JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 154.94.12.54

154.94.12.54 was found in our database!

This IP was reported 41 times. Confidence of Abuse is 0%: ?

ISP	Cloud Innovation Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS17561
Domain Name	cloudinnovation.org
Country	🇪🇸 Spain
City	Madrid, Madrid

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 154.94.12.54

Whois 154.94.12.54

IP Abuse Reports for 154.94.12.54:

This IP address has been reported a total of 41 times from 16 distinct sources. 154.94.12.54 was first reported on November 4th 2024, and the most recent report was 7 months ago.

Old Reports: The most recent abuse report for this IP address is from 7 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇭 backslash	2025-10-08 01:30:15 (7 months ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
🇺🇸 TPI-Abuse	2025-09-30 18:58:54 (8 months ago)	(mod_security) mod_security (id:225170) triggered by 154.94.12.54 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 154.94.12.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 30 14:58:47.328132 2025] [security2:error] [pid 21715:tid 21715] [client 154.94.12.54:42183] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|pleasurecube.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "pleasurecube.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aNwoZ6JBC2pnGAg4uv2hzwAAAAc"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-30 14:14:22 (8 months ago)	(mod_security) mod_security (id:225170) triggered by 154.94.12.54 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 154.94.12.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 30 10:14:16.506406 2025] [security2:error] [pid 23473:tid 23473] [client 154.94.12.54:10003] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|spacerecording.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "spacerecording.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aNvluDkQZVX82KhTRQFI4gAAAAM"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇧🇷 hostseries	2025-09-11 12:49:40 (8 months ago)	Trigger: LF_DISTATTACK	Brute-Force
🇬🇧 D3monite	2025-09-06 13:41:10 (9 months ago)	Attempted Brute Force (cpaneld)	Brute-Force
🇳🇱 exxos	2025-09-02 04:03:01 (9 months ago)	Attacks with Bad user agents	Hacking
🇳🇱 exxos	2025-09-02 02:05:09 (9 months ago)	HTTP1.x attacks	DDoS Attack
Anonymous	2025-08-31 17:26:30 (9 months ago)	2025-08-31T19:26:29.052231 localhost.localdomain sshd[1470373]: Failed password for root from 154.94 ... show more 2025-08-31T19:26:29.052231 localhost.localdomain sshd[1470373]: Failed password for root from 154.94.12.54 port 14623 ssh2 2025-08-31T19:26:29.791597 localhost.localdomain sshd[1470373]: Connection closed by authenticating user root 154.94.12.54 port 14623 [preauth] ... show less	Brute-Force SSH
🇻🇳 Xuan Can	2025-08-28 13:56:38 (9 months ago)	(mod_security) mod_security (id:981242) triggered by 154.94.12.54 (-): 1 in the last 3600 secs; Port ... show more (mod_security) mod_security (id:981242) triggered by 154.94.12.54 (-): 1 in the last 3600 secs; Ports: 80,443; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 28 20:56:35.193630 2025] [security2:error] [pid 16221:tid 16255] [client 154.94.12.54:0] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(?i:(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s?(x?or\|div\|like\|between\|and)\\\\s?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]?\\\\d)\|(?:\\\\\\\\x(?:23\|27\|3d))\|(?:^.?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]$)\|(?:(?:^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\\\\\]*?(?:[\\\\ ..." at ARGS:sort. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "823"] [id "981242"] [msg "Detects classic SQL injection probings 1/2"] [data "Matched Data: ' found within ARGS:sort: '"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.diendanmaychu.vn"] [uri "/memberlist.php"] [unique_id "aLBgE4z-dbOEiXKRB684xwAAAMY"] show less	Brute-Force SSH
Anonymous	2025-08-23 19:00:16 (9 months ago)	Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
🇬🇧 AvonleaConsulting	2025-08-18 22:59:19 (9 months ago)	Scanning unused Default website or suspicious access to valid sites from IP marked as abusive	Bad Web Bot Web App Attack
🇬🇧 AvonleaConsulting	2025-08-18 17:37:54 (9 months ago)	Unrecognised attack	IoT Targeted
🇱🇺 conseilgouz	2025-08-16 13:36:48 (9 months ago)	are-12 : Block return, carriage return, ... characters=>/index.php?option=com_content&option=%27 ... show more are-12 : Block return, carriage return, ... characters=>/index.php?option=com_content&option=%27(') show less	Hacking
🇦🇺 oncord	2025-08-02 12:04:57 (10 months ago)	Form spam	Web Spam
Anonymous	2025-08-02 11:47:44 (10 months ago)		Web Spam

Showing 1 to 15 of 41 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 213.166.84.60

🇺🇸 172.174.17.234

🇺🇿 144.124.196.107

🇸🇬 139.180.145.23

🇺🇸 72.10.32.138

🇳🇱 45.153.34.112

🇬🇧 35.203.210.203

🇻🇳 14.225.173.146

🇹🇳 196.238.157.55

🇨🇳 180.95.231.122

🇫🇮 80.66.83.80

🇨🇳 60.16.212.198

🇳🇱 45.148.10.183

🇬🇭 41.139.10.195

🇧🇷 2a02:4780:13:1760:0:2c50:f486:1

🇹🇭 202.29.236.76

🇮🇩 163.7.3.154

🇬🇭 154.160.16.116

🇭🇰 154.92.17.58

🇨🇳 118.196.48.68