JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.245.102.21

172.245.102.21 was found in our database!

This IP was reported 224 times. Confidence of Abuse is 40%: ?

40%

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Hostname(s)	172-245-102-21-host.colocrossing.com
Domain Name	hostpapa.com
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.245.102.21

Whois 172.245.102.21

IP Abuse Reports for 172.245.102.21:

This IP address has been reported a total of 224 times from 99 distinct sources. 172.245.102.21 was first reported on July 15th 2024, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Baking333	2026-06-21 21:31:16 (1 day ago)	[redacted] 172.245.102.21 - - [21/Jun/2026:22:31:12 +0100] "GET /[redacted] HTTP/1.1" 302 6773 0/171 ... show more [redacted] 172.245.102.21 - - [21/Jun/2026:22:31:12 +0100] "GET /[redacted] HTTP/1.1" 302 6773 0/171698 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; rv:143.0) Gecko/20100101 Firefox/143.0" [redacted] 172.245.102.21 - - [21/Jun/2026:22:31:13 +0100] "GET /wp-admin/ HTTP/1.1" 301 612 0/1727 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; rv:143.0) Gecko/20100101 Firefox/143.0" show less	Bad Web Bot Web App Attack
Anonymous	2026-06-21 04:09:22 (1 day ago)	Web attack	Bad Web Bot Web App Attack
🇬🇷 setupgr	2026-06-16 21:04:32 (6 days ago)	(mod_security) mod_security (id:900001) triggered by 172.245.102.21: 1 in the last 86400 secs; Ports ... show more (mod_security) mod_security (id:900001) triggered by 172.245.102.21: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Wed Jun 17 00:04:30.612903 2026] [security2:error] [pid 2210293:tid 2210405] [client 172.245.102.21:52349] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|sea-sound\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "75"] [id "900001"] [msg "Blocked WP Login attempt on domain: doityourself.gr"] [severity "CRITICAL"] [tag "security"] [hostname "doityourself.gr"] [uri "/wp-login.php"] [unique_id "ajG6XtMtn8QwdXQy9m6XJAAAAVA"] show less	Port Scan
🇩🇪 rh24	2026-06-05 08:02:50 (2 weeks ago)	(xmlrpc_405) XMLRPC-Bot 405 172.245.102.21 (US/United States/172-245-102-21-host.colocrossing.com)	Hacking
🇩🇪 FeG Deutschland	2026-05-26 17:31:21 (3 weeks ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-05-25 03:10:02 (4 weeks ago)	(mod_security) mod_security (id:240000) triggered by 172.245.102.21 (172-245-102-21-host.colocrossin ... show more (mod_security) mod_security (id:240000) triggered by 172.245.102.21 (172-245-102-21-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 24 23:09:56.038384 2026] [security2:error] [pid 21159:tid 21159] [client 172.245.102.21:23293] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "87"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder\|\|cynosureservices.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "cynosureservices.net"] [uri "/images/stories/themes.php"] [unique_id "ahO9hJ2IOXd3t_g8dHC1ygAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Octopuce	2026-05-24 20:22:11 (4 weeks ago)	Aggressive web search of vulnerable pages: /wp-login.php /bless.php /O-Simple.php /lock360.php /zwso ... show more Aggressive web search of vulnerable pages: /wp-login.php /bless.php /O-Simple.php /lock360.php /zwso.php /chosen.php /about.php /admin.php /mah ... show less	Web App Attack
🇺🇸 WellSpring	2026-05-12 15:02:53 (1 month ago)	xmlrpc exploit on 781.today/xmlrpc.php — WellSpr.ing/NetSentinel civic-AI security layer	Brute-Force Web App Attack
🇺🇸 factor1	2026-05-07 11:07:36 (1 month ago)	Fail2ban at saturn Reports Abuse.	Brute-Force Web App Attack
Anonymous	2026-05-01 21:06:44 (1 month ago)	Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: US, Attack patterns: Word ... show more Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: US, Attack patterns: WordPress scanning, Webshell probing, Backup file probing show less	Bad Web Bot Web App Attack
🇺🇦 URAN Publishing Service	2026-05-01 07:32:27 (1 month ago)	172.245.102.21 - - [01/May/2026:10:32:24 +0300] "GET /amax.php HTTP/1.1" 404 708 "-" "Mozilla/5.0 (W ... show more 172.245.102.21 - - [01/May/2026:10:32:24 +0300] "GET /amax.php HTTP/1.1" 404 708 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0" 172.245.102.21 - - [01/May/2026:10:32:25 +0300] "GET /wp-content/hello.php HTTP/1.1" 404 708 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36" ... show less	Web App Attack
Anonymous	2026-04-30 20:07:45 (1 month ago)	Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: US, Attack patterns: Word ... show more Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: US, Attack patterns: WordPress scanning, Webshell probing, Backup file probing show less	Bad Web Bot Web App Attack
Anonymous	2026-04-23 20:45:41 (1 month ago)	"POST /wp-login.php HTTP/1.1"	Hacking Web App Attack
🇮🇩 Burayot	2026-04-22 09:51:45 (2 months ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 172.245.102.21 (US/United States/17 ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 172.245.102.21 (US/United States/172-245-102-21-host.colocrossing.com): 1 in the last 3600 secs show less	Web App Attack
🇺🇸 nyt	2026-04-21 13:42:37 (2 months ago)	WP Author Enumeration, WP User Enumeration	Web App Attack

Showing 1 to 15 of 224 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 182.119.225.136

🇺🇸 173.255.221.189

🇩🇪 151.243.11.37

🇸🇬 101.47.163.243

🇷🇴 92.118.39.228

🇱🇻 81.30.98.158

🇨🇳 36.135.62.97

🇺🇸 20.64.104.44

🇺🇸 20.29.90.34

🇧🇷 187.120.73.228

🇳🇱 185.28.37.194

🇮🇩 182.8.89.29

🇫🇮 147.185.133.105

🇮🇳 103.123.53.88

🇫🇷 91.231.89.162

🇺🇸 91.230.168.29

🇮🇳 49.43.226.79

🇭🇺 217.112.138.177

🇰🇷 211.46.188.16

🇬🇧 193.163.125.249