JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 78.138.16.242

78.138.16.242 was found in our database!

This IP was reported 36 times. Confidence of Abuse is 3%: ?

ISP	truview LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS133499
Domain Name	truviewllc.com
Country	🇦🇺 Australia
City	Melbourne, Victoria

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 78.138.16.242

Whois 78.138.16.242

IP Abuse Reports for 78.138.16.242:

This IP address has been reported a total of 36 times from 6 distinct sources. 78.138.16.242 was first reported on February 5th 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-01 02:06:34 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 78.138.16.242 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 78.138.16.242 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 22:06:30.450747 2026] [security2:error] [pid 7577:tid 7692] [client 78.138.16.242:41969] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kettlehill.net\|F\|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.net"] [uri "/www.key"] [unique_id "ahzpJo6nP6TlQzUBlJvP3wAAAM8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-01 20:06:42 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 78.138.16.242 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 78.138.16.242 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 01 15:06:36.506268 2026] [security2:error] [pid 32106:tid 32133] [client 78.138.16.242:34801] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.staging.kettlehill.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.staging.kettlehill.com"] [uri "/data.sql"] [unique_id "aaScTMyHAVRioPijSO9xrQAAANY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-01 07:11:45 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 78.138.16.242 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 78.138.16.242 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 02:11:40.081778 2025] [security2:error] [pid 8488:tid 8563] [client 78.138.16.242:33395] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kettlehill.com"] [uri "/_.htaccess"] [unique_id "aS0_rNZHHfu_5jcVG6ptxAAAAYg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-10-02 20:24:15 (8 months ago)	Blocked: Reason='Vulnerability probing — PHP scan detected (26/60 min)'; Requests=26	Port Scan
🇺🇸 TPI-Abuse	2025-10-01 15:35:11 (8 months ago)	(mod_security) mod_security (id:212750) triggered by 78.138.16.242 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:212750) triggered by 78.138.16.242 (-): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 11:34:53.068532 2025] [security2:error] [pid 30035:tid 30052] [client 78.138.16.242:35179] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bon(?:abort\|blur\|change\|click\|dblclick\|dragdrop\|error\|focus\|keydown\|keypress\|keyup\|load\|mouse(?:down\|move\|out\|over\|up)\|move\|readystatechange\|reset\|resize\|select\|submit\|unload)\\\\b[^a-zA-Z0-9_]{0,}?=" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "69"] [id "212750"] [rev "3"] [msg "COMODO WAF: XSS Attack Detected\|\|ftp.kettlehill.com\|F\|2"] [data "Matched Data: onfocus= found within REQUEST_URI: /tour-list/?keywords=<input/autofocus/%0d/onfocus=alert(123);>&start_date=xxxxxxxxxxxx&avaibility=13"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "ftp.kettlehill.com"] [uri "/tour-list/"] [unique_id "aN1KHUIIbSaCPuPKh5hfgQAAAEw"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-08-21 01:36:07 (9 months ago)	Web Scanning Attack to Multiple Domain	DDoS Attack Ping of Death Web Spam SQL Injection
🇸🇬 raramos	2025-08-07 19:00:07 (10 months ago)	[SMB remote code execution attempt: port tcp/445] in blocklist.de:'listed [pop3]' in SpamCop:'listed ... show more [SMB remote code execution attempt: port tcp/445] in blocklist.de:'listed [pop3]' in SpamCop:'listed' in sorbs:'listed [web], [spam]' in Unsubscore:'listed' *(RWIN=8192)(04:10) show less	Web Spam Email Spam Port Scan Hacking Brute-Force Web App Attack
Anonymous	2025-07-02 00:38:29 (11 months ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2025-06-06 14:20:03 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2025-06-02 00:12:22 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 78.138.16.242 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 78.138.16.242 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 20:12:18.359107 2025] [security2:error] [pid 3432277:tid 3432277] [client 78.138.16.242:36829] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.nbcnewsradio.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.nbcnewsradio.com"] [uri "/error/error.log"] [unique_id "aDzsYoae1SAvRwEM3aQWKgAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-05-27 23:54:15 (1 year ago)	Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
Anonymous	2025-05-27 07:30:12 (1 year ago)	Web Scanning Attack to Multiple Domain	DDoS Attack Ping of Death Web Spam SQL Injection
Anonymous	2025-05-27 03:19:22 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2025-05-01 20:23:13 (1 year ago)	Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
Anonymous	2025-04-24 01:25:37 (1 year ago)	Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH

Showing 1 to 15 of 36 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 34.174.162.143

🇺🇸 216.25.89.77

🇺🇸 147.185.132.100

🇮🇩 103.166.10.244

🇳🇱 45.148.10.151

🇬🇧 45.82.76.126

🇨🇦 34.130.152.148

🇰🇷 34.64.228.157

🇺🇸 34.22.43.255

🇷🇺 2a09:bac1:61a1:6888::9e:2b

🇦🇷 190.106.40.41

🇵🇭 154.18.197.35

🇧🇷 138.122.155.161

🇫🇷 62.210.209.225

🇺🇸 20.168.152.60

🇬🇧 8.208.10.94

🇺🇸 209.222.101.54

🇧🇷 187.89.95.219

🇺🇦 95.158.29.196

🇳🇱 45.153.34.112