JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 204.217.128.154

204.217.128.154 was found in our database!

This IP was reported 8 times. Confidence of Abuse is 17%: ?

17%

ISP	Aventice LLC
Usage Type	Fixed Line ISP
ASN	AS11572
Domain Name	aventice.com
Country	🇺🇸 United States of America
City	Atlanta, Georgia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 204.217.128.154

Whois 204.217.128.154

IP Abuse Reports for 204.217.128.154:

This IP address has been reported a total of 8 times from 7 distinct sources. 204.217.128.154 was first reported on June 8th 2022, and the most recent report was 22 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 london2038.com	2026-06-27 19:09:02 (22 hours ago)	2026-06-27 09:09:01+02:00 portcheck: Unsolicited connect from 204.217.128.154:48953 (seen tarpitted) ... show more 2026-06-27 09:09:01+02:00 portcheck: Unsolicited connect from 204.217.128.154:48953 (seen tarpitted) 2026-06-27 21:09:01+02:00 portcheck: Unsolicited connect from 204.217.128.154:48953 (seen tarpitted) show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-05 19:05:46 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 204.217.128.154 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 204.217.128.154 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 15:05:42.601935 2026] [security2:error] [pid 2007:tid 2007] [client 204.217.128.154:64723] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|holgerfeld.com:80\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "holgerfeld.com"] [uri "/mailto:[email protected]"] [unique_id "aiMeBoGdulm_MwYlXlucAQAAAAM"], referer: http://holgerfeld.com show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 robotstxt	2026-05-15 16:45:49 (1 month ago)	204.217.128.154 - - [15/May/2026:16:44:52 +0000] "GET /mailto:[email protected] HTTP/1.1" 404 43140 "http ... show more 204.217.128.154 - - [15/May/2026:16:44:52 +0000] "GET /mailto:[email protected] HTTP/1.1" 404 43140 "https://fundaciopacopuerto.cat" rt="0.551" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36" "-" h="fundaciopacopuerto.cat" sn="fundaciopacopuerto.cat" ru="/mailto:[email protected]" u="/index.php" ucs="-" ua="unix:/var/run/php/fundacio82.sock" us="404" uct="0.000" urt="0.551" 204.217.128.154 - - [15/May/2026:16:44:55 +0000] "GET /mailto:[email protected] HTTP/1.1" 404 43138 "https://fundaciopacopuerto.cat" rt="0.404" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36" "-" h="fundaciopacopuerto.cat" sn="fundaciopacopuerto.cat" ru="/mailto:[email protected]" u="/index.php" ucs="-" ua="unix:/var/run/php/fundacio82.sock" us="404" uct="0.000" urt="0.404" 204.217.128.154 - - [15/May/2026:16:44:59 +0000] "GET /mailto:[email protected] HTTP/1.1" 404 42820 "https://fundaciopacopuerto.cat" ... show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-04-07 00:47:23 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 204.217.128.154 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 204.217.128.154 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 06 20:47:18.788651 2026] [security2:error] [pid 837551:tid 837551] [client 204.217.128.154:41843] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|constructionloansfunding.com:80\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "constructionloansfunding.com"] [uri "/mailto:[email protected]"] [unique_id "adRUFhseo2S8KJhYUpqu5gAAABM"], referer: http://constructionloansfunding.com show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 WeCloudit-Anti-Abuse	2025-07-10 00:30:06 (11 months ago)	WAF: Block WordPress spammers 2- wsit	Email Spam Brute-Force
🇩🇪 FeG Deutschland	2025-04-24 13:20:34 (1 year ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 2	Exploited Host Web App Attack
Anonymous	2025-02-28 07:28:13 (1 year ago)	wordpress-trap	Web App Attack
🇺🇸 TheMadBeaker	2022-06-08 09:28:55 (4 years ago)	Fail2Ban Ban Triggered HTTP SQL Injection Attempt	Hacking SQL Injection

Showing 1 to 8 of 8 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇪 195.178.191.5

🇺🇸 162.0.226.2

🇧🇷 138.59.187.244

🇫🇷 82.124.136.129

🇱🇻 81.30.98.44

🇺🇸 66.132.186.200

🇺🇸 173.255.210.89

🇦🇫 149.54.40.222

🇺🇸 95.134.89.250

🇯🇵 20.63.216.87

🇮🇷 2.190.48.140

🇵🇱 185.238.72.3

🇺🇸 69.74.29.21

🇺🇸 206.81.14.205

🇧🇷 187.16.96.250

🇺🇸 162.35.172.97

🇿🇦 105.184.6.148

🇿🇦 105.184.5.179

🇮🇹 78.134.49.171

🇦🇺 35.213.192.42