JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 208.84.100.238

208.84.100.238 was found in our database!

This IP was reported 615 times. Confidence of Abuse is 100%: ?

100%

ISP	Fro LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS22295
Domain Name	fro.email
Country	🇺🇸 United States of America
City	Kansas City, Missouri

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 208.84.100.238

Whois 208.84.100.238

IP Abuse Reports for 208.84.100.238:

This IP address has been reported a total of 615 times from 261 distinct sources. 208.84.100.238 was first reported on May 13th 2026, and the most recent report was 2 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Dominik Lysiak	2026-06-04 04:10:22 (2 minutes ago)	208.84.100.238 - - [04/Jun/2026:06:10:19 +0200] "GET /.env.production.copy HTTP/1.1" 404 178 "-" "Mo ... show more 208.84.100.238 - - [04/Jun/2026:06:10:19 +0200] "GET /.env.production.copy HTTP/1.1" 404 178 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 208.84.100.238 - - [04/Jun/2026:06:10:19 +0200] "GET /.git/HEAD HTTP/1.1" 404 178 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 208.84.100.238 - - [04/Jun/2026:06:10:21 +0200] "GET /.git/config HTTP/1.1" 404 178 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" ... show less	Web App Attack
🇺🇸 alecj.com	2026-06-04 03:59:09 (13 minutes ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
Anonymous	2026-06-04 03:48:26 (24 minutes ago)	208.84.100.238 - - [04/Jun/2026:05:48:23 +0200] "GET /.yarnrc HTTP/1.1" 404 243 "-" "Mozilla/5.0 (Wi ... show more 208.84.100.238 - - [04/Jun/2026:05:48:23 +0200] "GET /.yarnrc HTTP/1.1" 404 243 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36" 208.84.100.238 - - [04/Jun/2026:05:48:23 +0200] "GET /.yarnrc HTTP/1.1" 404 437 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36" 208.84.100.238 - - [04/Jun/2026:05:48:24 +0200] "GET /.npmrc HTTP/1.1" 404 437 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36" 208.84.100.238 - - [04/Jun/2026:05:48:24 +0200] "GET /.npmrc HTTP/1.1" 404 243 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36" 208.84.100.238 - - [04/Jun/2026:05:48:24 +0200] "GET /.kube/config HTTP/1.1" 404 437 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537 ... show less	Bad Web Bot Web App Attack
🇫🇷 COMAITE	2026-06-04 03:05:22 (1 hour ago)	Suspicious URL access.	Web App Attack
Anonymous	2026-06-04 02:35:51 (1 hour ago)	(PERMBLOCK) 208.84.100.238 (US/United States/-) has had more than 4 temp blocks in the last 86400 se ... show more (PERMBLOCK) 208.84.100.238 (US/United States/-) has had more than 4 temp blocks in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_PERMBLOCK_COUNT; Logs: show less	Port Scan
🇱🇻 garmtech.com	2026-06-04 00:37:53 (3 hours ago)	Attempted access to sensitive endpoint (/.env) detected. Automated scan or unauthorized probing.	Web App Attack
🇨🇭 leo1305	2026-06-04 00:02:22 (4 hours ago)	CrowdSec detection \| scenario: http-sensitive-files	Web App Attack Exploited Host
🇺🇸 paulo.apoloni	2026-06-03 23:16:03 (4 hours ago)	208.84.100.238 - - [03/Jun/2026:20:16:02 -0300] "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows ... show more 208.84.100.238 - - [03/Jun/2026:20:16:02 -0300] "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 208.84.100.238 - - [03/Jun/2026:20:16:03 -0300] "GET /server/.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36" 208.84.100.238 - - [03/Jun/2026:20:16:03 -0300] "GET /api/.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36 Edg/146.0.0.0" 208.84.100.238 - - [03/Jun/2026:20:16:03 -0300] "GET /laravel/.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Mobile/15E148 Safari/604.1" 208.84.100.238 - - [03/Jun/2026:20:16:03 -0300] "GET /.env.old HTTP/1.1" 444 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:149.0) Gecko/20100101 Firefox/149.0" ... show less	Bad Web Bot Web App Attack
Anonymous	2026-06-03 21:25:03 (6 hours ago)	(caddyscan) Scanner path probe from 208.84.100.238 (US/United States/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 208.84.100.238 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 208.84.100.238 - - [03/Jun/2026:21:25:01 +0000] "GET /src/.env HTTP/1.1" [REDACTED] 200 2627 208.84.100.238 - - [03/Jun/2026:21:25:01 +0000] "GET /server/.env HTTP/1.1" [REDACTED] 200 2627 208.84.100.238 - - [03/Jun/2026:21:25:02 +0000] "GET /.env.development HTTP/1.1" [REDACTED] 200 2627 208.84.100.238 - - [03/Jun/2026:21:25:02 +0000] "GET /.env.bak HTTP/1.1" [REDACTED] 200 2627 208.84.100.238 - - [03/Jun/2026:21:25:02 +0000] "GET /.env HTTP/1.1" show less	Port Scan
🇬🇧 prime_fusion_ld	2026-06-03 21:06:26 (7 hours ago)	Blocked by CSF/LFD on vps.primefusion.co.uk. Trigger: 1 Ports: *	Port Scan
🇨🇭 Justin Case	2026-06-03 20:00:01 (8 hours ago)	Automatically blocked by server	Fraud Orders
🇦🇹 penguin-solutions.at	2026-06-03 18:31:09 (9 hours ago)	Excessive 403/404 errors ...	Brute-Force Web App Attack
Anonymous	2026-06-03 18:21:13 (9 hours ago)	(caddyscan) Scanner path probe from 208.84.100.238 (US/United States/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 208.84.100.238 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 208.84.100.238 - - [03/Jun/2026:18:21:11 +0000] "GET /.aws/credentials HTTP/1.1" [REDACTED] 200 2627 208.84.100.238 - - [03/Jun/2026:18:21:12 +0000] "GET /api/.env HTTP/1.1" [REDACTED] 200 2627 208.84.100.238 - - [03/Jun/2026:18:21:12 +0000] "GET /.env.production HTTP/1.1" [REDACTED] 200 2627 208.84.100.238 - - [03/Jun/2026:18:21:12 +0000] "GET /app/.env HTTP/1.1" [REDACTED] 200 2627 208.84.100.238 - - [03/Jun/2026:18:21:12 +0000] "GET /laravel/.env HTTP/1.1" show less	Port Scan
🇩🇪 FeG Deutschland	2026-06-03 17:22:42 (10 hours ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 127	Exploited Host Web App Attack
🇺🇸 masterguru	2026-06-03 16:56:05 (11 hours ago)	Restricted File Access Attempt. Matched phrase ".docker/" at REQUEST_FILENAME. (930130-169)	Hacking Web App Attack

Showing 1 to 15 of 615 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 223.83.114.88

🇨🇳 203.76.241.18

🇺🇸 195.184.76.122

🇳🇱 192.142.24.66

🇺🇸 172.234.17.170

🇨🇳 112.109.194.122

🇱🇹 77.90.185.238

🇩🇪 69.5.169.47

🇱🇺 64.89.161.56

🇰🇪 41.89.128.6

🇧🇷 200.232.114.71

🇦🇷 186.139.129.76

🇳🇱 185.226.197.47

🇺🇦 176.119.25.48

🇩🇪 165.154.138.79

🇺🇸 162.216.149.242

🇨🇳 121.40.84.227

🇨🇳 111.228.62.104

🇨🇳 111.170.34.11

🇫🇮 111.88.215.223