This IP address has been reported a total of
72
times from
59 distinct
sources.
38.180.166.165 was first reported on
, and the most recent report was
.
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
Triggered Cloudflare WAF (ratelimit) from DE.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET method)
En ...
show moreTriggered Cloudflare WAF (ratelimit) from DE.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET method)
Endpoint: /root/.vultr-cli.yaml
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
[WedJul0113:45:42.8050362026][security2:error][pid1505729:tid1505811][client38.180.166.165:0]ModSecu ...
show more[WedJul0113:45:42.8050362026][security2:error][pid1505729:tid1505811][client38.180.166.165:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Patternmatch\"\(\?i\)\(\?:/\(\?:\^\|/\)\\\\\\\\.\(env\|git\|svn\|hg\|DS_Store\)\|/\(\?:wp-config\|\\\\\\\\.htaccess\|\\\\\\\\.htpasswd\)\|\\\\\\\\.\(\?:sql\|bak\|old\|log\)\$\)\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"156\"][id\"960720\"][msg\"Forbiddenfileaccessattempt\"][severity\"CRITICAL\"][hostname\"kiteinvest.ch.136-243-54-122.cpanel.site\"][uri\"/.env.old\"][unique_id\"akT95rYx7Un3fsSe7fbpjwAAAI8\"]
show less
Port Scan
Brute-Force
Web App Attack
Anonymous
38.180.166.165 - - [01/Jul/2026:11:28:06 +0000] "GET /.env HTTP/1.1" 404 47131 "-" "Mozilla/5.0 (Win ...
show more38.180.166.165 - - [01/Jul/2026:11:28:06 +0000] "GET /.env HTTP/1.1" 404 47131 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
...
show less
[WedJul0113:17:32.1669972026][security2:error][pid3869848:tid3869863][client38.180.166.165:0]ModSecu ...
show more[WedJul0113:17:32.1669972026][security2:error][pid3869848:tid3869863][client38.180.166.165:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"365\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"retepastoralebelli.ch\"][uri\"/.env\"][unique_id\"akT3TFRu3hrHvqokchZVtgAAAM0\"]
show less
Triggered Cloudflare WAF (firewallManaged) from DE.
Action taken: LOG
Protocol: HTTP/1.1 (GET method ...
show moreTriggered Cloudflare WAF (firewallManaged) from DE.
Action taken: LOG
Protocol: HTTP/1.1 (GET method)
Endpoint: /.env
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less