JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 140.238.2.250

140.238.2.250 was found in our database!

This IP was reported 22 times. Confidence of Abuse is 51%: ?

51%

ISP	Oracle Public Cloud
Usage Type	Data Center/Web Hosting/Transit
ASN	AS31898
Domain Name	oracleemaildelivery.com
Country	🇰🇷 Korea (the Republic of)
City	Gangseo-gu, Seoul

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 140.238.2.250

Whois 140.238.2.250

IP Abuse Reports for 140.238.2.250:

This IP address has been reported a total of 22 times from 11 distinct sources. 140.238.2.250 was first reported on March 10th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 nowyouknow	2026-06-21 09:05:36 (1 day ago)	(From [email protected]) Hello! 77777 Good luck :)	Phishing Web Spam
🇺🇸 TPI-Abuse	2026-06-19 16:43:39 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 140.238.2.250 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 140.238.2.250 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 12:43:32.423274 2026] [security2:error] [pid 15876:tid 15876] [client 140.238.2.250:50448] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.construction.bonefrog.com"] [uri "/.env.old"] [unique_id "ajVxtCfD2ftQNu9Ane_OywAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇲🇳 Public CSIRT/CC of Mongolia	2026-06-19 16:04:20 (2 days ago)	Honeypot hit: Incoming HTTP traffic on port 81	Web App Attack Bad Web Bot
Anonymous	2026-06-19 05:15:49 (3 days ago)	Automated report (2026-06-19T01:15:49-04:00). Caught probing for exposed Home Assistant secrets.	Hacking Web App Attack Open Proxy
🇨🇿 lp	2026-06-18 13:51:54 (3 days ago)	Email account brute force: 1 attempts were recorded from 140.238.2.250 2026-06-18T15:20:39+02:00 war ... show more Email account brute force: 1 attempts were recorded from 140.238.2.250 2026-06-18T15:20:39+02:00 warning: unknown[140.238.2.250]: SASL PLAIN authentication failed: authentication failure, [email protected] show less	Brute-Force
🇩🇪 4server	2026-06-17 12:08:28 (4 days ago)	[WedJun1714:08:23.8090742026][security2:error][pid2757563:tid2757615][client140.238.2.250:0]ModSecur ... show more [WedJun1714:08:23.8090742026][security2:error][pid2757563:tid2757615][client140.238.2.250:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Stringmatchwithin\".asa/.asax/.ascx/.backup/.bak/.bat/.cdx/.cer/.cfg/.cmd/.com/.config/.conf/.cs/.csproj/.csr/.dat/.db/.dbf/.dll/.dos/.htr/.htw/.ida/.idc/.idq/.inc/.ini/.key/.licx/.lnk/.log/.mdb/.old/.pass/.pdb/.pol/.printer/.pwd/.rdb/.resources/.resx/.sql/.swp/.sys/.vb/.vbs/.vbproj/.vsdisco/.webinfo/.xsx/\"atTX:extension.[file\"/etc/apache2/conf.d/modsec_rules/00_asl_zz_strict.conf\"][line\"91\"][id\"390716\"][rev\"2\"][msg\"Atomicorp.comWAFRules:URLfileextensionisrestrictedbypolicy\"][data\".backup\"][severity\"ERROR\"][hostname\"mail.wildpferde.ch\"][uri\"/.env.backup\"][unique_id\"ajKON59mPifo32Ffn49baAAAAIY\"] show less	Port Scan Brute-Force Web App Attack
🇲🇳 Public CSIRT/CC of Mongolia	2026-06-17 08:28:03 (5 days ago)	Honeypot hit: Incoming HTTP traffic on port 81	Web App Attack Bad Web Bot
