JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 154.94.13.36

154.94.13.36 was found in our database!

This IP was reported 24 times. Confidence of Abuse is 0%: ?

ISP	Cloud Innovation Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS17561
Domain Name	cloudinnovation.org
Country	🇪🇸 Spain
City	Madrid, Madrid

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 154.94.13.36

Whois 154.94.13.36

IP Abuse Reports for 154.94.13.36:

This IP address has been reported a total of 24 times from 11 distinct sources. 154.94.13.36 was first reported on November 15th 2024, and the most recent report was 8 months ago.

Old Reports: The most recent abuse report for this IP address is from 8 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇩 BPS-StatisticsIndonesia	2025-09-28 22:27:48 (8 months ago)	WP Login Scan Activities	Web App Attack
🇩🇪 LRob.fr	2025-09-25 04:46:59 (8 months ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇬🇧 [email protected]	2025-09-23 00:00:00 (8 months ago)	Form spam attack on aydansfault.net detected on 2025-09-23	Brute-Force
🇬🇧 [email protected]	2025-09-23 00:00:00 (8 months ago)	Form spam attack on aydansfault.net detected on 2025-09-23	Brute-Force
🇧🇪 cmbplf	2025-09-14 13:29:09 (8 months ago)	16.127 requests with url.path */xmlrpc.php	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2025-09-11 19:39:33 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 154.94.13.36 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 154.94.13.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 11 15:39:30.180005 2025] [security2:error] [pid 16198:tid 16198] [client 154.94.13.36:37881] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.blog.taxgroupsd.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.blog.taxgroupsd.com"] [uri "/s3cmd.ini"] [unique_id "aMMlcvYBxoGioOHc8aXe9QAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-10 11:43:31 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 154.94.13.36 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 154.94.13.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 10 07:43:23.719220 2025] [security2:error] [pid 2220331:tid 2220369] [client 154.94.13.36:35729] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.handbellsoloist.intartists.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.handbellsoloist.intartists.com"] [uri "/s3cmd.ini"] [unique_id "aMFkW8TLnt-VOZMhdEYDYgAAAMc"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2025-09-09 12:16:06 (8 months ago)	Repeated 403 errors, blocked by Fail2ban in custom-403 jail	Bad Web Bot
🇮🇩 BPS-StatisticsIndonesia	2025-09-07 07:19:09 (8 months ago)	WP Login Scan Activities	Web App Attack
🇺🇸 TPI-Abuse	2025-09-06 21:24:29 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 154.94.13.36 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 154.94.13.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 06 17:24:21.769064 2025] [security2:error] [pid 857:tid 857] [client 154.94.13.36:11101] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.cocinasintegralesjp.com.spyasociados.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.cocinasintegralesjp.com.spyasociados.com"] [uri "/s3cmd.ini"] [unique_id "aLymhUuptTxO1qkw0tPW-QAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-06 18:04:39 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 154.94.13.36 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 154.94.13.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 06 14:04:35.732615 2025] [security2:error] [pid 15353:tid 15353] [client 154.94.13.36:24519] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.deals.directnic-support.rocks\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.deals.directnic-support.rocks"] [uri "/s3cmd.ini"] [unique_id "aLx3s6bQ6tg8nVvXVVWQFwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-01 06:07:46 (9 months ago)	(mod_security) mod_security (id:210492) triggered by 154.94.13.36 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 154.94.13.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 01 02:07:40.848150 2025] [security2:error] [pid 30398:tid 30398] [client 154.94.13.36:21045] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.deathofaspymaster.com"] [uri "/config.php%7C/.env%7Csettings.py"] [unique_id "aLU4LNkIYkYRlPdgtacfWAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 voormedia	2025-08-31 18:58:43 (9 months ago)	Accessed trap at '/wp-login.php'	Web App Attack
🇮🇩 BPS-StatisticsIndonesia	2025-08-17 04:19:54 (9 months ago)	WP Login Scan Activities	Web App Attack
🇨🇭 backslash	2025-06-07 22:15:05 (11 months ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot

Showing 1 to 15 of 24 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.226

🇧🇷 187.0.238.206

🇭🇰 182.160.1.207

🇸🇬 128.199.231.249

🇰🇷 112.216.129.27

🇮🇩 110.137.82.151

🇱🇹 85.206.68.80

🇵🇭 124.107.185.138

🇳🇱 204.76.203.219

🇬🇧 188.240.59.15

🇺🇸 172.236.106.113

🇩🇪 159.89.1.53

🇻🇳 115.76.51.112

🇨🇳 112.86.225.161

🇺🇸 107.172.204.15

🇻🇳 103.78.0.229

🇳🇱 81.19.216.71

🇮🇳 68.233.116.124

🇻🇳 14.186.146.187

🇩🇪 213.209.159.56