AbuseIPDB » 155.254.38.112
155.254.38.112
This IP was reported 7 times. Confidence of
Abuse
is 0% : ?
ISP
SYN LTD
Usage Type
Fixed Line ISP
ASN
AS64080
Domain Name
syn.uk
Country
๐ฌ๐ง
United Kingdom of Great Britain and Northern Ireland
City
London, England
IP info including ISP, Usage Type, and Location provided
by IPInfo . Updated weekly.
IP Abuse Reports for 155.254.38.112 :
This IP address has been reported a total of
7
times from
4 distinct
sources.
155.254.38.112 was first reported on
August 31st 2025 , and the most recent report was
1 month ago
Old Reports:
The most recent abuse report for this IP address is from
1 month ago
Reporter
IoA Timestamp (UTC)
Comment
Categories
๐ฉ๐ช
rh24
2026-05-04 10:32:25
(1 month ago)
(apache-useragents) Failed apache-useragents trigger with match [redacted] from 155.254.38.112 (GB/U ...
show more
(apache-useragents) Failed apache-useragents trigger with match [redacted] from 155.254.38.112 (GB/United Kingdom/-)
show less
Bad Web Bot
๐ต๐ฑ
cheatmaster.store
2026-02-25 23:07:07
(3 months ago)
Automated report: This IP address has been identified as an active public open proxy.
Classification ...
show more
Automated report: This IP address has been identified as an active public open proxy.
Classification: Open Proxy | Spoofing | VPN/Anonymizer | Bad Web Bot.
Country: United Kingdom
Threat level: High. This host is listed across multiple public proxy databases and poses a risk of abuse, credential stuffing, scraping, and spoofed traffic.
Reported by automated threat intelligence pipeline. Do not whitelist without manual verification.
show less
Web Spam
Port Scan
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-01-17 04:59:24
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 155.254.38.112 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 155.254.38.112 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 23:59:12.988345 2026] [security2:error] [pid 20852:tid 20852] [client 155.254.38.112:38345] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/wp-config.php.bak"] [unique_id "aWsXICMwwrQNuWBeGk8DqQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-29 19:07:12
(5 months ago)
(mod_security) mod_security (id:212620) triggered by 155.254.38.112 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:212620) triggered by 155.254.38.112 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 14:07:05.096406 2025] [security2:error] [pid 31734:tid 31749] [client 155.254.38.112:57107] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||www.kettlehill.net|F|2"] [data "Matched Data: <script found within REQUEST_URI: /modules/fieldpopupnewsletter/ajax.php?callback=<script>alert(document.domain)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.kettlehill.net"] [uri "/modules/fieldpopupnewsletter/ajax.php"] [unique_id "aVLRWWCDVM70TD0LIjvRcwAAAUg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-11-13 11:32:50
(7 months ago)
(mod_security) mod_security (id:210730) triggered by 155.254.38.112 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 155.254.38.112 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 06:32:43.551327 2025] [security2:error] [pid 25039:tid 25039] [client 155.254.38.112:36715] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ftp.nbcnewsradio.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.nbcnewsradio.com"] [uri "/MyErrors.log"] [unique_id "aRXB2_tA-H2DEbGLmZzTDQAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
2025-10-10 18:40:04
(8 months ago)
| PHPMyAdmin scans (looking for setup.php).
Hacking
SQL Injection
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-08-31 04:45:11
(9 months ago)
(mod_security) mod_security (id:210492) triggered by 155.254.38.112 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 155.254.38.112 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 31 00:45:03.049119 2025] [security2:error] [pid 2797787:tid 2797804] [client 155.254.38.112:40305] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.kettlehill.com"] [uri "/js../.git/config"] [unique_id "aLPTT_C0t62R7dFmgHgwbwAAAQ0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Showing 1 to
7
of 7 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown ๐ฉ
Recently Reported IPs: