JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 173.239.196.108

173.239.196.108 was found in our database!

This IP was reported 68 times. Confidence of Abuse is 34%: ?

34%

ISP	Avast Software
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	avast.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 173.239.196.108

Whois 173.239.196.108

IP Abuse Reports for 173.239.196.108:

This IP address has been reported a total of 68 times from 34 distinct sources. 173.239.196.108 was first reported on March 25th 2024, and the most recent report was 3 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 KitsuneTech	2026-06-30 20:12:07 (3 hours ago)	173.239.196.108 - - [30/Jun/2026:15:12:06 -0500] "GET /wp-content/ HTTP/1.1" 301 243 "-" "Mozilla/5. ... show more 173.239.196.108 - - [30/Jun/2026:15:12:06 -0500] "GET /wp-content/ HTTP/1.1" 301 243 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0" ... show less	Web App Attack
🇳🇱 Site.eu	2026-06-29 14:26:44 (1 day ago)	Excessive 404/403 errors	Brute-Force
🇺🇸 TPI-Abuse	2026-06-29 09:27:18 (1 day ago)	(mod_security) mod_security (id:240000) triggered by 173.239.196.108 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240000) triggered by 173.239.196.108 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 05:27:14.081163 2026] [security2:error] [pid 31527:tid 31527] [client 173.239.196.108:35935] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder\|\|theateroobleck.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "theateroobleck.com"] [uri "/images/stories/themes.php"] [unique_id "akI6clyonxKoaAYgApi0gwAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Octopuce	2026-06-27 19:00:55 (3 days ago)	Aggressive web search of vulnerable pages: /wp-admin/network/network.php /admin/upload/css.php /wp-b ... show more Aggressive web search of vulnerable pages: /wp-admin/network/network.php /admin/upload/css.php /wp-blog.php /wp-admin/file.php /wp-content/plug ... show less	Web App Attack
Anonymous	2026-06-18 13:26:51 (1 week ago)	GET wp-includes/id3/license.txt/feed \| UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537 ... show more GET wp-includes/id3/license.txt/feed \| UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 \| Time: 2026-06-18 13:26:51 UTC show less	Web App Attack
🇺🇸 TPI-Abuse	2026-02-25 08:10:51 (4 months ago)	(mod_security) mod_security (id:240000) triggered by 173.239.196.108 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240000) triggered by 173.239.196.108 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 25 03:10:47.375160 2026] [security2:error] [pid 28485:tid 28485] [client 173.239.196.108:63155] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder\|\|manb.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "manb.org"] [uri "/images/stories/themes.php"] [unique_id "aZ6uh6o1nPUmaqHKXNSoNgAAACI"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 Shaik Sai Meera	2026-02-24 12:25:13 (4 months ago)	IM360 WAF: Infectors: Suspicious access attempt (webshell)	Brute-Force FTP Brute-Force Open Proxy
🇳🇱 jjnxpct	2026-02-24 04:47:47 (4 months ago)	Automated security incident from hosting server. ModSecurity blocked suspicious request targeting UR ... show more Automated security incident from hosting server. ModSecurity blocked suspicious request targeting URI: /config.php (Rule ID: 930130) - Restricted File Access Attempt show less	Web App Attack Hacking
🇲🇾 Rizzy	2026-02-23 16:58:50 (4 months ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇬🇧 consul.to	2026-02-23 12:56:46 (4 months ago)	Web attack/malicious scanning detected	Web App Attack
🇨🇭 zynex	2026-02-22 06:08:32 (4 months ago)	URL Probing: /mah.php	Web App Attack
Anonymous	2026-02-22 04:05:48 (4 months ago)	[redacted] 173.239.196.108 - - [22/Feb/2026:05:05:41 +0100] "GET /admin/function.php HTTP/1.1" 404 2 ... show more [redacted] 173.239.196.108 - - [22/Feb/2026:05:05:41 +0100] "GET /admin/function.php HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36" [redacted] 173.239.196.108 - - [22/Feb/2026:05:05:41 +0100] "GET /wp-includes/js/crop/admin.php HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0" [redacted] 173.239.196.108 - - [22/Feb/2026:05:05:42 +0100] "GET /wp-includes/PHPMailer/admin.php HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36" [redacted] 173.239.196.108 - - [22/Feb/2026:05:05:44 +0100] "GET /.well-known/pki-validation/admin.php HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3" [redacted] 173.239.196.108 - - [22/Feb/2026:05:05:45 +0100] "GET /wp- ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-02-15 16:32:23 (4 months ago)	(mod_security) mod_security (id:240000) triggered by 173.239.196.108 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240000) triggered by 173.239.196.108 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 15 11:32:14.755444 2026] [security2:error] [pid 14926:tid 14926] [client 173.239.196.108:55355] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "87"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder\|\|emilybrass.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "emilybrass.com"] [uri "/images/stories/themes.php"] [unique_id "aZH1DjbnQmvaj9_g2Yx0oQAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇿 Antinson	2026-02-15 07:33:42 (4 months ago)	Scraping with a high error ratio and request rate	Bad Web Bot
🇺🇦 URAN Publishing Service	2026-02-15 07:08:34 (4 months ago)	173.239.196.108 - - [15/Feb/2026:09:08:15 +0200] "GET /wp-content/plugins/ubh/up.php HTTP/1.1" 404 2 ... show more 173.239.196.108 - - [15/Feb/2026:09:08:15 +0200] "GET /wp-content/plugins/ubh/up.php HTTP/1.1" 404 251 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36" 173.239.196.108 - - [15/Feb/2026:09:08:31 +0200] "GET /wp-content/plugins/linkpreview/db.php?u HTTP/1.1" 404 251 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3" ... show less	Web App Attack

Showing 1 to 15 of 68 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇪🇸 200.234.227.140

🇮🇩 36.69.153.77

🇨🇦 20.116.34.103

🇺🇸 192.169.213.186

🇷🇴 92.118.39.49

🇨🇦 51.79.99.235

🇳🇱 45.148.10.151

🇺🇸 44.67.17.123

🇷🇴 2.57.121.25

🇳🇱 192.253.248.59

🇸🇪 109.238.140.87

🇧🇮 102.134.101.35

🇦🇹 68.210.200.55

🇧🇷 38.196.224.32

🇺🇸 35.190.25.25

🇮🇳 103.84.236.242

🇫🇷 91.231.89.1

🇳🇱 45.148.10.152

🇺🇸 44.162.185.21

🇫🇷 209.242.195.71