JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 38.225.2.22

38.225.2.22 was found in our database!

This IP was reported 4 times. Confidence of Abuse is 0%: ?

ISP	Internetport Sweden AB
Usage Type	Data Center/Web Hosting/Transit
ASN	AS49770
Domain Name	internetport.se
Country	🇸🇪 Sweden
City	Stockholm, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 38.225.2.22

Whois 38.225.2.22

IP Abuse Reports for 38.225.2.22:

This IP address has been reported a total of 4 times from 3 distinct sources. 38.225.2.22 was first reported on January 12th 2026, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-01-27 02:38:05 (4 months ago)	(mod_security) mod_security (id:211190) triggered by 38.225.2.22 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:211190) triggered by 38.225.2.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 26 21:37:07.627036 2026] [security2:error] [pid 16656:tid 16665] [client 38.225.2.22:37693] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|kettlehill.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.com"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "aXgk0z4D1upuVdMC6K72BgAAAEY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-18 01:59:55 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 38.225.2.22 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 38.225.2.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 20:59:49.932377 2026] [security2:error] [pid 23894:tid 23894] [client 38.225.2.22:38001] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/wp-config.php.save"] [unique_id "aWw-lRWK6YX1-xsFhcKk6gAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-01-17 15:30:03 (4 months ago)	\| PHPMyAdmin scans (looking for setup.php).	Hacking SQL Injection Web App Attack
🇳🇱 Roderic	2026-01-12 11:37:32 (4 months ago)	(apache-useragents) Failed apache-useragents trigger with match [redacted])	Bad Web Bot

Showing 1 to 4 of 4 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 116.10.205.47

🇮🇳 103.38.219.22

🇺🇸 64.62.156.23

🇰🇷 218.51.148.194

🇦🇷 181.47.124.59

🇺🇸 96.8.119.183

🇳🇱 85.121.127.151

🇨🇳 14.103.74.80

🇺🇿 213.230.64.246

🇳🇱 103.69.224.101

🇫🇷 94.176.161.169

🇧🇬 79.124.62.178

🇸🇬 74.114.31.144

🇭🇰 45.142.154.96

🇺🇸 40.124.174.187

🇨🇳 223.157.9.142

🇲🇽 186.96.151.146

🇨🇳 182.119.190.168

🇨🇳 111.228.17.120

🇨🇳 111.113.88.179