JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 45.154.138.49

45.154.138.49 was found in our database!

This IP was reported 139 times. Confidence of Abuse is 41%: ?

41%

ISP	VPN Consumer Marseille, France
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	vpnconsumer.com
Country	🇫🇷 France
City	Marseille, Provence-Alpes-Cote d'Azur

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 45.154.138.49

Whois 45.154.138.49

IP Abuse Reports for 45.154.138.49:

This IP address has been reported a total of 139 times from 68 distinct sources. 45.154.138.49 was first reported on February 3rd 2023, and the most recent report was 6 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇷🇺 sms.ru	2026-06-07 14:13:08 (6 days ago)	/wp-admin/js/load.php	Web App Attack
🇫🇷 Octopuce	2026-06-07 03:47:22 (1 week ago)	Aggressive web search of vulnerable pages: /wp-admin/maint/bootstrap.php /themes/zMousse/otuz1.php / ... show more Aggressive web search of vulnerable pages: /wp-admin/maint/bootstrap.php /themes/zMousse/otuz1.php /wp-content/edit-wolf.php /wp-content/plugin ... show less	Web App Attack
🇫🇷 dynamix	2026-06-07 00:30:05 (1 week ago)	Multiple WAF Violations	Web App Attack
🇩🇪 Ba-Yu	2026-06-05 05:07:22 (1 week ago)	WordPress hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack
🇳🇱 Mangelot Hosting	2026-06-04 20:53:57 (1 week ago)	(upload_shell) srv102 Shell upload 45.154.138.49 (FR/France/-): 1 in the last 3600 secs; Ports: ; D ... show more (upload_shell) srv102 Shell upload 45.154.138.49 (FR/France/-): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
🇱🇻 garmtech.com	2026-05-30 21:38:16 (2 weeks ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 00-38.45.154.138.49.web-spamme ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 00-38.45.154.138.49.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack
🇺🇸 mnsf	2026-05-07 01:05:33 (1 month ago)	Too many Status 40X (12)	Brute-Force Web App Attack
🇺🇸 mnsf	2026-05-06 00:05:19 (1 month ago)	Too many Status 40X (11)	Brute-Force Web App Attack
🇺🇸 mnsf	2026-04-30 01:05:05 (1 month ago)	Too many Status 40X (11)	Brute-Force Web App Attack
🇺🇦 URAN Publishing Service	2026-04-29 22:51:14 (1 month ago)	45.154.138.49 - - [30/Apr/2026:01:51:13 +0300] "GET /wp-content/themes/twentytwentyfour/patterns/fil ... show more 45.154.138.49 - - [30/Apr/2026:01:51:13 +0300] "GET /wp-content/themes/twentytwentyfour/patterns/file.php HTTP/1.1" 404 708 "-" "Go-http-client/1.1" 45.154.138.49 - - [30/Apr/2026:01:51:14 +0300] "GET /wp-content/themes/twentytwentytwo/assets/fonts/index.php HTTP/1.1" 404 708 "-" "Go-http-client/1.1" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-04-19 01:05:49 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 45.154.138.49 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 45.154.138.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 18 21:05:41.682412 2026] [security2:error] [pid 6721:tid 6721] [client 45.154.138.49:62459] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|demodextreatments.com\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "demodextreatments.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "aeQqZUves8hvlKdVJjBQKwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-19 00:45:15 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 45.154.138.49 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 45.154.138.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 18 20:45:01.319258 2026] [security2:error] [pid 17551:tid 17551] [client 45.154.138.49:24933] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|messengersforchrist.charity\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "messengersforchrist.charity"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "aeQljT7IiBITA-KKvBV_5gAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-19 00:29:50 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 45.154.138.49 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 45.154.138.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 18 20:29:44.322157 2026] [security2:error] [pid 1213575:tid 1213575] [client 45.154.138.49:38451] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|aquascapes.net\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "aquascapes.net"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "aeQh-Ke4JcOVPvb5MEXX7AAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-19 00:04:45 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 45.154.138.49 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 45.154.138.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 18 20:04:39.787841 2026] [security2:error] [pid 3798424:tid 3798424] [client 45.154.138.49:57497] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|weird.eco\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "weird.eco"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "aeQcF6NThJM28SoWoQsBZAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Oakley	2026-04-08 14:17:52 (2 months ago)	(mod_security) mod_security (id:900191) triggered by 45.154.138.49 (FR/France/-): 5 in the last 900 ... show more (mod_security) mod_security (id:900191) triggered by 45.154.138.49 (FR/France/-): 5 in the last 900 secs show less	Web App Attack Hacking

Showing 1 to 15 of 139 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 192.3.206.66

🇮🇩 157.15.40.86

🇸🇬 103.189.235.176

🇲🇽 38.22.170.10

🇬🇧 217.146.80.122

🇩🇪 213.209.159.11

🇹🇼 210.64.103.139

🇲🇽 189.203.190.153

🇻🇳 103.118.28.17

🇳🇱 93.123.109.114

🇩🇪 69.5.169.126

🇳🇱 45.148.10.151

🇺🇸 45.92.229.91

🇮🇩 43.157.224.34

🇺🇸 43.153.12.68

🇰🇪 41.60.144.137

🇬🇧 37.10.113.221

🇨🇱 34.176.222.245

🇧🇷 34.95.229.189

🇺🇸 18.205.63.110