JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 157.22.17.148

157.22.17.148 was found in our database!

This IP was reported 7 times. Confidence of Abuse is 23%: ?

23%

ISP	Global Transit Systems LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS213954
Domain Name	globaltransitsystems.online
Country	🇫🇮 Finland
City	Helsinki, Uusimaa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 157.22.17.148

Whois 157.22.17.148

IP Abuse Reports for 157.22.17.148:

This IP address has been reported a total of 7 times from 6 distinct sources. 157.22.17.148 was first reported on January 1st 2026, and the most recent report was 19 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TRoden	2026-06-14 13:47:31 (19 hours ago)	Geo Block Plugin: Escalation flag(s): rce_attempt	Hacking
🇪🇸 librebit	2026-06-13 01:58:11 (2 days ago)	Brute force	Brute-Force
🇫🇷 tilellit.pro	2026-06-11 06:17:26 (4 days ago)	Fail2Ban banned 157.22.17.148 for security violations in jail wp-armour. Log: 2026/06/11 06:17:26 [e ... show more Fail2Ban banned 157.22.17.148 for security violations in jail wp-armour. Log: 2026/06/11 06:17:26 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 157.22.17.148 \| Target: wplogin" , client: 157.22.17.148, server: [REDACTED], request: "POST /wp-login.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED], referrer: "https://comerciogallego.es/wp-login.php" ... show less	Web Spam
🇺🇸 TPI-Abuse	2026-04-23 00:07:09 (1 month ago)	(mod_security) mod_security (id:210350) triggered by 157.22.17.148 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 157.22.17.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 22 20:07:01.301244 2026] [security2:error] [pid 27382:tid 27382] [client 157.22.17.148:39401] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|a1laha.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "a1laha.com"] [uri "/"] [unique_id "aelipbtMPUeq8arSE6zuQgAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 www.winos.me	2026-02-26 17:29:34 (3 months ago)	Banned due to high error rate on HTTP/1.1 protocol	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-01-14 09:47:58 (5 months ago)	(mod_security) mod_security (id:210350) triggered by 157.22.17.148 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 157.22.17.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 14 04:47:51.058706 2026] [security2:error] [pid 2646:tid 2646] [client 157.22.17.148:53431] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|babylontravelone.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "babylontravelone.com"] [uri "/"] [unique_id "aWdmRxO5u4e3yhaUrY-s1AAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Audir8 \| RRHosting	2026-01-01 23:59:17 (5 months ago)	Triggered Cloudflare WAF (firewallCustom) from FI. Action taken: BLOCK Protocol: HTTP/2 (GET method) ... show more Triggered Cloudflare WAF (firewallCustom) from FI. Action taken: BLOCK Protocol: HTTP/2 (GET method) Endpoint: /auth/login UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:142.0) Gecko/20100101 Firefox/142.0 This report is using Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot

Showing 1 to 7 of 7 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇴 193.32.162.16

🇩🇪 176.65.132.149

🇮🇳 163.227.190.6

🇺🇸 136.112.76.248

🇮🇳 135.13.28.35

🇨🇳 112.31.167.120

🇫🇷 92.184.102.185

🇳🇱 45.148.10.151

🇳🇱 45.142.193.131

🇱🇾 41.254.74.132

🇺🇸 2607:f8b0:4864:20::350

🇧🇴 200.105.167.197

🇲🇽 187.191.48.24

🇺🇸 178.128.1.119

🇬🇧 157.245.44.236

🇵🇰 103.164.9.74

🇬🇧 94.46.187.45

🇮🇷 93.118.112.68

🇪🇸 88.19.233.65

🇸🇬 85.203.23.36