JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 107.174.138.172

107.174.138.172 was found in our database!

This IP was reported 5,248 times. Confidence of Abuse is 0%: ?

ISP	VPS ACE
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	107-174-138-172-host.colocrossing.com
Domain Name	vpsace.com
Country	🇺🇸 United States of America
City	Buffalo, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 107.174.138.172

Whois 107.174.138.172

IP Abuse Reports for 107.174.138.172:

This IP address has been reported a total of 5,248 times from 822 distinct sources. 107.174.138.172 was first reported on December 8th 2021, and the most recent report was 1 year ago.

Old Reports: The most recent abuse report for this IP address is from 1 year ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2025-03-16 16:31:09 (1 year ago)	Failed login attempt detected by Fail2Ban in plesk-modsecurity jail	Exploited Host
🇩🇪 LRob.fr	2025-03-07 08:00:09 (1 year ago)	Repeated 403 errors, blocked by Fail2ban in custom-403 jail	Bad Web Bot
🇦🇺 oncord	2025-03-07 05:15:45 (1 year ago)	Form spam	Web Spam
🇺🇸 TPI-Abuse	2025-02-27 03:10:40 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 107.174.138.172 (107-174-138-172-host.colocross ... show more (mod_security) mod_security (id:210730) triggered by 107.174.138.172 (107-174-138-172-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 26 22:10:34.056194 2025] [security2:error] [pid 8494:tid 8520] [client 107.174.138.172:53312] [client 107.174.138.172] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ianajewellery.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ianajewellery.com"] [uri "/wp-content/mysql.sql"] [unique_id "Z7_XqrTqkoI2WIkAx7vpswAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-02-26 04:34:34 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 107.174.138.172 (107-174-138-172-host.colocross ... show more (mod_security) mod_security (id:210730) triggered by 107.174.138.172 (107-174-138-172-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 25 23:34:30.426530 2025] [security2:error] [pid 14221:tid 14221] [client 107.174.138.172:37292] [client 107.174.138.172] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kvaziri.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kvaziri.com"] [uri "/mysql.sql"] [unique_id "Z76Z1h_zYQllmx4qs7XYvgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-02-25 00:26:30 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 107.174.138.172 (107-174-138-172-host.colocross ... show more (mod_security) mod_security (id:210492) triggered by 107.174.138.172 (107-174-138-172-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 24 19:26:26.337197 2025] [security2:error] [pid 21332:tid 21332] [client 107.174.138.172:39868] [client 107.174.138.172] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hiddenmoosecorners.com"] [uri "/wp-config.phptmp"] [unique_id "Z70OMhgnt04XJa7NwUnc1QAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇿 unhfree.net	2025-02-20 07:22:49 (1 year ago)	Feb 20 04:26:35 canopus postfix/smtpd[1353620]: NOQUEUE: reject: RCPT from unknown[107.174.138.172]: ... show more Feb 20 04:26:35 canopus postfix/smtpd[1353620]: NOQUEUE: reject: RCPT from unknown[107.174.138.172]: 554 5.7.1 <[email protected]>: Recipient address rejected: Maximum 20 messages per 60 minutes limit reached; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<localhost> Feb 20 04:26:35 canopus postfix/smtpd[1353620]: NOQUEUE: reject: RCPT from unknown[107.174.138.172]: 554 5.7.1 <[email protected]>: Recipient address rejected: Maximum 20 messages per 60 minutes limit reached; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<localhost> Feb 20 04:26:35 canopus postfix/smtpd[1353620]: NOQUEUE: reject: RCPT from unknown[107.174.138.172]: 554 5.7.1 <[email protected]>: Recipient address rejected: Maximum 20 messages per 60 minutes limit reached; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<localhost> Feb 20 04:26:35 canopus postfix/smtpd[1353620]: NOQUEUE: reject: RCPT from unknown[107. ... show less	Brute-Force Exploited Host
