JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 38.154.191.163

38.154.191.163 was found in our database!

This IP was reported 9 times. Confidence of Abuse is 0%: ?

ISP	Server Mania Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS55286
Domain Name	servermania.com
Country	🇺🇸 United States of America
City	Piscataway, New Jersey

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 38.154.191.163

Whois 38.154.191.163

IP Abuse Reports for 38.154.191.163:

This IP address has been reported a total of 9 times from 4 distinct sources. 38.154.191.163 was first reported on September 26th 2023, and the most recent report was 8 months ago.

Old Reports: The most recent abuse report for this IP address is from 8 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2025-10-01 16:10:20 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 38.154.191.163 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 38.154.191.163 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 12:10:13.226479 2025] [security2:error] [pid 30110:tid 30160] [client 38.154.191.163:45571] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kettlehill.kettlehill.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.kettlehill.com"] [uri "/kettlehill.kettlehill.com/errors.log"] [unique_id "aN1SZckWrLLgoGKIU58yJAAAAc8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-27 01:22:53 (11 months ago)	(mod_security) mod_security (id:221260) triggered by 38.154.191.163 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:221260) triggered by 38.154.191.163 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 21:22:47.196159 2025] [security2:error] [pid 729657:tid 729712] [client 38.154.191.163:44639] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|cpanel.staging.kettlehill.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.staging.kettlehill.com"] [uri "/cgi-bin/status/status.cgi"] [unique_id "aIV_ZxUVDjlJfvQpjEJAHwAAABI"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-29 19:47:16 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 38.154.191.163 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 38.154.191.163 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 15:47:11.397777 2025] [security2:error] [pid 3352354:tid 3352354] [client 38.154.191.163:60385] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.farmers123.com"] [uri "/wp-config.php"] [unique_id "aDi5vxNqfHhJzOFEmjvGgAAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-02-28 21:27:20 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 38.154.191.163 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:211190) triggered by 38.154.191.163 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 28 16:26:22.545867 2025] [security2:error] [pid 1346:tid 1513] [client 38.154.191.163:55799] [client 38.154.191.163] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|kettlehill.net\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/mail-masta/inc/lists/csvexport.php?pl=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.net"] [uri "/wp-content/plugins/mail-masta/inc/lists/csvexport.php"] [unique_id "Z8Ip_kDVVIPjkof-kdQMkAAAAgc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 ChamberofCommerce.com	2023-11-06 01:32:57 (2 years ago)	Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested ... show more Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested Before Block:226 show less	Bad Web Bot
🇺🇸 ChamberofCommerce.com	2023-11-02 05:32:40 (2 years ago)	Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested ... show more Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested Before Block:227 show less	Bad Web Bot
🇺🇸 ChamberofCommerce.com	2023-10-30 20:36:58 (2 years ago)	Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested ... show more Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested Before Block:226 show less	Bad Web Bot
Anonymous	2023-10-03 13:31:46 (2 years ago)	Common attack or app scan event detected and blocked	Port Scan Hacking Web App Attack
🇩🇪 ps-center	2023-09-26 05:12:28 (2 years ago)	SS1: Web Attack GET /wp-config.php.inc	Web Spam Hacking Bad Web Bot Web App Attack

Showing 1 to 9 of 9 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 223.85.102.135

🇫🇮 204.168.153.40

🇬🇧 191.96.110.38

🇧🇷 170.150.252.53

🇧🇷 168.227.225.13

🇧🇬 164.138.220.142

🇫🇮 147.185.133.4

🇺🇸 96.78.175.36

🇷🇴 80.94.92.130

🇧🇬 79.124.56.250

🇺🇸 54.166.251.217

🇵🇭 49.151.174.190

🇸🇬 47.84.204.129

🇧🇪 198.235.24.168

🇹🇼 198.235.24.75

🇩🇪 178.105.221.181

🇺🇸 159.198.35.26

🇨🇳 120.85.115.213

🇷🇴 92.118.39.77

🇵🇱 87.251.64.158