JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 154.29.239.97

154.29.239.97 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 0%: ?

ISP	Aventice LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS46261
Domain Name	aventice.com
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 154.29.239.97

Whois 154.29.239.97

IP Abuse Reports for 154.29.239.97:

This IP address has been reported a total of 12 times from 8 distinct sources. 154.29.239.97 was first reported on June 27th 2024, and the most recent report was 5 months ago.

Old Reports: The most recent abuse report for this IP address is from 5 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 IRISIO	2025-12-09 07:54:30 (5 months ago)	scans/SQL injection/spam posts : 2 queries	SQL Injection Web App Attack
🇦🇺 MAGIC	2025-03-27 16:05:49 (1 year ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇪🇸 10dencehispahard SL	2025-03-13 06:48:15 (1 year ago)	WP probing for vulnerabilities	Hacking Exploited Host
Anonymous	2025-02-28 18:07:09 (1 year ago)	wordpress-trap	Web App Attack
🇩🇪 ps-center	2024-11-27 08:15:20 (1 year ago)	SS1: Web Attack GET /wp-config.php.original	Web Spam Hacking Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-11-26 23:30:51 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 154.29.239.97 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:211190) triggered by 154.29.239.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 26 18:30:27.341131 2024] [security2:error] [pid 14708:tid 14884] [client 154.29.239.97:60551] [client 154.29.239.97] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|www.kettlehill.kettlehill.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?action=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kettlehill.kettlehill.com"] [uri "/"] [unique_id "Z0ZaE7Z-yNDsuHkwIgx2gAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 dayda.net	2024-11-22 04:05:19 (1 year ago)	query: rest_route=/wp/v2/users/	Bad Web Bot
🇺🇸 TPI-Abuse	2024-09-03 18:40:50 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 154.29.239.97 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 154.29.239.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 03 14:40:02.498057 2024] [security2:error] [pid 10361:tid 10361] [client 154.29.239.97:52451] [client 154.29.239.97] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.stdavids-media.com"] [uri "/.env.development.local"] [unique_id "ZtdYAklkP0zUo9CUxyh1zwAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-09-01 01:52:19 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 154.29.239.97 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:211190) triggered by 154.29.239.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 31 21:51:18.355187 2024] [security2:error] [pid 3087700:tid 3087740] [client 154.29.239.97:53213] [client 154.29.239.97] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|staging.kettlehill.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /document.php?modulepart=project&file=../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "staging.kettlehill.com"] [uri "/document.php"] [unique_id "ZtPIltyH84duF-C5mXVFwgAAAYo"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 10dencehispahard SL	2024-06-28 04:02:40 (1 year ago)	Unauthorized login attempts [ accesslogs]	Brute-Force
Anonymous	2024-06-28 01:35:03 (1 year ago)	\| A web attack returned code 200 (success).	Hacking SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2024-06-27 07:10:58 (1 year ago)	(mod_security) mod_security (id:212790) triggered by 154.29.239.97 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:212790) triggered by 154.29.239.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 27 03:10:50.372140 2024] [security2:error] [pid 31360:tid 47386305898240] [client 154.29.239.97:52207] [client 154.29.239.97] ModSecurity: Access denied with code 403 (phase 2). Pattern match "[\\\\s\\\\x22'](?:alert\|eval\|\\\\.fromcharcode)\\\\s?(?:\\\\(\|`)" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "72"] [id "212790"] [rev "5"] [msg "COMODO WAF: XSS Attack Detected\|\|www.kettlehill.net\|F\|2"] [data "Matched Data: 'alert( found within REQUEST_URI: /dashboard/snapshot/{{constructor.constructor('alert(document.domain)')()}}?orgid=1"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.kettlehill.net"] [uri "/dashboard/snapshot/{{constructor.constructor('alert(document.domain)')()}}"] [unique_id "Zn0QelyO989uQdQJj5NXdgAAAQ4"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 211.46.177.174

🇺🇸 205.210.31.76

🇹🇷 185.226.93.120

🇭🇰 122.10.115.18

🇺🇸 98.157.226.42

🇨🇭 89.145.166.198

🇨🇦 2607:f8b0:4023:1807::12b

🇺🇸 2604:a880:400:d1:0:4:8bed:a001

🇺🇿 213.230.92.85

🇮🇳 122.185.187.2

🇮🇳 106.215.146.205

🇲🇰 92.53.17.85

🇱🇹 81.30.98.142

🇧🇪 34.22.229.119

🇺🇸 207.241.173.41

🇳🇱 193.176.31.150

🇫🇮 147.185.133.94

🇬🇺 103.112.0.20

🇰🇷 59.15.58.148

🇳🇱 45.148.10.183