JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.70.38.54

172.70.38.54 was found in our database!

This IP was reported 193 times. Confidence of Abuse is 0%: ?

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Important Note: 172.70.38.54 is an IP address from within our whitelist belonging to the subnet 172.64.0.0/13, which we identify as: "Cloudflare Reverse Proxy".

Whitelisted netblocks are typically owned by trusted entities, such as Google or Microsoft who may use them for search engine spiders. However, these same entities sometimes also provide cloud servers and mail services which are easily abused. Pay special attention when trusting or distrusting these IPs.

Report 172.70.38.54

Whois 172.70.38.54

IP Abuse Reports for 172.70.38.54:

This IP address has been reported a total of 193 times from 13 distinct sources. 172.70.38.54 was first reported on September 29th 2021, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇺 oncord	2026-06-07 21:47:13 (4 days ago)	Form spam	Web Spam
🇦🇺 oncord	2026-06-05 23:55:53 (6 days ago)	Form spam	Web Spam
🇦🇺 oncord	2026-06-04 00:21:14 (1 week ago)	Form spam	Web Spam
🇦🇺 oncord	2026-06-02 15:39:10 (1 week ago)	Form spam	Web Spam
🇦🇺 oncord	2026-05-31 20:35:38 (1 week ago)	Form spam	Web Spam
🇺🇸 TPI-Abuse	2026-05-15 08:21:20 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 172.70.38.54 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 172.70.38.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 04:21:13.203783 2026] [security2:error] [pid 13254:tid 13254] [client 172.70.38.54:10589] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "davesastro.com"] [uri "/.env"] [unique_id "agbXebXTAohdJiRBIJqzLwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-06 07:22:55 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 172.70.38.54 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 172.70.38.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 06 03:22:52.049720 2026] [security2:error] [pid 7075:tid 7075] [client 172.70.38.54:10406] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fancyspider.net"] [uri "/.env.test"] [unique_id "adNfTPqlkQs1nPo5TJusEAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-06 04:26:47 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 172.70.38.54 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 172.70.38.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 06 00:26:38.972348 2026] [security2:error] [pid 16371:tid 16371] [client 172.70.38.54:12835] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.3905ccn.us"] [uri "/.env.backup"] [unique_id "adM1_lWSgXqT3eD5N0wengAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-06 00:32:25 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 172.70.38.54 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 172.70.38.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 05 20:32:21.836394 2026] [security2:error] [pid 23293:tid 23293] [client 172.70.38.54:13123] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.qatest.soudertonbigred.org"] [uri "/.env.dist"] [unique_id "adL_FS9PMmn1M3aLwZU05wAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-04 06:40:10 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 172.70.38.54 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 172.70.38.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 04 02:40:05.777679 2026] [security2:error] [pid 4091:tid 4091] [client 172.70.38.54:12565] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.agworldmissions.org"] [uri "/.env.dev"] [unique_id "adCyRTzr7IE8Lx4lSIInxAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-04 05:18:52 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 172.70.38.54 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 172.70.38.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 04 01:18:43.440143 2026] [security2:error] [pid 24208:tid 24208] [client 172.70.38.54:10312] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "impactventuresllc.com"] [uri "/.env.json"] [unique_id "adCfM7qoDu7KCaoh94JztwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-04 02:31:41 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 172.70.38.54 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 172.70.38.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 03 22:31:36.389395 2026] [security2:error] [pid 8901:tid 8901] [client 172.70.38.54:13036] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.medusakenya.com"] [uri "/.env.dev"] [unique_id "adB4CPSLXBFUP9_G8PTwNwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-03 18:20:10 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 172.70.38.54 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 172.70.38.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 03 14:20:03.124373 2026] [security2:error] [pid 9495:tid 9495] [client 172.70.38.54:10124] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.thresholddigital.com"] [uri "/.env.local"] [unique_id "adAE04PCQSfMuUuD6qQzPwAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-03 17:11:14 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 172.70.38.54 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 172.70.38.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 03 13:11:05.912206 2026] [security2:error] [pid 21608:tid 21608] [client 172.70.38.54:12058] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.bhu.rcto.us"] [uri "/.env.staging"] [unique_id "ac_0qUTQq1Hx5HC6q5mlKwAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇦 URAN Publishing Service	2026-04-03 16:14:33 (2 months ago)	172.70.38.54 - - [03/Apr/2026:19:14:31 +0300] "GET /wp-content/plugins/hellopress/wp_filemanager.php ... show more 172.70.38.54 - - [03/Apr/2026:19:14:31 +0300] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 770 "-" "-" 172.70.38.54 - - [03/Apr/2026:19:14:33 +0300] "GET /wp-content/packed.php HTTP/1.1" 404 683 "-" "-" ... show less	Web App Attack

Showing 1 to 15 of 193 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 195.210.114.68

🇧🇴 190.186.55.123

🇨🇳 27.0.135.6

🇺🇸 162.216.150.145

🇨🇳 110.52.23.55

🇨🇦 85.217.149.73

🇳🇱 45.148.10.151

🇪🇸 217.154.106.153

🇺🇸 172.174.236.9

🇺🇸 162.216.150.97

🇨🇳 153.0.49.17

🇹🇭 152.32.245.170

🇺🇸 150.107.38.102

🇺🇸 129.212.183.98

🇬🇧 87.236.176.246

🇺🇸 86.111.187.169

🇵🇱 54.38.52.18

🇳🇱 45.198.224.140

🇳🇱 45.82.56.77

🇧🇴 190.181.44.194