous	2023-12-14 19:04:48 (2 years ago)	distributed SPAM BOT from Known HACKERS SUPPORTING ISP	Email Spam Hacking Brute-Force Bad Web Bot

Showing 1 to 11 of 11 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.56

🇳🇱 204.76.203.219

🇳🇱 193.176.31.215

🇧🇷 177.52.82.170

🇺🇸 162.216.150.93

🇯🇵 160.251.169.213

🇺🇸 154.17.16.211

🇯🇵 152.70.105.248

🇲🇦 105.68.229.166

🇫🇷 91.231.89.250

🇳🇱 185.223.235.57

🇮🇸 185.40.123.252

🇰🇷 175.207.239.76

🇺🇸 162.216.149.33

🇺🇸 141.148.135.59

🇰🇷 129.154.220.188

🇰🇷 112.216.129.27

🇻🇳 103.39.93.98

🇺🇸 91.230.168.128

🇺🇸 91.230.168.29