JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 154.6.115.73

154.6.115.73 was found in our database!

This IP was reported 9 times. Confidence of Abuse is 14%: ?

14%

ISP	Cogent Communications, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS64286
Domain Name	cogentco.com
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 154.6.115.73

Whois 154.6.115.73

IP Abuse Reports for 154.6.115.73:

This IP address has been reported a total of 9 times from 2 distinct sources. 154.6.115.73 was first reported on May 26th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-05-28 22:03:05 (1 week ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-27. show less	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-05-28 00:18:17 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 154.6.115.73 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 154.6.115.73 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 20:18:09.890638 2026] [security2:error] [pid 31368:tid 31368] [client 154.6.115.73:57381] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.iconbizpromo.com"] [uri "/wp-config.php.save"] [unique_id "aheJwbSng4HKWPjUvkJr0wAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 16:39:23 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 154.6.115.73 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 154.6.115.73 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 12:39:16.358723 2026] [security2:error] [pid 18839:tid 18839] [client 154.6.115.73:55809] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.academicesl.com.nilestree.com"] [uri "/.git/config"] [unique_id "ahceNEQPAH4heLJ88RegOwAAAFc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 12:18:44 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 154.6.115.73 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 154.6.115.73 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 08:18:34.565748 2026] [security2:error] [pid 18946:tid 18946] [client 154.6.115.73:51439] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.bernabeu.org"] [uri "/.env.save"] [unique_id "ahbhGhTrmhcFUJjR7lZsAAAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 10:45:10 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 154.6.115.73 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 154.6.115.73 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 06:45:03.756158 2026] [security2:error] [pid 14696:tid 14696] [client 154.6.115.73:53303] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.vittaria.com"] [uri "/.env.production"] [unique_id "ahbLL88eXtC8PIr9QzihbwAAAAk"], referer: https://www.google.com/search?q=webdisk.vittaria.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 00:58:06 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 154.6.115.73 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 154.6.115.73 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 20:57:59.539342 2026] [security2:error] [pid 30551:tid 30551] [client 154.6.115.73:55409] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|oposicionesyconcursos.es\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "oposicionesyconcursos.es"] [uri "/db_backup.sql"] [unique_id "ahZBl8D6RJZgw1EqLwWjtwAAAAo"], referer: https://www.google.com/search?q=oposicionesyconcursos.es show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 00:21:54 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 154.6.115.73 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 154.6.115.73 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 20:21:41.076966 2026] [security2:error] [pid 15888:tid 15888] [client 154.6.115.73:36887] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.ultratec.com.mx.activethinkers.net\|F\|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.ultratec.com.mx.activethinkers.net"] [uri "/config/master.key"] [unique_id "ahY5FUD2XW-UuX9tfYVfRQAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 23:51:38 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 154.6.115.73 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 154.6.115.73 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 19:50:36.692137 2026] [security2:error] [pid 27986:tid 27986] [client 154.6.115.73:38131] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.asfmglobal.com"] [uri "/.env.development"] [unique_id "ahYxzD0RtMcYawkGFue2JwAAABA"], referer: https://www.google.com/search?q=autodiscover.asfmglobal.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 18:15:10 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 154.6.115.73 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 154.6.115.73 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 14:14:28.306075 2026] [security2:error] [pid 7486:tid 7486] [client 154.6.115.73:49163] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "elianabeam.com"] [uri "/.env.vercel"] [unique_id "ahXjBGr-7N9NeKrw0o-WAgAAABI"], referer: https://www.google.com/search?q=elianabeam.com show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 9 of 9 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇪 198.235.24.195

🇹🇭 171.100.156.38

🇹🇼 128.14.239.39

🇭🇰 118.193.44.169

🇺🇸 76.132.238.43

🇸🇬 47.131.85.251

🇫🇷 45.94.209.196

🇳🇬 41.219.149.74

🇬🇧 194.233.156.6

🇭🇰 189.1.246.91

🇰🇷 183.99.218.72

🇮🇳 182.95.111.46

🇺🇸 173.255.226.101

🇭🇰 152.32.128.214

🇺🇸 147.182.182.67

🇯🇵 121.84.147.45

🇺🇸 107.167.34.125

🇺🇸 100.56.233.58

🇲🇾 49.124.149.214

🇧🇷 45.205.1.73