This IP address has been reported a total of
10
times from
9 distinct
sources.
38.156.92.25 was first reported on
, and the most recent report was
.
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
Fail2Ban: 38.156.92.25 was banned for Aggressive Bad Bot detected by Nginx/Fail2Ban. UA: Mozilla/5.0 ...
show moreFail2Ban: 38.156.92.25 was banned for Aggressive Bad Bot detected by Nginx/Fail2Ban. UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
show less
[Askari] | country=CO | Behavior: Targeting specific pages, HTTP/1.1 over TLS, Concurrent page load ...
show more[Askari] | country=CO | Behavior: Targeting specific pages, HTTP/1.1 over TLS, Concurrent page load during attack
show less
ELEVATED_THREAT | country=CO | ASN=CONEXION COMERCIALIZACION DE SERVICIOS DE TELECOMUNICACIONES EMPA ...
show moreELEVATED_THREAT | country=CO | ASN=CONEXION COMERCIALIZACION DE SERVICIOS DE TELECOMUNICACIONES EMPALMERIA Y CONSTRUCCION DE R | 588 IPs targeting /category/light-bulbs.html | Facet request during elevated threat (facet_ratio=0.82, unique_ips=1353) | HTTP/1.1 over TLS (elevated=True)
show less
(mod_security) mod_security (id:900210) triggered by 38.156.92.25 (US/United States/-): 2 in the las ...
show more(mod_security) mod_security (id:900210) triggered by 38.156.92.25 (US/United States/-): 2 in the last 900 secs
show less
Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -61.217 (Bad < -10 / Very Bad < -20 ...
show moreBot/Spam/Scrapper attack detected on www.handytreff.de - Score: -61.217 (Bad < -10 / Very Bad < -20 / Extreme < -35) | UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Sa
show less
(mod_security) mod_security (id:210730) triggered by 38.156.92.25 (-): 1 in the last 300 secs; Ports ...
show more(mod_security) mod_security (id:210730) triggered by 38.156.92.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 26 10:02:29.204114 2026] [security2:error] [pid 24887:tid 24887] [client 38.156.92.25:28706] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||alexetjeremy.com|F|2"] [data ".png.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "alexetjeremy.com"] [uri "/images/logo.png.bak"] [unique_id "ae4a9QrXjrT35aKV4ANQBgAAAAA"], referer: https://alexetjeremy.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
Distributed web crawl botnet attack (like Mellowtel), likely illicit scraping of AI training data to ...
show moreDistributed web crawl botnet attack (like Mellowtel), likely illicit scraping of AI training data to bypass firewall/robots.txt restrictions in thread-post.asp
show less
Exploited Host
Bad Web Bot
Showing 1 to
10
of 10 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown ๐ฉ