JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 45.154.138.25

45.154.138.25 was found in our database!

This IP was reported 113 times. Confidence of Abuse is 36%: ?

36%

ISP	VPN Consumer Marseille, France
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	vpnconsumer.com
Country	🇫🇷 France
City	Marseille, Provence-Alpes-Cote d'Azur

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 45.154.138.25

Whois 45.154.138.25

IP Abuse Reports for 45.154.138.25:

This IP address has been reported a total of 113 times from 59 distinct sources. 45.154.138.25 was first reported on April 28th 2022, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇷🇺 sms.ru	2026-06-07 14:13:17 (2 days ago)	/wp-admin/js/admin.php	Web App Attack
🇬🇧 consul.to	2026-06-07 04:45:23 (2 days ago)	Web attack/malicious scanning detected	Web App Attack
🇫🇷 dynamix	2026-06-07 00:28:48 (3 days ago)	Multiple WAF Violations	Web App Attack
🇬🇧 consul.to	2026-06-05 07:30:36 (4 days ago)	Web attack/malicious scanning detected	Web App Attack
🇩🇪 Ba-Yu	2026-06-05 05:03:47 (4 days ago)	WordPress hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack
🇮🇳 Genhost	2026-05-05 19:42:04 (1 month ago)	SCANNING OF PHP SHELL FILES	Brute-Force SSH
🇺🇦 URAN Publishing Service	2026-04-29 22:50:40 (1 month ago)	45.154.138.25 - - [30/Apr/2026:01:50:39 +0300] "GET /wp-content/plugins/Iitespeed-cache/classwithtos ... show more 45.154.138.25 - - [30/Apr/2026:01:50:39 +0300] "GET /wp-content/plugins/Iitespeed-cache/classwithtostring.php HTTP/1.1" 404 708 "-" "Go-http-client/1.1" 45.154.138.25 - - [30/Apr/2026:01:50:39 +0300] "GET /wp-content/plugins/elementor/core/files/about.php HTTP/1.1" 404 708 "-" "Go-http-client/1.1" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-04-19 10:02:35 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 45.154.138.25 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 45.154.138.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 19 06:02:28.382518 2026] [security2:error] [pid 2276221:tid 2276221] [client 45.154.138.25:24959] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|rivendells.com\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "rivendells.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "aeSoNMlHChO3uPbKyz9nQwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-19 01:29:48 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 45.154.138.25 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 45.154.138.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 18 21:29:41.452926 2026] [security2:error] [pid 4928:tid 4928] [client 45.154.138.25:42503] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|musicwithsteve.com\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "musicwithsteve.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "aeQwBTKhSmmIBqFoGtQ7FwAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-19 00:45:35 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 45.154.138.25 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 45.154.138.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 18 20:45:27.368564 2026] [security2:error] [pid 13568:tid 13568] [client 45.154.138.25:43747] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|lollytalk.com\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "lollytalk.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "aeQlp9Ot1E3F7ZcWZdUt5wAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-19 00:22:51 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 45.154.138.25 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 45.154.138.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 18 20:22:45.839481 2026] [security2:error] [pid 325336:tid 325336] [client 45.154.138.25:48095] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|drlaurengardner.com\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "drlaurengardner.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "aeQgVZ4Pw84smykcU4veNQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-19 00:04:50 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 45.154.138.25 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 45.154.138.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 18 20:04:44.818380 2026] [security2:error] [pid 3798445:tid 3798445] [client 45.154.138.25:59261] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.weird.eco\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.weird.eco"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "aeQcHJyubLxAZqQvzUfmrQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-18 23:13:44 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 45.154.138.25 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 45.154.138.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 18 19:13:38.178784 2026] [security2:error] [pid 2768768:tid 2768768] [client 45.154.138.25:29767] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ridgecrestrealtors.com\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ridgecrestrealtors.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "aeQQIhClyjHEPZvkEB6YHwAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Sylvyon	2026-04-17 04:26:46 (1 month ago)	Triggered Cloudflare WAF (firewallCustom) from FR. Action: MANAGED_CHALLENGE \| Protocol: HTTP/1.1 (G ... show more Triggered Cloudflare WAF (firewallCustom) from FR. Action: MANAGED_CHALLENGE \| Protocol: HTTP/1.1 (GET) \| Endpoint: /vendor/phpunit/phpunit/phpunit.xsd \| UA: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 • Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-04-17 02:50:25 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 45.154.138.25 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 45.154.138.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 16 22:50:17.909173 2026] [security2:error] [pid 2718331:tid 2718331] [client 45.154.138.25:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|aslanhan.com\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "aslanhan.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "aeGf6ZA_KjopHTCmUzm8EgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 113 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2602:fb54:99c::

🇺🇸 216.218.206.85

🇻🇪 190.75.253.181

🇳🇵 111.119.34.103

🇧🇬 95.87.248.223

🇩🇪 69.5.169.37

🇨🇳 60.16.197.3

🇳🇱 20.224.168.82

🇺🇸 20.55.223.182

🇩🇪 193.124.20.226

🇵🇱 193.25.251.142

🇺🇸 143.42.0.20

🇰🇷 121.142.87.218

🇵🇭 119.92.70.82

🇫🇷 92.205.57.72

🇵🇱 87.251.64.145

🇳🇱 85.11.167.7

🇩🇪 69.5.169.90

🇩🇪 69.5.169.88

🇺🇸 66.132.186.253