🇺🇸 TPI-Abuse	2025-02-18 17:06:40 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 107.174.138.172 (107-174-138-172-host.colocross ... show more (mod_security) mod_security (id:210730) triggered by 107.174.138.172 (107-174-138-172-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 18 12:06:34.272396 2025] [security2:error] [pid 32218:tid 32218] [client 107.174.138.172:44542] [client 107.174.138.172] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.iaminnocent.net\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.iaminnocent.net"] [uri "/mysql.sql"] [unique_id "Z7S-GjbST-1cj4FK8Y9I6gAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 el-brujo	2025-02-15 23:03:00 (1 year ago)	DDoS Attack Layer 7 SilentBot	DDoS Attack
🇮🇹 Progetto1	2025-02-15 08:05:02 (1 year ago)	Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
🇷🇺 Alexandr Kulkov	2025-02-14 09:52:05 (1 year ago)	2025-02-14T16:52:02.643097+07:00 sz sshd[1500041]: pam_unix(sshd:auth): authentication failure; logn ... show more 2025-02-14T16:52:02.643097+07:00 sz sshd[1500041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.174.138.172 2025-02-14T16:52:04.476259+07:00 sz sshd[1500041]: Failed password for invalid user Zloyadmin from 107.174.138.172 port 40200 ssh2 ... show less	Brute-Force SSH
🇩🇪 niceshops.com	2025-02-05 09:44:36 (1 year ago)	Web Attack multi (Feb 25 10:44:35 Matching rules: Detect possible SQL injection - E.g. Waitfor .. D ... show more Web Attack multi (Feb 25 10:44:35 Matching rules: Detect possible SQL injection - E.g. Waitfor .. Delay ) show less	SQL Injection Brute-Force Bad Web Bot Web App Attack
🇫🇷 tecnicorioja	2025-02-04 23:01:15 (1 year ago)	(Mod_security) [04/Feb/2025:18:42:32.788221	Brute-Force Bad Web Bot Web App Attack
🇩🇪 David Ferneding	2025-01-27 19:40:28 (1 year ago)	Attempted fake-order-flood, 64986 requests from this ip in 4 min	Fraud Orders DDoS Attack Bad Web Bot
🇨🇿 unhfree.net	2025-01-22 08:16:21 (1 year ago)	Jan 22 07:47:54 canopus postfix/smtpd[1541072]: NOQUEUE: reject: RCPT from unknown[107.174.138.172]: ... show more Jan 22 07:47:54 canopus postfix/smtpd[1541072]: NOQUEUE: reject: RCPT from unknown[107.174.138.172]: 554 5.7.1 <[email protected]>: Recipient address rejected: Maximum 20 messages per 60 minutes limit reached; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<10.0.0.131> Jan 22 08:16:20 canopus postfix/smtpd[1542889]: NOQUEUE: reject: RCPT from unknown[107.174.138.172]: 554 5.7.1 <[email protected]>: Recipient address rejected: Maximum 20 messages per 60 minutes limit reached; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<10.0.0.132> Jan 22 08:32:36 canopus postfix/smtpd[1543650]: NOQUEUE: reject: RCPT from unknown[107.174.138.172]: 554 5.7.1 <[email protected]>: Recipient address rejected: Maximum 20 messages per 60 minutes limit reached; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<10.0.0.134> Jan 22 09:15:23 canopus postfix/smtpd[1546184]: NOQUEUE: reject: RCPT from unknown[107.174.138.172]: 554 5.7.1 < ... show less	Brute-Force Exploited Host

Showing 1 to 15 of 5248 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇩 2404:c0:9603:987b:31ec:5174:f2af:31e3

🇰🇷 222.110.147.58

🇬🇧 217.146.80.121

🇨🇳 120.79.220.105

🇹🇯 95.142.82.76

🇷🇴 89.33.239.221

🇺🇸 66.132.172.236

🇩🇪 64.226.126.224

🇩🇪 63.179.96.64

🇮🇳 43.204.110.170

🇩🇪 31.76.29.219

🇯🇵 13.231.177.238

🇦🇺 13.211.29.12

🇺🇸 3.215.16.71

🇦🇺 3.106.200.152

🇺🇸 135.237.124.6

🇺🇸 132.148.142.253

🇨🇳 118.80.62.7

🇨🇳 117.132.194.242

🇱🇻 81.30.98.49