JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 154.29.235.72

154.29.235.72 was found in our database!

This IP was reported 9 times. Confidence of Abuse is 12%: ?

12%

ISP	Aventice LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS46261
Domain Name	aventice.com
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 154.29.235.72

Whois 154.29.235.72

IP Abuse Reports for 154.29.235.72:

This IP address has been reported a total of 9 times from 4 distinct sources. 154.29.235.72 was first reported on May 28th 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-01 03:05:21 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 154.29.235.72 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 154.29.235.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 23:05:14.300194 2026] [security2:error] [pid 7732:tid 7760] [client 154.29.235.72:60841] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.staging.kettlehill.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.staging.kettlehill.com"] [uri "/error.log"] [unique_id "ahz26iKq_i-FrRbJEDISZwAAAU4"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-22 13:35:00 (2 weeks ago)	LH-Watcher: FAKE_ID [Fake Googlebot]	Bad Web Bot
🇺🇸 TPI-Abuse	2026-02-01 11:22:48 (4 months ago)	(mod_security) mod_security (id:212620) triggered by 154.29.235.72 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:212620) triggered by 154.29.235.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 01 06:22:30.002798 2026] [security2:error] [pid 16722:tid 16890] [client 154.29.235.72:44327] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|kettlehill.kettlehill.com:80\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /examples/jsp/snp/snoop.jsp;<script>alert(document.domain)</script>test.jsp"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "kettlehill.kettlehill.com"] [uri "/examples/jsp/snp/snoop.jsp;<script>alert(document.domain)</script>test.jsp"] [unique_id "aX83dcyMbG6v0xSDvGJSvQAAAsQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-03 02:54:39 (6 months ago)	(mod_security) mod_security (id:221260) triggered by 154.29.235.72 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:221260) triggered by 154.29.235.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 21:54:33.421047 2025] [security2:error] [pid 12113:tid 12113] [client 154.29.235.72:44725] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|www.farmers123.com:80\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.farmers123.com"] [uri "/cgi-bin/stats"] [unique_id "aS-maUKl3sOOcsX1RQzx_gAAAAk"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-29 02:01:48 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 154.29.235.72 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 154.29.235.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 22:01:45.337329 2025] [security2:error] [pid 24666:tid 24666] [client 154.29.235.72:56367] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.nbcnewsradio.com"] [uri "/.env.webmail"] [unique_id "aQF1id2rat_xzLCP4PWFOQAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-05 17:50:07 (10 months ago)	(mod_security) mod_security (id:210730) triggered by 154.29.235.72 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 154.29.235.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 05 13:50:03.131715 2025] [security2:error] [pid 14835:tid 14835] [client 154.29.235.72:56483] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|nbcnewsradio.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "nbcnewsradio.com"] [uri "/footer.php.bak"] [unique_id "aJJES2kWwOZ-a7yaPspSPAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 SCHAPPY	2025-07-29 04:00:21 (10 months ago)	IP was involved in L7 DDoS attack.	DDoS Attack
Anonymous	2025-07-01 14:40:04 (11 months ago)	\| XSS (Cross Site Scripting) attempt.	Hacking SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2025-05-28 21:09:06 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 154.29.235.72 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 154.29.235.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 28 17:09:02.204412 2025] [security2:error] [pid 1905281:tid 1905281] [client 154.29.235.72:37645] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|farmers123.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "farmers123.com"] [uri "/errors.log"] [unique_id "aDd7bnsJDA0O714NsVkA2wAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 9 of 9 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 152.32.197.166

🇺🇸 67.205.182.197

🇰🇷 61.76.112.4

🇺🇸 52.161.182.117

🇱🇹 45.227.254.170

🇮🇳 43.204.212.39

🇸🇬 43.163.88.133

🇺🇸 216.25.89.80

🇧🇷 187.115.144.103

🇨🇳 180.76.143.203

🇸🇬 159.65.2.17

🇩🇪 69.5.169.224

🇳🇱 45.198.224.5

🇺🇸 34.75.176.47

🇰🇷 34.50.17.82

🇳🇱 213.177.179.62

🇺🇸 198.2.188.89

🇩🇪 193.124.20.246

🇲🇽 189.217.130.86

🇹🇭 116.58.225.32