JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 38.110.1.246

38.110.1.246 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 53%: ?

53%

ISP	GLOBALTELEHOST CORP.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS63023
Hostname(s)	246-1-110-38.clients.gthost.com
Domain Name	globaltelehost.com
Country	🇺🇸 United States of America
City	Miami, Florida

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 38.110.1.246

Whois 38.110.1.246

IP Abuse Reports for 38.110.1.246:

This IP address has been reported a total of 17 times from 9 distinct sources. 38.110.1.246 was first reported on June 21st 2024, and the most recent report was 15 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇪 boxed-it	2026-06-26 10:59:59 (15 hours ago)	GET /.env (Tarpitted for 1d15h8m28s, wasted 8.06MB)	Web App Attack
🇧🇪 sid3windr	2026-06-25 11:43:55 (1 day ago)	GET /config/secrets.yaml (Tarpitted for 1d12h17m17s, wasted 7.47MB)	Web App Attack
🇲🇳 Public CSIRT/CC of Mongolia	2026-06-24 20:24:22 (2 days ago)	Honeypot hit: Incoming HTTP traffic on port 81	Web App Attack Bad Web Bot
🇧🇪 boxed-it	2026-06-24 19:46:45 (2 days ago)	GET /config/.env (Tarpitted for 1d15h8m28s, wasted 8.06MB)	Web App Attack
🇧🇪 boxed-it	2026-06-24 10:14:19 (2 days ago)	GET /config/secrets.yaml (Tarpitted for 1d15h8m29s, wasted 8.06MB)	Web App Attack
🇲🇳 Public CSIRT/CC of Mongolia	2026-06-19 16:02:52 (1 week ago)	Honeypot hit: Incoming HTTP traffic on port 81	Web App Attack Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-19 11:53:42 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 38.110.1.246 (246-1-110-38.clients.gthost.com): ... show more (mod_security) mod_security (id:210492) triggered by 38.110.1.246 (246-1-110-38.clients.gthost.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 07:53:36.424289 2026] [security2:error] [pid 21506:tid 21506] [client 38.110.1.246:20606] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.garyandthegroove.com"] [uri "/.env.bak"] [unique_id "ajUtwFfuWT93QvAz21rCJwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-19 05:18:02 (1 week ago)	Automated report (2026-06-19T01:18:02-04:00). Caught probing for env file.	Hacking Web App Attack
🇩🇪 4server	2026-06-17 12:10:58 (1 week ago)	[WedJun1714:10:53.7086252026][security2:error][pid2757563:tid2757629][client38.110.1.246:0]ModSecuri ... show more [WedJun1714:10:53.7086252026][security2:error][pid2757563:tid2757629][client38.110.1.246:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\\|passwd\\|group$\\|www_\?acl\)\\|global\\\\\\\\.asa\\|httpd\\\\\\\\.conf\\|boot\\\\\\\\.ini\\|web.config\)\\\\\\\\b\\|$\\|\^\\|\\\\\\\\.\\\\\\\\.$/etc/\\|/\\\\\\\\.$\?:history\\|bash_history\\|sh_history\\|env$\$\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"204\"][id\"390709\"][rev\"30\"][msg\"Atomicorp.comWAFRules:Attempttoaccessprotectedfileremotely\"][data\"/.env\"][severity\"CRITICAL\"][hostname\"mail.wildpferde.ch\"][uri\"/.openclaw/.env\"][unique_id\"ajKOzZ9mPifo32Ffn49biQAAAJQ\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 09:10:12 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 38.110.1.246 (246-1-110-38.clients.gthost.com): ... show more (mod_security) mod_security (id:210492) triggered by 38.110.1.246 (246-1-110-38.clients.gthost.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 05:10:05.352434 2026] [security2:error] [pid 9554:tid 9554] [client 38.110.1.246:24072] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.construction.bonefrog.com"] [uri "/.env.local"] [unique_id "ajJkbc2Qfmd_MAwS76qpMwAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇲🇳 Public CSIRT/CC of Mongolia	2026-06-17 08:27:20 (1 week ago)	Honeypot hit: Incoming HTTP traffic on port 81	Web App Attack Bad Web Bot
🇦🇺 oncord	2026-06-16 16:33:45 (1 week ago)	Form spam	Web Spam
Anonymous	2026-06-16 14:54:33 (1 week ago)	SPARSDE WEBFORM SPAM 38.110.1.246 (246-1-110-38.clients.gthost.com)	Web Spam
🇺🇸 TPI-Abuse	2026-06-16 05:17:59 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 38.110.1.246 (246-1-110-38.clients.gthost.com): ... show more (mod_security) mod_security (id:210492) triggered by 38.110.1.246 (246-1-110-38.clients.gthost.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 01:17:54.121083 2026] [security2:error] [pid 31795:tid 31816] [client 38.110.1.246:12416] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "richardleeweatherman.com"] [uri "/.gemini/.env"] [unique_id "ajDcgqlncVosehAUz-tOJgAAAJA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 16:22:43 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 38.110.1.246 (246-1-110-38.clients.gthost.com): ... show more (mod_security) mod_security (id:210492) triggered by 38.110.1.246 (246-1-110-38.clients.gthost.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 12:22:36.123076 2026] [security2:error] [pid 22128:tid 22144] [client 38.110.1.246:58352] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "coloradomohs.aafm.us"] [uri "/.gemini/.env"] [unique_id "ajAmzNO1f0LFAhtn4utb_wAAAIg"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇽 200.92.234.80

🇸🇬 91.123.14.88

🇺🇸 205.210.31.56

🇧🇷 170.244.3.153

🇮🇶 169.224.21.115

🇺🇸 108.61.87.135

🇷🇺 89.113.138.44

🇨🇦 75.155.78.201

🇺🇸 64.62.156.10

🇳🇱 45.148.10.151

🇱🇾 38.252.49.111

🇻🇪 38.224.34.10

🇵🇱 23.230.80.243

🇨🇳 14.103.213.90

🇧🇪 198.235.24.199

🇨🇳 182.242.169.1

🇳🇱 172.94.9.155

🇭🇰 152.32.135.135

🇨🇳 113.102.233.38

🇺🇸 66.132.224.27