JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 3.138.164.131

3.138.164.131 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 2%: ?

ISP	Amazon Technologies Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS16509
Hostname(s)	ns1.techtime.me
Domain Name	amazon.com
Country	🇺🇸 United States of America
City	Columbus, Ohio

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 3.138.164.131

Whois 3.138.164.131

IP Abuse Reports for 3.138.164.131:

This IP address has been reported a total of 19 times from 13 distinct sources. 3.138.164.131 was first reported on November 16th 2025, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-05-27 17:22:00 (2 weeks ago)	E-mail spam at 2026-05-27 17:22 from @qimmatjco.com with score 11	Email Spam
🇨🇭 zynex	2026-03-03 09:49:36 (3 months ago)	URL Probing: /adminer-5.3.0-mysql-en.php	Web App Attack
🇬🇧 consul.to	2026-02-28 04:56:22 (3 months ago)	Web attack/malicious scanning detected	Web App Attack
🇳🇿 Antinson	2026-02-26 07:46:20 (3 months ago)	Scraping with a high error ratio and request rate	Bad Web Bot
🇸🇪 konseptit	2026-02-25 18:16:02 (3 months ago)	(mod_security) mod_security triggered on hostname [redacted] 3.138.164.131 (US/United States/ns1.tec ... show more (mod_security) mod_security triggered on hostname [redacted] 3.138.164.131 (US/United States/ns1.techtime.me) show less	SQL Injection
🇩🇪 Petros Stefanakis	2026-02-23 00:07:44 (3 months ago)	(mod_security) mod_security triggered on hostname [redacted] 3.138.164.131 (US/United States/ns1.tec ... show more (mod_security) mod_security triggered on hostname [redacted] 3.138.164.131 (US/United States/ns1.techtime.me) show less	SQL Injection
🇺🇸 TPI-Abuse	2026-02-22 06:32:01 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 3.138.164.131 (ns1.techtime.me): 1 in the last ... show more (mod_security) mod_security (id:210730) triggered by 3.138.164.131 (ns1.techtime.me): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 22 01:31:53.689315 2026] [security2:error] [pid 2009:tid 2009] [client 3.138.164.131:51036] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|muslera.com\|F\|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "muslera.com"] [uri "/htdocs.bak"] [unique_id "aZqi2f0vPCxfwQt4kpIA1wAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-02-22 06:05:48 (3 months ago)	Blocked: Reason='Vulnerability probing — PHP scan detected (65/60 min)'; Requests=65	Port Scan
Anonymous	2026-02-18 10:03:35 (3 months ago)	Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: US, Attack patterns: Word ... show more Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: US, Attack patterns: WordPress scanning, Backup file probing show less	Bad Web Bot Web App Attack
Anonymous	2026-02-15 18:23:41 (3 months ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇱🇻 garmtech.com	2026-01-31 21:53:38 (4 months ago)	IM360 WAF: Laravel .env file access	Web App Attack
🇺🇸 TPI-Abuse	2026-01-31 12:47:36 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 3.138.164.131 (ns1.techtime.me): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 3.138.164.131 (ns1.techtime.me): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 31 07:47:32.384274 2026] [security2:error] [pid 7689:tid 7689] [client 3.138.164.131:35544] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dolphin-view.com"] [uri "/.env"] [unique_id "aX355FuktRIa8WgJzDORcwAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-31 12:00:52 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 3.138.164.131 (ns1.techtime.me): 1 in the last ... show more (mod_security) mod_security (id:210730) triggered by 3.138.164.131 (ns1.techtime.me): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 31 07:00:44.846150 2026] [security2:error] [pid 16528:tid 16528] [client 3.138.164.131:43766] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|waggonerfinancial.com\|F\|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "waggonerfinancial.com"] [uri "/website.bak"] [unique_id "aX3u7BcRnM5DFgR4LYrzCQAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Mangelot Hosting	2026-01-31 04:45:10 (4 months ago)	(db_admin_scan) srv103 DB admin scan 3.138.164.131 (US/United States/ns1.techtime.me): 1 in the last ... show more (db_admin_scan) srv103 DB admin scan 3.138.164.131 (US/United States/ns1.techtime.me): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
🇺🇸 TPI-Abuse	2025-12-08 07:33:13 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 3.138.164.131 (ns1.techtime.me): 1 in the last ... show more (mod_security) mod_security (id:210730) triggered by 3.138.164.131 (ns1.techtime.me): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 08 02:33:08.339089 2025] [security2:error] [pid 7263:tid 7263] [client 3.138.164.131:59520] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|sirio-b.com\|F\|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "sirio-b.com"] [uri "/httpd.bak"] [unique_id "aTZ_NAEbaXzGrMytrq8d7gAAABM"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 188.240.59.33

🇫🇷 176.186.86.13

🇺🇸 165.154.173.21

🇷🇺 91.146.24.164

🇳🇱 45.148.10.141

🇸🇬 45.43.63.68

🇮🇷 37.148.108.239

🇺🇸 23.94.92.98

🇺🇸 20.118.248.174

🇸🇬 13.212.81.92

🇳🇬 102.88.111.240

🇸🇪 83.226.56.106

🇺🇸 62.132.18.142

🇳🇱 45.156.128.166

🇮🇩 210.79.142.221

🇮🇳 182.95.150.106

🇰🇭 175.100.97.13

🇨🇳 117.23.109.183

🇫🇮 95.81.112.138

🇫🇷 82.102.18.118