Dashboard›🇺🇸 United States›38.154.129.103

THREAT REPORT

IP Threat Report
38.154.129.103

ABUSE.MOM — BEHAVE OR GET EXPOSED

Generated: 2026-05-22 12:53:36

First seen: 2026-03-05 17:00:04

Last seen: 2026-03-05 17:00:04

Geolocation & Classification

IP Address

38.154.129.103

Type

Hosting

Country

🇺🇸 United States

City

Buffalo

ISP

B2 Net Solutions Inc.

Organization

ServerMania Inc

Autonomous System

AS55286 B2 Net Solutions Inc.

Hit Count

Detection Signatures

Signature	Description	Points
Danger medium hits: 4	Medium-risk: admin panels, config files	+40
Probe pattern 302->404 same path	Behavioral anomaly detected by automated analysis	+20
Foreign referer seen	Referer from unrelated external domain	+10

Σ = 70

Observed Activity

Reconstructed HTTP requests from server access logs. Target domains redacted for security.

[redacted]

GET

200

Requests shown: 1 · HTTP 404: 0 · Dangerous patterns: 0

* Typical request patterns for detected signatures. Actual target domains are redacted.

Timeline

2026-03-05 17:00:04

First malicious request detected

IP entered monitoring from server access logs

During observation

Multiple detection signatures triggered

Danger medium hits: 4 (+40), Probe pattern 302->404 same path (+20), Foreign referer seen (+10)

2026-03-05 17:00:04

Last malicious request observed

Total score reached: 70/100

Next cycle

IP blocked — all subsequent requests denied (HTTP 403)

Added to blocklist automatically

Network Provider

B2 Net Solutions Inc.

AS55286 · 🇺🇸 United States

Recommendations

Actions taken & recommended

IP 38.154.129.103 is blocked at application level (HTTP 403)
Consider blocking at firewall level (iptables/CSF) to reduce server load
Report abuse to the network provider via their abuse contact
Ensure sensitive files (.env, .git, backups) are not accessible from the web

🔎 Directory Scan Defense

IP 38.154.129.103 is enumerating directories. Configure fail2ban apache-404 jail after 10+ 404 errors. Disable directory listings. Normalize all 404 responses.

Open Ports & Services

Network reconnaissance data from Shodan. Open ports may indicate running services, misconfigurations, or potential attack surfaces.

OPEN PORTS (5)

Port	Service	Risk	Description
80	HTTP	Low	HTTP web server — standard web traffic
3128	Unknown	Low	Service on port 3128
8000	Unknown	Low	Service on port 8000
8080	HTTP-Alt	Low	HTTP alternative port — often used for admin panels or proxies
8800	Unknown	Low	Service on port 8800

KNOWN VULNERABILITIES (CVE) (74)

CVE ID	Link
CVE-2013-0189	NVD →
CVE-2023-49285	NVD →
CVE-2020-15811	NVD →
CVE-2021-31807	NVD →
CVE-2020-24606	NVD →
CVE-2021-31808	NVD →
CVE-2016-2570	NVD →
CVE-2020-11945	NVD →
CVE-2016-2571	NVD →
CVE-2020-8449	NVD →
CVE-2011-3205	NVD →
CVE-2019-12528	NVD →
CVE-2025-54574	NVD →
CVE-2020-8450	NVD →
CVE-2023-50269	NVD →
CVE-2019-12529	NVD →
CVE-2016-4051	NVD →
CVE-2016-2569	NVD →
CVE-2020-15049	NVD →
CVE-2014-6270	NVD →
CVE-2024-25617	NVD →
CVE-2011-4096	NVD →
CVE-2020-15810	NVD →
CVE-2025-59362	NVD →
CVE-2016-4553	NVD →

+49 more

🔴 This host has 74 known CVEs associated with its exposed services. This volume strongly suggests severely outdated software. Review each CVE in the NVD database.

DETECTED TECHNOLOGIES

squid-cache:squid:3.1.9

Data source: Shodan InternetDB. Scanned independently of abuse.mom.

Blacklist Status (DNSBL)

This IP was checked against major DNS-based blacklists used by mail servers and firewalls worldwide.

✓ Clean

Spamhaus ZEN

Checked: Spamhaus, SpamCop, Barracuda, SORBS, CBL, UCEProtect. Results may change over time.

Threat Analysis

38.154.129.103 has been assigned a threat score of 70/100 (High). This classifies it as a high-severity threat. Proactive blocking is recommended for sensitive infrastructure.

The following attack categories were identified:

Path Enumeration

📊 Threat Analysis

38.154.129.103 is registered in Buffalo, United States, operating on the network of B2 Net Solutions Inc.. This IP first appeared in our threat feeds after triggering multiple behavioral detection signatures. During its 1-day observation window, we recorded 1 hostile requests from this IP — roughly 1 per day on average. Operating from datacenter infrastructure, this IP is typical of addresses used in organized attack operations. Cloud and VPS providers are commonly exploited as launching platforms for automated scanning. Active path scanning has been detected — this IP probes for hundreds of common file and directory names. Our records show 180 malicious IPs originating from United States, positioning it as a significant contributor to global threat activity. A threat score of 70/100 places this IP in the high-risk category. Blocking at the firewall level is recommended.

This IP belongs to a hosting or data center provider. Malicious traffic from hosting infrastructure often originates from compromised VPS instances, rented servers used for scanning campaigns, or abused free-tier cloud accounts. Hosting providers typically respond to abuse reports within 24-72 hours.

Related Threats

🇺🇸 Top threats from United States

104.28.246.115 (350)104.28.246.113 (340)104.28.246.116 (340)104.28.235.58 (340)104.28.246.122 (340)View all →

🏢 Same network: AS55286

209.127.35.3 (215)198.245.73.112 (165)38.154.148.183 (165)192.186.172.180 (140)198.154.89.196 (140)View all →

Security Intelligence

💡 Cross-Site Scripting (XSS) Attacks

XSS attacks inject malicious scripts into web pages viewed by other users. Reflected XSS uses crafted URLs, while stored XSS persists in databases. Both types can steal session cookies, redirect users, or deface websites.

💡 Threat Intelligence Sharing Frameworks

Standards like STIX/TAXII, MISP, and OpenIOC enable automated sharing of threat intelligence between organizations. Collective defense through shared indicators, tactics, and procedures strengthens the entire security community against common threats.

🔍 Check Any IP Address

Share this report:

IP Threat Report38.154.129.103

⛔ Verdict: BLOCK