JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 141.11.36.38

141.11.36.38 was found in our database!

This IP was reported 72 times. Confidence of Abuse is 53%: ?

53%

ISP	Vantiva SA
Usage Type	Data Center/Web Hosting/Transit
ASN	AS137409
Domain Name	vantiva.com
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 141.11.36.38

Whois 141.11.36.38

IP Abuse Reports for 141.11.36.38:

This IP address has been reported a total of 72 times from 42 distinct sources. 141.11.36.38 was first reported on March 26th 2024, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Octopuce	2026-06-05 19:11:41 (2 days ago)	Aggressive web search of vulnerable pages: /alfa.php /file.php /mini.php /info.php /log.php /wso.php ... show more Aggressive web search of vulnerable pages: /alfa.php /file.php /mini.php /info.php /log.php /wso.php /modules/scrollbottom/anamama-2.php /modul ... show less	Web App Attack
🇯🇵 demonsword	2026-06-05 09:08:37 (2 days ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: www.expressapisv2.net:443 show less	Open Proxy Port Scan
🇩🇪 4server	2026-05-30 09:41:28 (1 week ago)	[SatMay3011:41:25.9332762026][security2:error][pid3600650:tid3600729][client141.11.36.38:0]ModSecuri ... show more [SatMay3011:41:25.9332762026][security2:error][pid3600650:tid3600729][client141.11.36.38:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"connector\\\\\\\\.minimal\\\\\\\\.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_rules/99_asl_jitp.conf\"][line\"338\"][id\"393781\"][rev\"1\"][msg\"Atomicorp.comWAFRules-VirtualJustInTimePatch:WordPressFileManagerPluginattackblocked\"][severity\"CRITICAL\"][hostname\"cpfacilityservices.ch\"][uri\"/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php\"][unique_id\"ahqwxeudUa_9KLiZGGTdUAAAAIc\"] show less	Port Scan Brute-Force Web App Attack
🇪🇸 masterguru	2026-05-30 01:38:55 (1 week ago)	BAD BOT - Detected and Blocked.. Matched phrase "go-http-client" at REQUEST_HEADERS:User-Agent. (110 ... show more BAD BOT - Detected and Blocked.. Matched phrase "go-http-client" at REQUEST_HEADERS:User-Agent. (1100000-122) show less	Bad Web Bot
🇬🇧 consul.to	2026-05-29 13:13:32 (1 week ago)	Web attack/malicious scanning detected	Web App Attack
🇿🇦 Tokolosh Hunters	2026-05-26 15:46:51 (1 week ago)	AutoBlockWindow-Known bad useragent query-2026-05-26 15:46:50	Bad Web Bot
🇬🇧 consul.to	2026-05-26 12:03:26 (1 week ago)	Web attack/malicious scanning detected	Web App Attack
🇩🇪 Viveronese	2026-05-26 09:39:13 (1 week ago)	HTTP vulnerability scanning	Web App Attack
🇳🇱 BlueWire Hosting	2026-05-26 08:23:39 (1 week ago)	Probing websites for vulnerabilities	Web App Attack
🇺🇦 URAN Publishing Service	2026-04-24 05:58:43 (1 month ago)	141.11.36.38 - - [24/Apr/2026:08:58:42 +0300] "GET /wp-content/plugins/linkpreview/db.php?u HTTP/1.1 ... show more 141.11.36.38 - - [24/Apr/2026:08:58:42 +0300] "GET /wp-content/plugins/linkpreview/db.php?u HTTP/1.1" 404 706 "-" "Go-http-client/1.1" 141.11.36.38 - - [24/Apr/2026:08:58:42 +0300] "GET /wp-content/plugins/seoplugins/db.php?u HTTP/1.1" 404 706 "-" "Go-http-client/1.1" ... show less	Web App Attack
🇩🇪 findlab	2026-04-24 03:00:41 (1 month ago)	Backdrop CMS module - malicious activity detected	Bad Web Bot Web App Attack
🇩🇪 stinpriza	2026-04-23 17:48:56 (1 month ago)	Web App Attack	Web App Attack
🇨🇭 backslash	2026-04-17 20:12:00 (1 month ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
🇩🇪 todix	2026-04-13 15:50:01 (1 month ago)	Web App Attack Exploid from 141.11.36.38	Web App Attack
🇺🇸 TPI-Abuse	2026-04-12 21:32:37 (1 month ago)	(mod_security) mod_security (id:234930) triggered by 141.11.36.38 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:234930) triggered by 141.11.36.38 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 12 17:32:29.310488 2026] [security2:error] [pid 1363282:tid 1363282] [client 141.11.36.38:43907] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)\|\|kawkacevents.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "kawkacevents.com"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "adwPbdJw2j6aAE6ap2efzgAAABA"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 72 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇽 200.68.165.16

🇹🇼 198.235.24.104

🇺🇸 152.32.236.116

🇺🇿 94.232.25.87

🇩🇪 69.5.169.184

🇸🇬 45.78.204.246

🇩🇪 213.209.159.158

🇺🇸 205.210.31.110

🇺🇸 205.210.31.83

🇮🇩 202.145.0.61

🇺🇿 198.163.195.46

🇷🇺 188.92.241.150

🇲🇽 187.249.60.130

🇰🇿 178.89.53.225

🇳🇱 176.65.148.120

🇺🇸 172.202.117.196

🇩🇪 167.94.146.67

🇵🇱 87.251.64.157

🇬🇧 86.172.75.255

🇺🇸 82.29.199.45