JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 208.76.40.198

208.76.40.198 was found in our database!

This IP was reported 253 times. Confidence of Abuse is 74%: ?

74%

ISP	PT Awan Data Teknologi
Usage Type	Data Center/Web Hosting/Transit
ASN	AS151592
Hostname(s)	server198.mail05.awandata.cc
Domain Name	awandata.co.id
Country	🇮🇩 Indonesia
City	Jakarta, Jakarta

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 208.76.40.198

Whois 208.76.40.198

IP Abuse Reports for 208.76.40.198:

This IP address has been reported a total of 253 times from 118 distinct sources. 208.76.40.198 was first reported on January 7th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-08 16:53:31 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 208.76.40.198 (server198.mail05.awandata.cc): 1 ... show more (mod_security) mod_security (id:225170) triggered by 208.76.40.198 (server198.mail05.awandata.cc): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 12:53:25.255226 2026] [security2:error] [pid 10103:tid 10103] [client 208.76.40.198:58713] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|whiterapperz.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "whiterapperz.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aibzhavH6T_EnJmTpPz6RQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 todix	2026-06-08 11:21:20 (1 day ago)	Web App Attack Exploid from 208.76.40.198	Web App Attack
🇧🇷 Halux	2026-06-08 09:20:41 (1 day ago)	208.76.40.198 Web Application Firewall multiple violations	Hacking Web App Attack
🇨🇦 dispensight	2026-06-08 06:35:48 (1 day ago)	WordPress/wlwmanifest enumeration probe: 10 GET requests to health.dispensight.cloud. Paths: /2018/w ... show more WordPress/wlwmanifest enumeration probe: 10 GET requests to health.dispensight.cloud. Paths: /2018/wp-includes/wlwmanifest.xml, /blog/wp-includes/wlwmanifest.xml, /cms/wp-includes/wlwmanifest.xml, /shop/wp-includes/wlwmanifest.xml. UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36. PT Awan Data Teknologi (Jakarta, Indonesia). show less	Bad Web Bot Web App Attack
Anonymous	2026-06-08 01:40:21 (2 days ago)	208.76.40.198 - - [08/Jun/2026:03:40:16 +0200] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 567 " ... show more 208.76.40.198 - - [08/Jun/2026:03:40:16 +0200] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 567 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 208.76.40.198 - - [08/Jun/2026:03:40:18 +0200] "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 567 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 208.76.40.198 - - [08/Jun/2026:03:40:19 +0200] "GET /web/wp-includes/wlwmanifest.xml HTTP/1.1" 404 567 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 208.76.40.198 - - [08/Jun/2026:03:40:20 +0200] "GET /wordpress/wp-includes/wlwmanifest.xml HTTP/1.1" 404 567 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 208.76.40.198 - - [08/Jun/2026:03:40:20 +0200] "GET /website/wp-includes/wlwmanifest.xml HTTP/1.1 ... show less	Brute-Force Web App Attack
