JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 194.38.18.86

194.38.18.86 was found in our database!

This IP was reported 9 times. Confidence of Abuse is 0%: ?

ISP	BAHIA VISTA SOLUTIONS LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS29802
Domain Name	hostmetric.org
Country	🇫🇷 France
City	Paris, Ile-de-France

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 194.38.18.86

Whois 194.38.18.86

IP Abuse Reports for 194.38.18.86:

This IP address has been reported a total of 9 times from 4 distinct sources. 194.38.18.86 was first reported on May 28th 2025, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-02-01 11:36:59 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 194.38.18.86 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 194.38.18.86 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 01 06:36:10.653322 2026] [security2:error] [pid 483:tid 646] [client 194.38.18.86:57651] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.kettlehill.com"] [uri "/.wp-config.php.swp"] [unique_id "aX86qgMxl-cQ0UzvOvR_YQAAAEA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 raspi4	2025-12-31 07:56:04 (5 months ago)	Fail2Ban Ban Triggered	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-12-01 06:30:13 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 194.38.18.86 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 194.38.18.86 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 01:30:07.736517 2025] [security2:error] [pid 27471:tid 27491] [client 194.38.18.86:57077] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.kettlehill.net"] [uri "/wp-config.php.bak"] [unique_id "aS0173LXOKC0tXS7y0kskgAAAIM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-12 12:57:12 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 194.38.18.86 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 194.38.18.86 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 12 07:57:05.659182 2025] [security2:error] [pid 15481:tid 15481] [client 194.38.18.86:52693] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autoconfig.nbcnewsradio.com"] [uri "/.env.live"] [unique_id "aRSEIXnw-YYmvdk5RfH-OwAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-01 15:23:08 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 194.38.18.86 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 194.38.18.86 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 11:23:01.810038 2025] [security2:error] [pid 12475:tid 12479] [client 194.38.18.86:43419] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kettlehill.net\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.net"] [uri "/errors/errors.log"] [unique_id "aN1HVWCKjmgjI9kURFKvgQAAAUA"] show less	Brute-Force Bad Web Bot Web App Attack
🇸🇬 raramos	2025-08-07 19:00:07 (10 months ago)	[SMB remote code execution attempt: port tcp/445] in blocklist.de:'listed [pop3]' in SpamCop:'listed ... show more [SMB remote code execution attempt: port tcp/445] in blocklist.de:'listed [pop3]' in SpamCop:'listed' in sorbs:'listed [web], [spam]' in Unsubscore:'listed' *(RWIN=8192)(04:10) show less	Web Spam Email Spam Port Scan Hacking Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-08-01 06:50:18 (10 months ago)	(mod_security) mod_security (id:210730) triggered by 194.38.18.86 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 194.38.18.86 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 02:50:09.628308 2025] [security2:error] [pid 3332372:tid 3332376] [client 194.38.18.86:60799] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.kettlehill.com\|F\|2"] [data ".old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.kettlehill.com"] [uri "/.ssh/known_hosts.old"] [unique_id "aIxjoR33aKcnOojmIbhZ6AAAAoI"], referer: http://ftp.kettlehill.com/.ssh/known_hosts.old show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-30 22:02:15 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 194.38.18.86 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 194.38.18.86 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 30 18:02:11.713995 2025] [security2:error] [pid 743126:tid 743126] [client 194.38.18.86:54267] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|autodiscover.nbcnewsradio.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "autodiscover.nbcnewsradio.com"] [uri "/log.log"] [unique_id "aDoq4_RPPxW-qtpshBgvugAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-05-28 04:50:12 (1 year ago)	\| A web attack returned code 200 (success).	Hacking SQL Injection Web App Attack

Showing 1 to 9 of 9 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2605:59c0:2152:b10:619d:31a2:102c:a1d4

🇦🇺 157.211.246.182

🇺🇸 2607:f8b0:400e:c17::123

🇧🇷 187.58.241.90

🇨🇳 183.230.155.13

🇨🇳 182.204.176.9

🇦🇹 159.100.25.169

🇧🇷 150.230.66.98

🇳🇱 91.92.40.8

🇺🇸 66.132.172.193

🇫🇷 62.169.21.154

🇬🇧 51.89.129.36

🇱🇹 45.227.254.170

🇳🇱 45.148.10.151

🇩🇪 45.135.141.19

🇩🇪 35.234.69.27

🇺🇸 20.96.179.87

🇳🇱 178.16.55.50

🇩🇪 167.94.146.68

🇺🇸 136.107.214.190