🇨🇿 lp	2026-06-17 00:20:51 (5 days ago)	Email account brute force: 6 attempts were recorded from 140.238.2.250 2026-06-17T01:13:14+02:00 war ... show more Email account brute force: 6 attempts were recorded from 140.238.2.250 2026-06-17T01:13:14+02:00 warning: unknown[140.238.2.250]: SASL PLAIN authentication failed: authentication failure, [email protected] 2026-06-17T01:13:14+02:00 warning: unknown[140.238.2.250]: SASL PLAIN authentication failed: authentication failure, [email protected] 2026-06-17T01:13:15+02:00 warning: unknown[140.238.2.250]: SASL PLAIN authentication failed: authentication failure, [email protected] 2026-06-17T01:13:15+02:00 warning: unknown[140.238.2.250]: SASL PLAIN authentication failed: authentication failure, [email protected] 2026-06-17T01:13:16+02:00 warning: unknown[140.238.2.250]: SASL LOGIN authentication failed: authentication failure, [email protected] 2026-06-17T01:13:16+02:00 warning: unknown[140.238.2.250]: SASL LOGIN authentication failed: authenticat show less	Brute-Force
🇺🇸 TPI-Abuse	2026-06-16 20:19:58 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 140.238.2.250 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 140.238.2.250 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 16:19:55.191144 2026] [security2:error] [pid 1042:tid 1042] [client 140.238.2.250:47108] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "garyandthegroove.com"] [uri "/.env.save"] [unique_id "ajGv6zNDZUpQe5BSReEtdQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇿 lp	2026-06-16 12:20:43 (5 days ago)	Email account brute force: 2 attempts were recorded from 140.238.2.250 2026-06-16T12:51:14+02:00 war ... show more Email account brute force: 2 attempts were recorded from 140.238.2.250 2026-06-16T12:51:14+02:00 warning: unknown[140.238.2.250]: SASL PLAIN authentication failed: authentication failure, [email protected] 2026-06-16T12:51:15+02:00 warning: unknown[140.238.2.250]: SASL LOGIN authentication failed: authentication failure, [email protected] show less	Brute-Force
🇺🇸 TPI-Abuse	2026-06-16 01:51:17 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 140.238.2.250 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 140.238.2.250 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 21:51:10.946202 2026] [security2:error] [pid 4947:tid 4973] [client 140.238.2.250:45700] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "coloradomohs.aafm.us"] [uri "/.env.backup"] [unique_id "ajCsDrR3Qak3uv14wYxTRgAAAVY"] show less	Brute-Force Bad Web Bot Web App Attack
🇲🇳 Public CSIRT/CC of Mongolia	2026-06-15 15:36:27 (6 days ago)	Honeypot hit: Incoming HTTP traffic on port 81	Web App Attack Bad Web Bot
🇨🇿 Honzas	2026-06-08 22:35:36 (1 week ago)	Brute Force SMTP AUTH Attack	Brute-Force
🇨🇿 lp	2026-05-21 01:54:48 (1 month ago)	Email account brute force: 2 attempts were recorded from 140.238.2.250 2026-05-21T02:17:47+02:00 war ... show more Email account brute force: 2 attempts were recorded from 140.238.2.250 2026-05-21T02:17:47+02:00 warning: unknown[140.238.2.250]: SASL PLAIN authentication failed: authentication failure, [email protected] 2026-05-21T02:17:49+02:00 warning: unknown[140.238.2.250]: SASL LOGIN authentication failed: authentication failure, [email protected] show less	Brute-Force
🇮🇹 VHosting	2026-05-11 21:58:10 (1 month ago)	Detected mail brute force attack from 4 different servers	Brute-Force

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 179.61.192.3

🇳🇱 176.65.148.176

🇪🇨 157.100.122.142

🇩🇪 130.12.182.140

🇰🇷 129.154.62.115

🇷🇴 92.118.39.223

🇷🇴 92.118.39.210

🇸🇦 51.235.74.68

🇳🇵 49.244.35.30

🇮🇩 45.249.225.221

🇧🇷 45.163.200.213

🇺🇸 2604:a880:400:d1:0:4:9e7d:1

🇲🇽 200.68.173.65

🇩🇪 94.26.106.90

🇮🇷 85.198.19.251

🇹🇭 49.0.84.125

🇲🇲 45.112.44.200

🇵🇪 38.56.98.3

🇵🇪 38.25.30.79

🇦🇿 37.114.149.114