🇩🇪 byeadan	2026-06-07 21:56:02 (2 days ago)	Fail2ban permanent ban: az-scanner jail	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 20:00:30 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 208.76.40.198 (server198.mail05.awandata.cc): 1 ... show more (mod_security) mod_security (id:225170) triggered by 208.76.40.198 (server198.mail05.awandata.cc): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 16:00:26.984145 2026] [security2:error] [pid 12512:tid 12512] [client 208.76.40.198:64296] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.daisydoesoap.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.daisydoesoap.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aiXN2rrs9F9Tub-PINt0wQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 ELYAZ	2026-06-07 16:08:29 (2 days ago)	(wordpress) Failed wordpress login from 208.76.40.198 (ID/Indonesia/server198.mail05.awandata.cc): ... show more (wordpress) Failed wordpress login from 208.76.40.198 (ID/Indonesia/server198.mail05.awandata.cc): (CF_ENABLE) show less	Brute-Force
🇫🇷 bazter.pro	2026-06-07 16:05:30 (2 days ago)	Auto-Ban [2026-06-07 19:05:21]: CRITICAL: Exploit trap paths (18); DC: PT Awan Data Teknologi [Paths ... show more Auto-Ban [2026-06-07 19:05:21]: CRITICAL: Exploit trap paths (18); DC: PT Awan Data Teknologi [Paths: 18] \| Details: Exploit trap paths: //wp-includes/wlwmanifest.xml, //xmlrpc.php?rsd, //blog/wp-includes/wlwmanifest.xml, //web/wp-includes/wlwmanifest.xml, //wordpress/wp-includes/wlwmanifest.xml \| Sensitive files/paths: //xmlrpc.php?rsd \| 404 errors (17): //shop/wp-includes/wlwmanifest.xml, //2018/wp-includes/wlwmanifest.xml, //wp1/wp-includes/wlwmanifest.xml, //sito/wp-includes/wlwmanifest.xml, //wp/wp-includes/wlwmanifest.xml, //test/wp-includes/wlwmanifest.xml, //cms/wp-includes/wlwmanifest.xml, //wp-includes/wlwmanifest.xml, //wordpress/wp-includes/wlwmanifest.xml, //site/wp-includes/wlwmanifest.xml (and 7 more) \| Other paths: //blog/wp-includes/wlwmanifest.xml show less	Web App Attack Hacking
🇺🇸 lostswordfish.com	2026-05-17 05:56:03 (3 weeks ago)	Wordfence waf block on fairregistry	Web App Attack
🇫🇷 dynamix	2026-05-16 23:02:34 (3 weeks ago)	WordPress wp-login.php Brute Force Attack	Brute-Force Web App Attack
🇫🇷 tilellit.pro	2026-05-16 21:59:40 (3 weeks ago)	Fail2Ban banned 208.76.40.198 for security violations in jail wp-armour. Log: 2026/05/16 21:59:39 [e ... show more Fail2Ban banned 208.76.40.198 for security violations in jail wp-armour. Log: 2026/05/16 21:59:39 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 208.76.40.198 \| Target: wplogin" , client: 208.76.40.198, server: [REDACTED], request: "POST /wp-login.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED], referrer: "https://comerciogallego.es/wp-admin/" ... show less	Web Spam
🇫🇷 Baking333	2026-05-16 20:15:39 (3 weeks ago)	[redacted] 208.76.40.198 - - [16/May/2026:21:15:38 +0100] "GET /administrator/[redacted] HTTP/2.0" 3 ... show more [redacted] 208.76.40.198 - - [16/May/2026:21:15:38 +0100] "GET /administrator/[redacted] HTTP/2.0" 301 289 "https://[redacted]/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" [redacted] 208.76.40.198 - - [16/May/2026:21:15:38 +0100] "GET /administrator/ HTTP/2.0" 301 53 "https://[redacted]/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" show less	Bad Web Bot Web App Attack
🇯🇵 demonsword	2026-05-09 12:41:03 (1 month ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: menu.sandwichstarr.com:443:443 show less	Open Proxy Port Scan
🇫🇷 SpaceHost-Server	2026-05-06 22:34:25 (1 month ago)		Brute-Force Web App Attack

Showing 1 to 15 of 253 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 222.232.176.7

🇬🇧 185.247.137.209

🇺🇸 172.217.36.215

🇮🇳 172.69.94.250

🇵🇭 154.18.197.35

🇫🇷 85.217.140.45

🇱🇹 81.30.98.62

🇺🇸 65.49.1.25

🇲🇾 47.254.250.59

🇳🇱 45.148.10.152

🇺🇦 37.221.157.20

🇪🇸 34.175.118.185

🇺🇸 216.218.206.103

🇲🇽 187.188.242.70

🇰🇷 175.118.127.138

🇺🇸 173.208.166.178

🇸🇬 162.158.170.56

🇺🇸 162.158.167.220

🇵🇱 87.251.64.147

🇩🇪 194.88.98.102