JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 154.29.233.198

154.29.233.198 was found in our database!

This IP was reported 11 times. Confidence of Abuse is 4%: ?

ISP	Aventice LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS46261
Domain Name	aventice.com
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 154.29.233.198

Whois 154.29.233.198

IP Abuse Reports for 154.29.233.198:

This IP address has been reported a total of 11 times from 3 distinct sources. 154.29.233.198 was first reported on May 28th 2025, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-01 03:02:16 (5 days ago)	(mod_security) mod_security (id:210730) triggered by 154.29.233.198 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 154.29.233.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 23:02:11.524732 2026] [security2:error] [pid 12707:tid 12727] [client 154.29.233.198:35521] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kettlehill.kettlehill.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.kettlehill.com"] [uri "/admin/log/error.log"] [unique_id "ahz2M_r1zQOtbkd9viU4TQAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇬 Stoyko Stoykov	2026-03-17 04:48:04 (2 months ago)	154.29.233.198 - - [17/Mar/2026:06:48:03 +0200] "GET /cgi-bin/printenv HTTP/1.1" 404 0 "http://213.9 ... show more 154.29.233.198 - - [17/Mar/2026:06:48:03 +0200] "GET /cgi-bin/printenv HTTP/1.1" 404 0 "http://213.91.237.205/cgi-bin/printenv" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-12-01 05:55:17 (6 months ago)	(mod_security) mod_security (id:211190) triggered by 154.29.233.198 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:211190) triggered by 154.29.233.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 00:53:52.403737 2025] [security2:error] [pid 25970:tid 26017] [client 154.29.233.198:44677] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|ftp.kettlehill.net\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php?ajaxAction=getIds&cfg=../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.kettlehill.net"] [uri "/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php"] [unique_id "aS0tcJmi-m8ypGFmmHe-KQAAAUQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-28 21:57:31 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 154.29.233.198 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 154.29.233.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 17:57:23.716480 2025] [security2:error] [pid 4727:tid 4727] [client 154.29.233.198:34755] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.nbcnewsradio.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.nbcnewsradio.com"] [uri "/\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\windows\\\\win.ini"] [unique_id "aQE8Q1PXBYl7UWqsxrPqrAAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-01 15:10:55 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 154.29.233.198 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 154.29.233.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 11:10:48.528734 2025] [security2:error] [pid 12475:tid 12494] [client 154.29.233.198:51953] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kettlehill.net\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.net"] [uri "/php_errors.log"] [unique_id "aN1EeGCKjmgjI9kURFKo3AAAAU8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-22 19:34:07 (8 months ago)	(mod_security) mod_security (id:210492) triggered by 154.29.233.198 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 154.29.233.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 22 15:34:03.794626 2025] [security2:error] [pid 32170:tid 32170] [client 154.29.233.198:32879] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.deandobkin.com"] [uri "/api/.env"] [unique_id "aNGkq3mFoIQp_jitzdSC4gAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-01 10:23:35 (10 months ago)	(mod_security) mod_security (id:210730) triggered by 154.29.233.198 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 154.29.233.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 06:23:29.142822 2025] [security2:error] [pid 3904811:tid 3904886] [client 154.29.233.198:57287] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.kettlehill.net\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.kettlehill.net"] [uri "/MyErrors.log"] [unique_id "aIyVoVxdmxur7baAoENFWwAAAks"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-06-16 23:20:02 (11 months ago)	\| Common web attack.	Hacking SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2025-06-01 05:36:52 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 154.29.233.198 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 154.29.233.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 01:36:12.519083 2025] [security2:error] [pid 2256137:tid 2256237] [client 154.29.233.198:45681] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.kettlehill.com"] [uri "/wp-config.php.txt"] [unique_id "aDvmzGQ8Dui5hvebpq9u6QAAAMY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-30 17:32:23 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 154.29.233.198 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 154.29.233.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 30 13:32:18.497126 2025] [security2:error] [pid 435076:tid 435076] [client 154.29.233.198:49483] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whm.nbcnewsradio.com"] [uri "/wp-config.php.bak"] [unique_id "aDnrohW1YgccaYjGTpiGbQAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-28 20:58:04 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 154.29.233.198 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 154.29.233.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 28 16:57:51.313161 2025] [security2:error] [pid 1902134:tid 1902134] [client 154.29.233.198:33579] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htpasswd" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.farmers123.com"] [uri "/.htpasswd"] [unique_id "aDd4z4nUMZftnMipo3C1XwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 11 of 11 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇮 147.185.133.151

🇫🇷 92.103.134.183

🇺🇸 65.49.1.95

🇯🇵 56.155.139.106

🇫🇷 51.38.12.12

🇺🇸 47.77.231.113

🇺🇸 20.118.217.73

🇺🇸 20.65.194.117

🇺🇸 18.216.87.225

🇫🇷 13.38.52.78

🇳🇱 178.16.55.50

🇳🇱 176.65.148.92

🇳🇱 176.65.139.247

🇮🇳 168.220.237.171

🇮🇳 116.72.9.151

🇩🇰 85.203.47.160

🇳🇱 85.121.127.139

🇺🇸 54.151.94.242

🇺🇸 23.234.72.60

🇰🇷 211.104.166.110