JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 38.154.227.97

38.154.227.97 was found in our database!

This IP was reported 9 times. Confidence of Abuse is 33%: ?

33%

ISP	B2 Net Solutions Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS55286
Domain Name	b2netsolutions.com
Country	🇺🇸 United States of America
City	Piscataway, New Jersey

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 38.154.227.97

Whois 38.154.227.97

IP Abuse Reports for 38.154.227.97:

This IP address has been reported a total of 9 times from 5 distinct sources. 38.154.227.97 was first reported on May 26th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-05-28 21:59:57 (1 week ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-27. show less	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-05-28 00:18:16 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 38.154.227.97 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 38.154.227.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 20:18:06.164579 2026] [security2:error] [pid 22118:tid 22118] [client 38.154.227.97:54715] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "armadillosigns.com"] [uri "/.env.save"] [unique_id "aheJvpQgPTIyeXU-8dm3eQAAABI"], referer: https://www.google.com/search?q=armadillosigns.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 00:00:32 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 38.154.227.97 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 38.154.227.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 20:00:03.425439 2026] [security2:error] [pid 19539:tid 19539] [client 38.154.227.97:39063] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "camillascause.org"] [uri "/.env.dev"] [unique_id "aheFg_1I4eWbSHcbJGMI6AAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Bedios GmbH	2026-05-27 17:22:47 (1 week ago)	SQL backup theft attempt	Hacking
🇺🇸 TPI-Abuse	2026-05-27 16:12:29 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 38.154.227.97 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 38.154.227.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 12:12:14.561612 2026] [security2:error] [pid 16684:tid 16684] [client 38.154.227.97:56383] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.villamarehiltonhead.empoweruohio.org\|F\|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.villamarehiltonhead.empoweruohio.org"] [uri "/config/master.key"] [unique_id "ahcX3mrB5kG6OD5qRUf9lQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 as211431.net	2026-05-27 12:55:14 (1 week ago)	Triggered Cloudflare WAF (linkMaze) from US. Action taken: LINK_MAZE_INJECTED Protocol: HTTP/1.1 (GE ... show more Triggered Cloudflare WAF (linkMaze) from US. Action taken: LINK_MAZE_INJECTED Protocol: HTTP/1.1 (GET method) Endpoint: /_rNd9xZ7kL3 UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇩🇪 HandyTreff.de	2026-05-27 00:57:49 (1 week ago)	Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -74.104 (Bad < -10 / Very Bad < -20 ... show more Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -74.104 (Bad < -10 / Very Bad < -20 / Extreme < -35) \| UA: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ChatGPT-User/1.0; +https://openai.com show less	Web App Attack Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-27 00:21:10 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 38.154.227.97 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 38.154.227.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 20:20:57.379792 2026] [security2:error] [pid 14395:tid 14395] [client 38.154.227.97:52559] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ultratecnologia.com.mx"] [uri "/.env.development"] [unique_id "ahY46bRfW1-v7UEKnJBf9wAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 18:08:24 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 38.154.227.97 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 38.154.227.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 14:08:19.374908 2026] [security2:error] [pid 20409:tid 20409] [client 38.154.227.97:33941] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.md20lf.org.ithacalions.com"] [uri "/wp-config.php"] [unique_id "ahXhk4-zYte7yNUTE5RbYAAAABQ"], referer: https://www.google.com/search?q=www.md20lf.org.ithacalions.com show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 9 of 9 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇨 202.22.136.103

🇩🇪 109.91.4.177

🇭🇰 103.106.188.32

🇨🇳 101.52.130.122

🇷🇺 94.103.2.175

🇰🇷 58.224.62.29

🇸🇬 2404:6800:4003:c1a::120

🇺🇸 154.197.57.70

🇨🇳 153.34.27.104

🇺🇸 147.124.202.130

🇺🇸 132.145.213.106

🇮🇩 103.63.25.203

🇱🇹 62.60.130.59

🇰🇷 14.55.144.22

🇧🇷 187.87.111.152

🇳🇱 178.16.55.50

🇺🇦 128.0.104.39

🇨🇳 120.3.10.197

🇮🇩 115.85.80.12

🇬🇧 35.203.210.36