JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 154.94.13.161

154.94.13.161 was found in our database!

This IP was reported 11 times. Confidence of Abuse is 0%: ?

ISP	Cloud Innovation Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS17561
Domain Name	cloudinnovation.org
Country	🇪🇸 Spain
City	Madrid, Madrid

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 154.94.13.161

Whois 154.94.13.161

IP Abuse Reports for 154.94.13.161:

This IP address has been reported a total of 11 times from 7 distinct sources. 154.94.13.161 was first reported on November 24th 2024, and the most recent report was 8 months ago.

Old Reports: The most recent abuse report for this IP address is from 8 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Packets-Decreaser.NET	2025-09-19 17:34:18 (8 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇨🇭 backslash	2025-09-07 10:05:06 (9 months ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
🇺🇸 TPI-Abuse	2025-09-06 18:55:20 (9 months ago)	(mod_security) mod_security (id:210730) triggered by 154.94.13.161 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 154.94.13.161 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 06 14:55:15.380573 2025] [security2:error] [pid 22542:tid 22542] [client 154.94.13.161:37087] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.elgar.us\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.elgar.us"] [uri "/s3cmd.ini"] [unique_id "aLyDkxTBjo8VIdMcIP-08wAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-06 14:29:47 (9 months ago)	(mod_security) mod_security (id:210730) triggered by 154.94.13.161 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 154.94.13.161 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 06 10:29:42.614503 2025] [security2:error] [pid 8571:tid 8619] [client 154.94.13.161:44495] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.jrc3.com.randycameron.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.jrc3.com.randycameron.com"] [uri "/s3cmd.ini"] [unique_id "aLxFVt9VA7De5cIpV-1DcQAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-06 07:23:16 (9 months ago)	(mod_security) mod_security (id:210730) triggered by 154.94.13.161 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 154.94.13.161 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 06 03:23:08.617323 2025] [security2:error] [pid 1747964:tid 1747974] [client 154.94.13.161:23227] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.giftsandgarland.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.giftsandgarland.com"] [uri "/s3cmd.ini"] [unique_id "aLvhXKDHkIrhXA2BD8pUrAAAAQg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-01 20:48:29 (9 months ago)	(mod_security) mod_security (id:210730) triggered by 154.94.13.161 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 154.94.13.161 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 01 16:48:25.410106 2025] [security2:error] [pid 27620:tid 27620] [client 154.94.13.161:29361] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.ekinsirel.osmansirel.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.ekinsirel.osmansirel.com"] [uri "/s3cmd.ini"] [unique_id "aLYGmYZw6_g5KrnJnYxD3AAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-04-05 00:53:36 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇺🇸 TPI-Abuse	2025-03-26 18:28:35 (1 year ago)	(mod_security) mod_security (id:225170) triggered by 154.94.13.161 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 154.94.13.161 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 26 14:28:28.745759 2025] [security2:error] [pid 7627:tid 7627] [client 154.94.13.161:25501] [client 154.94.13.161] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|rietzke.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "rietzke.net"] [uri "/wp-json/wp/v2/users"] [unique_id "Z-RHTBK5oP1E2oWUNXTsRgAAABY"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 octageeks.com	2025-01-01 05:06:27 (1 year ago)	Wordpress malicious attack:[octaxmlrpc]	Web App Attack
Anonymous	2024-12-30 07:01:55 (1 year ago)	Attempted brute force login to web vpn 12 time(s); last attempt for 2024.12.30 is noted in report ti ... show more Attempted brute force login to web vpn 12 time(s); last attempt for 2024.12.30 is noted in report timestamp show less	Hacking Brute-Force
🇺🇸 PulseServers	2024-11-24 23:57:43 (1 year ago)	Malicious Web Traffic - Exploit probing, request floods, etc. on a server hosted by PulseServers.com ... show more Malicious Web Traffic - Exploit probing, request floods, etc. on a server hosted by PulseServers.com - ISUS1 ... show less	DDoS Attack Exploited Host

Showing 1 to 11 of 11 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇿 194.107.115.199

🇳🇱 192.42.116.12

🇨🇳 47.99.197.248

🇱🇹 45.227.254.170

🇲🇦 81.192.46.29

🇺🇸 45.33.12.231

🇹🇼 220.129.129.174

🇵🇦 201.218.125.149

🇨🇳 180.116.162.41

🇻🇳 116.110.154.182

🇨🇳 58.50.201.144

🇮🇳 43.227.185.238

🇺🇸 2a02:4780:b:964:0:fae:3e48:2

🇧🇪 198.235.24.227

🇹🇼 198.235.24.99

🇰🇷 118.37.214.187

🇷🇺 94.159.116.130

🇺🇸 54.240.3.16

🇺🇸 45.156.129.173

🇳🇱 45.148.10.147