JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 154.213.166.125

154.213.166.125 was found in our database!

This IP was reported 59 times. Confidence of Abuse is 0%: ?

ISP	Cloud Innovation Ltd
Usage Type	Unknown
ASN	Unknown
Domain Name	cloudinnovation.org
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 154.213.166.125

Whois 154.213.166.125

IP Abuse Reports for 154.213.166.125:

This IP address has been reported a total of 59 times from 15 distinct sources. 154.213.166.125 was first reported on April 7th 2025, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇺 2000cn.com.au	2026-02-11 21:04:46 (4 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Hacking Web App Attack
🇳🇱 ReporTR	2026-02-10 09:39:37 (4 months ago)	Repeated malicious activity detected by Fail2Ban jail 'plesk-modsecurity'. TCP connection completed. ... show more Repeated malicious activity detected by Fail2Ban jail 'plesk-modsecurity'. TCP connection completed. IP banned. show less	Hacking Web App Attack
🇺🇸 myagent.site	2026-02-09 23:39:22 (4 months ago)	Blocking for trying to access an exploit file: /.env.save	Hacking
🇫🇷 LRob.fr	2026-01-30 19:00:04 (4 months ago)	Repeated 403 errors, blocked by Fail2ban in custom-403 jail	Bad Web Bot
🇺🇸 TPI-Abuse	2025-11-26 04:48:01 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 154.213.166.125 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 154.213.166.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 23:47:56.358241 2025] [security2:error] [pid 16741:tid 16746] [client 154.213.166.125:32227] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.moogoob.com"] [uri "/.svn/wc.db"] [unique_id "aSaGfB0iM_MjIA1Wx89vOAAAAQM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 03:36:31 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 154.213.166.125 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 154.213.166.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 22:36:25.647477 2025] [security2:error] [pid 13635:tid 13635] [client 154.213.166.125:22063] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.18mstudio.com"] [uri "/.svn/wc.db"] [unique_id "aSZ1uS8Rjs9ZSp1tBvlhAQAAACc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 01:13:42 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 154.213.166.125 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 154.213.166.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 20:13:29.314363 2025] [security2:error] [pid 18153:tid 18153] [client 154.213.166.125:56309] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.macjr.com"] [uri "/.env"] [unique_id "aSZUORBz6ITwpPB4OAnKSQAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-26 00:56:27 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 154.213.166.125 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 154.213.166.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 19:56:24.432950 2025] [security2:error] [pid 29575:tid 29575] [client 154.213.166.125:50851] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.tersch.com"] [uri "/.git/HEAD"] [unique_id "aSZQOLZUtEbE4IyOODklhQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 05:11:11 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 154.213.166.125 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 154.213.166.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 25 00:11:05.071399 2025] [security2:error] [pid 16540:tid 16540] [client 154.213.166.125:30039] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.nifeconsult.com"] [uri "/.svn/wc.db"] [unique_id "aSU6aVd3lhpmyM8OtbeF9wAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-25 02:28:14 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 154.213.166.125 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 154.213.166.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 21:28:08.263834 2025] [security2:error] [pid 8380:tid 8380] [client 154.213.166.125:54839] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.oficinasydespachosmurcia.com"] [uri "/.env"] [unique_id "aSUUON_mownQmUV9pL7t1QAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-24 08:47:51 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 154.213.166.125 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 154.213.166.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 24 03:47:31.395064 2025] [security2:error] [pid 15339:tid 15339] [client 154.213.166.125:42889] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.miszewski.com"] [uri "/.env"] [unique_id "aSQbo49jNRJamyb2ZdUKhAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 oncord	2025-11-24 07:44:05 (6 months ago)	Form spam	Web Spam
🇺🇸 TPI-Abuse	2025-11-24 00:24:27 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 154.213.166.125 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 154.213.166.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 23 19:16:20.627265 2025] [security2:error] [pid 26729:tid 26729] [client 154.213.166.125:35047] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.msbookforkids.com"] [uri "/.svn/wc.db"] [unique_id "aSOj1AnImkJcbPQo7heQ5wAAAFo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-02 19:46:01 (7 months ago)	This IP was involved in an brute force and password spray attack on 2025/11/02 06:57:01	Port Scan Brute-Force Exploited Host Web App Attack
Anonymous	2025-10-01 15:04:44 (8 months ago)	unauthorized access attempts	Brute-Force

Showing 1 to 15 of 59 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 186.238.178.6

🇨🇳 183.197.74.204

🇫🇮 147.185.133.170

🇭🇰 94.190.218.25

🇳🇱 91.92.40.10

🇯🇲 63.143.116.55

🇺🇸 44.241.179.184

🇹🇿 41.93.28.12

🇨🇳 36.134.177.230

🇧🇪 34.14.21.193

🇺🇸 20.85.246.45

🇳🇱 2a06:a880:5:ed5b::1

🇺🇸 96.56.228.149

🇷🇴 80.94.92.168

🇹🇷 78.173.18.138

🇧🇷 45.205.1.73

🇺🇸 44.45.32.52

🇷🇺 31.129.55.176

🇻🇳 14.225.217.138

🇷🇴 2.57.122.177