JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 38.154.191.101

38.154.191.101 was found in our database!

This IP was reported 15 times. Confidence of Abuse is 28%: ?

28%

ISP	Server Mania Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS55286
Domain Name	servermania.com
Country	🇺🇸 United States of America
City	Piscataway, New Jersey

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 38.154.191.101

Whois 38.154.191.101

IP Abuse Reports for 38.154.191.101:

This IP address has been reported a total of 15 times from 9 distinct sources. 38.154.191.101 was first reported on February 23rd 2025, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 consul.to	2026-05-30 08:58:42 (3 weeks ago)	Web attack/malicious scanning detected	Web App Attack
🇫🇷 masterguru	2026-05-29 10:00:12 (3 weeks ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 38.154.191.101 (US/United States/-): ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 38.154.191.101 (US/United States/-): 1 in the last 3600 secs (0-195) show less	Hacking
🇳🇱 homeshowdomain.nl	2026-05-28 22:04:07 (4 weeks ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-27. show less	Web App Attack SSH Hacking
🇮🇩 Burayot	2026-05-27 23:22:45 (4 weeks ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 38.154.191.101 (US/United States/-) ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 38.154.191.101 (US/United States/-): 1 in the last 3600 secs show less	Web App Attack
🇳🇱 homeshowdomain.nl	2026-05-27 21:59:23 (4 weeks ago)	Auto-ban: >3000 req/min op 2026-05-27	Web App Attack SSH Hacking
🇺🇸 OceanTreasure	2026-05-27 18:25:18 (4 weeks ago)	tcp/443; Environment configuration file exposure attempt: "GET /.env.local" @ 2026-05-27T18:23:19Z [ ... show more tcp/443; Environment configuration file exposure attempt: "GET /.env.local" @ 2026-05-27T18:23:19Z [proxy] show less	Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 12:19:07 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 38.154.191.101 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 38.154.191.101 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 08:18:58.993100 2026] [security2:error] [pid 18944:tid 18944] [client 38.154.191.101:59423] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.z-industrial.com"] [uri "/.env"] [unique_id "ahbhMqDOc5Erbw1EPw-5dAAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 10:44:59 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 38.154.191.101 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 38.154.191.101 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 06:44:51.912925 2026] [security2:error] [pid 17945:tid 17945] [client 38.154.191.101:44585] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.vittaria.com"] [uri "/.env"] [unique_id "ahbLI6Vmw5_HAhB91btVmgAAABQ"], referer: https://www.google.com/search?q=webdisk.vittaria.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 00:22:10 (4 weeks ago)	(mod_security) mod_security (id:210730) triggered by 38.154.191.101 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 38.154.191.101 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 20:21:39.415104 2026] [security2:error] [pid 14395:tid 14395] [client 38.154.191.101:45911] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.ultratec.com.mx.activethinkers.net\|F\|2"] [data ".tfstate.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.ultratec.com.mx.activethinkers.net"] [uri "/terraform.tfstate.backup"] [unique_id "ahY5E7RfW1-v7UEKnJBgFwAAAAo"], referer: https://www.google.com/search?q=www.ultratec.com.mx.activethinkers.net show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 18:11:02 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 38.154.191.101 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 38.154.191.101 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 14:10:53.711105 2026] [security2:error] [pid 4550:tid 4566] [client 38.154.191.101:38349] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "furball.co.uk"] [uri "/.env.vercel"] [unique_id "ahXiLWuLZncT7yMWfv8itgAAAUs"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 4server	2026-05-26 17:02:01 (4 weeks ago)	[TueMay2619:01:57.2159982026][security2:error][pid2813135:tid2813904][client38.154.191.101:0]ModSecu ... show more [TueMay2619:01:57.2159982026][security2:error][pid2813135:tid2813904][client38.154.191.101:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"364\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"www.executivekotech.it.81-17-25-250.cpanel.site\"][uri\"/.env.production\"][unique_id\"ahXSBSWMvdiI_Zu4fXhdCgAAAQc\"] show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-07-27 00:26:09 (10 months ago)	(mod_security) mod_security (id:221260) triggered by 38.154.191.101 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:221260) triggered by 38.154.191.101 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 20:25:55.389714 2025] [security2:error] [pid 291259:tid 291319] [client 38.154.191.101:36745] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|www.staging.kettlehill.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.staging.kettlehill.com"] [uri "/test.cgi"] [unique_id "aIVyE2QX5AgegSXcd9rYjQAAAQ4"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-29 16:52:04 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 38.154.191.101 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 38.154.191.101 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 12:51:57.869604 2025] [security2:error] [pid 3016407:tid 3016407] [client 38.154.191.101:47019] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.farmers123.com"] [uri "/media../.git/config"] [unique_id "aDiQrcZx2uSLpBM-BssRDQAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 dayda.net	2025-05-22 09:33:11 (1 year ago)	query: option=com_news_portal&controller=../../../../../../../../../../etc/passwd%00	Bad Web Bot
Anonymous	2025-02-23 06:00:11 (1 year ago)	\| Suspicious URL access.	Hacking SQL Injection Web App Attack

Showing 1 to 15 of 15 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇴 190.157.13.210

🇧🇷 185.239.191.251

🇷🇺 178.68.57.174

🇺🇸 147.185.132.69

🇨🇳 124.117.195.161

🇫🇷 91.231.89.210

🇺🇸 45.131.194.121

🇸🇬 43.134.42.6

🇬🇧 35.203.211.8

🇮🇹 34.154.99.24

🇺🇸 34.134.2.151

🇧🇷 186.215.107.189

🇨🇴 152.200.181.42

🇮🇳 150.241.245.155

🇰🇷 115.140.161.61

🇯🇵 101.36.105.50

🇦🇪 94.204.177.162

🇺🇸 91.230.168.165

🇺🇸 91.230.168.162

🇷🇺 77.221.151.241