JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 154.94.14.239

154.94.14.239 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 0%: ?

ISP	Cloud Innovation Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS20326
Domain Name	cloudinnovation.org
Country	🇪🇸 Spain
City	Madrid, Madrid

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 154.94.14.239

Whois 154.94.14.239

IP Abuse Reports for 154.94.14.239:

This IP address has been reported a total of 17 times from 12 distinct sources. 154.94.14.239 was first reported on November 5th 2024, and the most recent report was 8 months ago.

Old Reports: The most recent abuse report for this IP address is from 8 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2025-10-02 00:44:18 (8 months ago)	(mod_security) mod_security (id:225170) triggered by 154.94.14.239 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 154.94.14.239 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 20:44:13.979376 2025] [security2:error] [pid 9114:tid 9114] [client 154.94.14.239:39961] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|saratogaequity.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "saratogaequity.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aN3K3cm9q-eLxDzvi7PC1gAAACg"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Vegascosmetics	2025-09-07 21:50:28 (9 months ago)	Kingcopy(AI-IDS):IP is Probing for Wordpress vulnerabilities WTF:Banned	Hacking Bad Web Bot Web App Attack
🇬🇧 D3monite	2025-09-03 13:59:07 (9 months ago)	Attempted Brute Force (cpaneld)	Brute-Force
🇩🇪 london2038.com	2025-09-03 05:29:06 (9 months ago)	Connection atttempts against closed TCP ports Sep 3 07:29:03 BLOCK SRC=154.94.14.239 LEN=60 TOS=0x0 ... show more Connection atttempts against closed TCP ports Sep 3 07:29:03 BLOCK SRC=154.94.14.239 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=31164 DF PROTO=TCP SPT=50881 DPT=22 WINDOW=64240 RES=0x00 SYN Sep 3 07:29:04 BLOCK SRC=154.94.14.239 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=31165 DF PROTO=TCP SPT=50881 DPT=22 WINDOW=64240 RES=0x00 SYN Sep 3 07:29:05 BLOCK SRC=154.94.14.239 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=31166 DF PROTO=TCP SPT=50881 DPT=22 WINDOW=64240 RES=0x00 SYN show less	Port Scan
🇧🇪 voormedia	2025-09-02 15:32:02 (9 months ago)	Accessed trap at '/xmlrpc.php'	Web App Attack
Anonymous	2025-08-27 17:08:30 (9 months ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2025-08-23 12:42:02 (9 months ago)	Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
🇺🇸 TPI-Abuse	2025-08-14 11:11:27 (9 months ago)	(mod_security) mod_security (id:225170) triggered by 154.94.14.239 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 154.94.14.239 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 14 07:11:24.014180 2025] [security2:error] [pid 13787:tid 13787] [client 154.94.14.239:38015] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|toptek.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "toptek.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aJ3EXH6e57WMXZNfzVRP2gAAAAI"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-08-08 15:51:43 (10 months ago)	wordpress-trap	Web App Attack
🇫🇷 Netrix	2025-06-18 16:32:00 (11 months ago)	L7 Flood botnet hosted by 3xK Tech	DDoS Attack Web Spam SSH
🇵🇱 sefinek.net	2025-06-03 04:36:44 (1 year ago)	Triggered Cloudflare WAF (firewallCustom) from ES. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from ES. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: /genshin-stella-mod UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Vivaldi/5.3.2679.68 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇦🇺 MAGIC	2025-04-21 03:04:36 (1 year ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇺🇸 TPI-Abuse	2025-04-10 19:14:00 (1 year ago)	(mod_security) mod_security (id:225170) triggered by 154.94.14.239 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 154.94.14.239 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 10 15:13:57.044059 2025] [security2:error] [pid 13339:tid 13339] [client 154.94.14.239:9615] [client 154.94.14.239] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|cityindustries.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "cityindustries.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z_gYddkJ0eYc51s0BX27igAAAAs"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-04-04 23:17:02 (1 year ago)	(mod_security) mod_security (id:225170) triggered by 154.94.14.239 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 154.94.14.239 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 04 19:16:58.829664 2025] [security2:error] [pid 4987:tid 4987] [client 154.94.14.239:12307] [client 154.94.14.239] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|jolankagroup.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "jolankagroup.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z_BoanhsJ5SP_CBOqajzvQAAAAY"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-04-03 12:50:05 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇻🇳 1.53.36.245

🇨🇷 186.151.98.83

🇨🇳 115.190.83.184

🇳🇬 102.91.4.215

🇺🇸 91.230.168.185

🇨🇦 85.217.149.70

🇧🇷 45.6.35.44

🇸🇬 43.134.142.214

🇸🇬 43.134.141.244

🇧🇪 34.79.80.195

🇵🇰 153.117.52.253

🇺🇸 71.206.190.209

🇳🇱 45.148.10.152

🇸🇬 43.134.127.70

🇸🇬 43.134.121.208

🇩🇪 2.26.1.31

🇨🇳 223.85.54.40

🇨🇳 218.207.25.249

🇫🇮 147.185.133.169

🇰🇷 116.123.150.231