JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 107.173.137.30

107.173.137.30 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 3%: ?

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	107-173-137-30-host.colocrossing.com
Domain Name	hostpapa.com
Country	🇺🇸 United States of America
City	Buffalo, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 107.173.137.30

Whois 107.173.137.30

IP Abuse Reports for 107.173.137.30:

This IP address has been reported a total of 16 times from 8 distinct sources. 107.173.137.30 was first reported on December 6th 2023, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇪 taivas.nl	2026-06-16 11:02:10 (1 week ago)	Fake_GoogleBot	Bad Web Bot SSH
🇺🇸 TPI-Abuse	2025-12-29 18:53:19 (5 months ago)	(mod_security) mod_security (id:211190) triggered by 107.173.137.30 (107-173-137-30-host.colocrossin ... show more (mod_security) mod_security (id:211190) triggered by 107.173.137.30 (107-173-137-30-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 13:53:12.006382 2025] [security2:error] [pid 22838:tid 22906] [client 107.173.137.30:58417] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|www.kettlehill.net\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /log_download.cgi?type=../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kettlehill.net"] [uri "/log_download.cgi"] [unique_id "aVLOGOHXaA_hkms52yN1kQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Alejandro Docasar	2024-11-28 11:52:39 (1 year ago)		Web App Attack
Anonymous	2024-11-28 06:29:42 (1 year ago)	107.173.137.30 - - [28/Nov/2024:07:29:41 +0100] "GET /wp-admin/admin-ajax.php?action=duplicator_down ... show more 107.173.137.30 - - [28/Nov/2024:07:29:41 +0100] "GET /wp-admin/admin-ajax.php?action=duplicator_download&file=..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd HTTP/1.1" 404 5458 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" ... show less	Hacking
🇺🇸 TPI-Abuse	2024-11-26 23:08:17 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 107.173.137.30 (107-173-137-30-host.colocrossin ... show more (mod_security) mod_security (id:211190) triggered by 107.173.137.30 (107-173-137-30-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 26 18:05:48.408941 2024] [security2:error] [pid 10475:tid 10520] [client 107.173.137.30:59219] [client 107.173.137.30] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|staging.kettlehill.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/wp-custom-pages/wp-download.php?url=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "staging.kettlehill.com"] [uri "/wp-content/plugins/wp-custom-pages/wp-download.php"] [unique_id "Z0ZUTKFCtxIMoG1O2rvpJgAAAVA"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 EGP Abuse Dept	2024-11-14 09:49:59 (1 year ago)	SQL injection attack	SQL Injection
🇺🇸 TPI-Abuse	2024-09-03 18:43:10 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 107.173.137.30 (107-173-137-30-host.colocrossin ... show more (mod_security) mod_security (id:210492) triggered by 107.173.137.30 (107-173-137-30-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 03 14:43:03.106166 2024] [security2:error] [pid 21084:tid 21084] [client 107.173.137.30:41109] [client 107.173.137.30] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.stdavids-media.com"] [uri "/wp-config.php"] [unique_id "ZtdYt1w5_BEcIMiEF8OjmgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-08-26 23:07:36 (1 year ago)	(mod_security) mod_security (id:212620) triggered by 107.173.137.30 (107-173-137-30-host.colocrossin ... show more (mod_security) mod_security (id:212620) triggered by 107.173.137.30 (107-173-137-30-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 26 19:05:18.061486 2024] [security2:error] [pid 532018:tid 532395] [client 107.173.137.30:34799] [client 107.173.137.30] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|kettlehill.kettlehill.com\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /?post_type=post&s=\\x22><script>alert(/2ldsmrgqgfcmzkhydefbptlb5kc/)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "kettlehill.kettlehill.com"] [uri "/"] [unique_id "Zs0KLi_p85EHRlaaQPghDAAAAFI"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 10dencehispahard SL	2024-05-08 07:00:43 (2 years ago)	Unauthorized login attempts []	Brute-Force
🇪🇸 10dencehispahard SL	2024-05-08 06:21:04 (2 years ago)	Web Attack	DDoS Attack Brute-Force Web App Attack
🇪🇸 10dencehispahard SL	2024-03-27 07:00:25 (2 years ago)	Unauthorized login attempts [ BI-16635]	Brute-Force
🇪🇸 10dencehispahard SL	2024-03-27 06:43:00 (2 years ago)	WP scan	Web App Attack
🇺🇸 TPI-Abuse	2024-01-26 05:15:46 (2 years ago)	(mod_security) mod_security (id:210492) triggered by 107.173.137.30 (107-173-137-30-host.colocrossin ... show more (mod_security) mod_security (id:210492) triggered by 107.173.137.30 (107-173-137-30-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 26 00:15:41.896495 2024] [security2:error] [pid 5233] [client 107.173.137.30:37713] [client 107.173.137.30] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.stdavids-media.com"] [uri "/.env.live"] [unique_id "ZbM__dc8FDkzoOCz-aM_jwAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2024-01-07 22:31:39 (2 years ago)	Common attack or app scan event detected and blocked	Port Scan Hacking Web App Attack
Anonymous	2024-01-04 08:45:07 (2 years ago)	\| XSS (Cross Site Scripting) attempt.	Hacking SQL Injection Web App Attack

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2001:470:1:fb5::13e

🇩🇪 216.26.244.141

🇩🇪 209.50.181.77

🇺🇸 205.210.31.51

🇹🇷 195.33.200.58

🇩🇪 139.59.212.230

🇩🇪 104.207.51.56

🇫🇷 85.217.140.45

🇹🇷 78.187.166.179

🇩🇪 65.111.22.141

🇺🇸 23.94.102.136

🇩🇪 216.26.243.88

🇧🇪 198.235.24.199

🇩🇪 194.187.176.119

🇺🇸 162.216.150.72

🇺🇸 161.35.232.200

🇺🇸 152.32.182.165

🇫🇮 147.185.133.16

🇺🇸 134.122.125.153

🇩🇪 104.207.53.22