JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 67.227.113.154

67.227.113.154 was found in our database!

This IP was reported 11 times. Confidence of Abuse is 13%: ?

13%

ISP	code200 UAB
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13332
Hostname(s)	67.227.113.154.rdns.ColocationAmerica.com
Domain Name	code200.global
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 67.227.113.154

Whois 67.227.113.154

IP Abuse Reports for 67.227.113.154:

This IP address has been reported a total of 11 times from 6 distinct sources. 67.227.113.154 was first reported on November 22nd 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-05-27 22:43:55 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 67.227.113.154 (67.227.113.154.rdns.ColocationA ... show more (mod_security) mod_security (id:210730) triggered by 67.227.113.154 (67.227.113.154.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 18:43:31.576500 2026] [security2:error] [pid 11335:tid 11335] [client 67.227.113.154:54559] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|m.gatheringsattheschool.com\|F\|2"] [data ".tfstate.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "m.gatheringsattheschool.com"] [uri "/terraform.tfstate.backup"] [unique_id "ahdzk-sH0RCz1NMWHlNWIgAAAAE"], referer: https://www.google.com/search?q=m.gatheringsattheschool.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 15:42:28 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 67.227.113.154 (67.227.113.154.rdns.ColocationA ... show more (mod_security) mod_security (id:210492) triggered by 67.227.113.154 (67.227.113.154.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 11:42:20.569896 2026] [security2:error] [pid 13823:tid 13823] [client 67.227.113.154:33255] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fritsknuf.com"] [uri "/.env.dev"] [unique_id "ahcQ3PfAaDzrbnDXoxCIZAAAAE4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 00:25:06 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 67.227.113.154 (67.227.113.154.rdns.ColocationA ... show more (mod_security) mod_security (id:210492) triggered by 67.227.113.154 (67.227.113.154.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 20:24:57.230875 2026] [security2:error] [pid 10735:tid 10735] [client 67.227.113.154:48797] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.notify.ev.alitcogroup.com"] [uri "/wp-config.php"] [unique_id "ahY52clwRl2VZZPq8tGcXQAAAAc"], referer: https://www.google.com/search?q=www.notify.ev.alitcogroup.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 18:16:06 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 67.227.113.154 (67.227.113.154.rdns.ColocationA ... show more (mod_security) mod_security (id:210492) triggered by 67.227.113.154 (67.227.113.154.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 14:12:54.210970 2026] [security2:error] [pid 6421:tid 6421] [client 67.227.113.154:46585] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.mountararattrek.com.amybeam.com"] [uri "/.env.development.local"] [unique_id "ahXipk-7_Az4iChhfgQvLAAAAAM"], referer: https://www.google.com/search?q=www.mountararattrek.com.amybeam.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 17:11:28 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 67.227.113.154 (67.227.113.154.rdns.ColocationA ... show more (mod_security) mod_security (id:210492) triggered by 67.227.113.154 (67.227.113.154.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 13:11:19.524860 2026] [security2:error] [pid 20375:tid 20375] [client 67.227.113.154:33029] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "railfairofseo.com"] [uri "/.env.dev"] [unique_id "ahXUN_2CyYvQZL7N2pT84QAAABc"], referer: https://www.google.com/search?q=railfairofseo.com show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 4server	2026-05-26 17:06:03 (1 week ago)	[TueMay2619:05:56.5114372026][security2:error][pid2832562:tid2832759][client67.227.113.154:0]ModSecu ... show more [TueMay2619:05:56.5114372026][security2:error][pid2832562:tid2832759][client67.227.113.154:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"364\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"www.cybertelgroup.com.81-17-25-250.cpanel.site\"][uri\"/.env.development\"][unique_id\"ahXS9EM_3Lw1w5tfiBPK2QAAAI4\"]\,referer:https://www.google.com/search\?q=www.cybertelgroup.com.81-17-25-250.cpanel.site show less	Hacking Web App Attack
Anonymous	2026-01-24 16:57:50 (4 months ago)	Malicious activity detected	Hacking Web App Attack
Anonymous	2024-11-27 04:10:11 (1 year ago)	\| A web attack returned code 200 (success).	Hacking SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2024-11-26 23:26:25 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 67.227.113.154 (67.227.113.154.rdns.ColocationA ... show more (mod_security) mod_security (id:211190) triggered by 67.227.113.154 (67.227.113.154.rdns.ColocationAmerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 26 18:25:52.857833 2024] [security2:error] [pid 14716:tid 14991] [client 67.227.113.154:33579] [client 67.227.113.154] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|www.kettlehill.net\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /install/lib/ajaxHandlers/ajaxServerSettingsChk.php?rootUname=%3b%63%61%74%20%2f%65%74%63%2f%70%61%73%73%77%64%20%23"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kettlehill.net"] [uri "/install/lib/ajaxHandlers/ajaxServerSettingsChk.php"] [unique_id "Z0ZZAAhXN1-tm_FGp0dg7gAAANY"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Alejandro Docasar	2024-11-26 18:11:51 (1 year ago)		Web App Attack
🇩🇪 dayda.net	2024-11-22 03:48:40 (1 year ago)	query: rest_route=/wp/v2/users	Bad Web Bot

Showing 1 to 11 of 11 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇩 2a02:4780:6:2083:0:c85:59df:1

🇺🇸 212.46.142.168

🇨🇴 181.51.91.63

🇮🇳 163.223.190.221

🇧🇩 161.248.50.213

🇵🇰 119.154.238.148

🇫🇷 92.103.134.183

🇴🇲 85.154.5.253

🇳🇱 45.148.10.152

🇮🇳 14.194.125.58

🇬🇧 195.96.139.91

🇧🇷 191.249.45.24

🇸🇮 176.65.134.3

🇩🇪 165.227.170.113

🇻🇳 103.63.108.25

🇺🇸 35.237.110.89

🇳🇱 34.147.38.136

🇺🇸 34.138.42.139

🇧🇷 34.95.203.156

🇻🇳 2405:4802:2237:af80:ce0:10ff:fe03:fbf4