JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 45.154.138.17

45.154.138.17 was found in our database!

This IP was reported 117 times. Confidence of Abuse is 18%: ?

18%

ISP	VPN Consumer Marseille, France
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	vpnconsumer.com
Country	🇫🇷 France
City	Marseille, Provence-Alpes-Cote d'Azur

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 45.154.138.17

Whois 45.154.138.17

IP Abuse Reports for 45.154.138.17:

This IP address has been reported a total of 117 times from 61 distinct sources. 45.154.138.17 was first reported on August 5th 2022, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Ba-Yu	2026-06-05 05:19:22 (1 day ago)	WordPress hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack
🇺🇸 omc	2026-04-19 05:37:55 (1 month ago)	GET /vendor/phpunit/phpunit/phpunit.xsd [Q4].	Bad Web Bot
🇺🇸 TPI-Abuse	2026-04-19 00:57:13 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 45.154.138.17 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 45.154.138.17 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 18 20:57:08.277226 2026] [security2:error] [pid 24177:tid 24177] [client 45.154.138.17:32955] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|candid-about-candida.com\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "candid-about-candida.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "aeQoZP9mfE4alhj70OruKQAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-19 00:34:51 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 45.154.138.17 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 45.154.138.17 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 18 20:34:46.876156 2026] [security2:error] [pid 1250124:tid 1250124] [client 45.154.138.17:54567] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|pluscures.com\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "pluscures.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "aeQjJp8sHjaa1Gcg1VQhpQAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-19 00:05:33 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 45.154.138.17 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 45.154.138.17 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 18 20:05:27.845329 2026] [security2:error] [pid 3792226:tid 3792226] [client 45.154.138.17:28897] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|lalalana.mx\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "lalalana.mx"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "aeQcR9WyJtK8ZmX2FMN8NwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-18 23:13:39 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 45.154.138.17 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 45.154.138.17 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 18 19:13:30.957308 2026] [security2:error] [pid 2768206:tid 2768206] [client 45.154.138.17:34633] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|versallis.com\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "versallis.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "aeQQGvdFFRVtLt1RLbgSBQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-17 08:35:49 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 45.154.138.17 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 45.154.138.17 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 17 04:35:42.046702 2026] [security2:error] [pid 4130996:tid 4130996] [client 45.154.138.17:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|chaitanyaconsult.in\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "chaitanyaconsult.in"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "aeHw3s49GrFKzyisa2JKMQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 backslash	2026-04-08 00:33:00 (1 month ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
🇦🇺 oncord	2026-04-01 03:41:15 (2 months ago)	Form spam	Web Spam
🇸🇪 SkyDancer	2026-03-27 01:25:11 (2 months ago)	Multiple intrusion attempts via http/https on known vulnerable url offsets. Attack automatically blo ... show more Multiple intrusion attempts via http/https on known vulnerable url offsets. Attack automatically blocked by SkyDancer Ai(web-X). show less	Hacking Brute-Force
🇺🇸 xmission.com	2026-03-25 01:52:14 (2 months ago)	45.154.138.17 - - [24/Mar/2026:19:52:14 -0600] "POST /wp-login.php HTTP/1.1" 200 6929 "-" "Mozilla/5 ... show more 45.154.138.17 - - [24/Mar/2026:19:52:14 -0600] "POST /wp-login.php HTTP/1.1" 200 6929 "-" "Mozilla/5.0" ... show less	Brute-Force
🇫🇷 dynamix	2026-03-19 18:04:06 (2 months ago)	Multiple WAF Violations	Web App Attack
🇺🇦 URAN Publishing Service	2026-03-18 05:40:30 (2 months ago)	45.154.138.17 - - [18/Mar/2026:07:40:28 +0200] "GET /wp-includes/Requests/about.php HTTP/1.1" 404 27 ... show more 45.154.138.17 - - [18/Mar/2026:07:40:28 +0200] "GET /wp-includes/Requests/about.php HTTP/1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36 OPR/70.0.3728.95" 45.154.138.17 - - [18/Mar/2026:07:40:29 +0200] "GET /wp-content/plugins/revslider/includes/external/page/index.php HTTP/1.1" 404 274 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" ... show less	Web App Attack
🇷🇺 sms.ru	2026-03-17 19:14:28 (2 months ago)	/wp-admin/maint/flower.php	Web App Attack
🇩🇪 MusicLibrary	2026-03-17 16:17:04 (2 months ago)	Attempted access to non existent wordpress urls	Bad Web Bot

Showing 1 to 15 of 117 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 185.216.145.166

🇵🇱 89.68.245.7

🇳🇱 88.151.32.194

🇺🇸 74.209.100.246

🇺🇸 52.44.198.19

🇬🇧 31.14.254.39

🇬🇧 195.206.182.198

🇬🇧 193.32.209.237

🇬🇧 134.209.25.199

🇰🇷 121.178.185.141

🇺🇸 107.172.221.56

🇨🇳 103.91.208.101

🇳🇱 89.248.167.131

🇬🇧 81.19.219.213

🇮🇶 65.20.135.32

🇨🇳 39.144.5.205

🇬🇧 5.226.140.55

🇺🇸 3.144.137.144

🇺🇸 192.3.64.210

🇬🇧 188.240.59.13