JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.245.157.113

172.245.157.113 was found in our database!

This IP was reported 22 times. Confidence of Abuse is 0%: ?

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	172-245-157-113-host.colocrossing.com
Domain Name	hostpapa.com
Country	🇺🇸 United States of America
City	Buffalo, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.245.157.113

Whois 172.245.157.113

IP Abuse Reports for 172.245.157.113:

This IP address has been reported a total of 22 times from 8 distinct sources. 172.245.157.113 was first reported on October 30th 2023, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-01-17 05:54:57 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 172.245.157.113 (172-245-157-113-host.colocross ... show more (mod_security) mod_security (id:210492) triggered by 172.245.157.113 (172-245-157-113-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 00:54:51.689116 2026] [security2:error] [pid 16888:tid 16888] [client 172.245.157.113:41203] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/.env.production.local"] [unique_id "aWskK02xfZncLR0rLfkpJQAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 18:39:32 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 172.245.157.113 (172-245-157-113-host.colocross ... show more (mod_security) mod_security (id:210492) triggered by 172.245.157.113 (172-245-157-113-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 13:39:25.716347 2025] [security2:error] [pid 22839:tid 22968] [client 172.245.157.113:53607] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.kettlehill.com"] [uri "/.svn/wc.db"] [unique_id "aVLK3ahQT-NrkrxX7z3BxAAAAEg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-09-05 11:20:40 (9 months ago)	Malicious activity detected	Hacking Brute-Force
🇺🇸 TPI-Abuse	2025-08-31 03:55:50 (9 months ago)	(mod_security) mod_security (id:210492) triggered by 172.245.157.113 (172-245-157-113-host.colocross ... show more (mod_security) mod_security (id:210492) triggered by 172.245.157.113 (172-245-157-113-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 30 23:55:43.356632 2025] [security2:error] [pid 2584576:tid 2584595] [client 172.245.157.113:55525] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.kettlehill.com"] [uri "/wp-content/plugins/simple-file-list/includes/ee-downloader.php"] [unique_id "aLPHv-OXcQz79Z5PtQjcAQAAAJE"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Alejandro Docasar	2024-11-28 11:58:29 (1 year ago)		Web App Attack
🇩🇪 ps-center	2024-11-27 08:03:30 (1 year ago)	SS1: Web Attack GET /.../.../.../.../.../.../.../.../.../etc/passwd	Web Spam Hacking Bad Web Bot Web App Attack
🇩🇪 ps-center	2024-11-27 03:05:41 (1 year ago)	SS1: Web Attack GET /admin/errors.log	Web Spam Hacking Bad Web Bot Web App Attack
🇩🇪 dayda.net	2024-11-22 04:10:32 (1 year ago)	url=http://0177.0.0.1/server-status	Bad Web Bot
🇺🇸 TPI-Abuse	2024-10-27 02:38:22 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 172.245.157.113 (172-245-157-113-host.colocross ... show more (mod_security) mod_security (id:211190) triggered by 172.245.157.113 (172-245-157-113-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 26 22:37:54.727337 2024] [security2:error] [pid 13008:tid 13125] [client 172.245.157.113:36995] [client 172.245.157.113] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|autodiscover.kettlehill.net\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/usc-e-shop/functions/content-log.php?logfile=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.kettlehill.net"] [uri "/wp-content/plugins/usc-e-shop/functions/content-log.php"] [unique_id "Zx2ngp3t9n-ZbyO007y3aQAAAVI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-07-27 20:25:26 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 172.245.157.113 (172-245-157-113-host.colocross ... show more (mod_security) mod_security (id:210492) triggered by 172.245.157.113 (172-245-157-113-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 27 16:24:20.629652 2024] [security2:error] [pid 22440:tid 22488] [client 172.245.157.113:35487] [client 172.245.157.113] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.kettlehill.com"] [uri "/media../.git/config"] [unique_id "ZqVXdBUtUDUbeeZ7GhUXyQAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ps-center	2024-07-16 02:49:28 (1 year ago)	SS1: Web Attack POST /wp-content/plugins/age-verification/age-verification.php	Web Spam Hacking Bad Web Bot Web App Attack
🇪🇸 10dencehispahard SL	2024-06-29 03:06:52 (1 year ago)	Unauthorized login attempts [ accesslogs]	Brute-Force
🇺🇸 TPI-Abuse	2024-05-15 01:50:01 (2 years ago)	(mod_security) mod_security (id:212750) triggered by 172.245.157.113 (172-245-157-113-host.colocross ... show more (mod_security) mod_security (id:212750) triggered by 172.245.157.113 (172-245-157-113-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 14 21:49:50.495884 2024] [security2:error] [pid 20071:tid 47952267273984] [client 172.245.157.113:50987] [client 172.245.157.113] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bon(?:abort\|blur\|change\|click\|dblclick\|dragdrop\|error\|focus\|keydown\|keypress\|keyup\|load\|mouse(?:down\|move\|out\|over\|up)\|move\|readystatechange\|reset\|resize\|select\|submit\|unload)\\\\b[^a-zA-Z0-9_]{0,}?=" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "69"] [id "212750"] [rev "3"] [msg "COMODO WAF: XSS Attack Detected\|\|mail.kettlehill.net\|F\|2"] [data "Matched Data: onload= found within REQUEST_URI: /?key='>\\x22<svg/onload=confirm('xss')>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "mail.kettlehill.net"] [uri "/"] [unique_id "ZkQUvsyVcBsnUGAerAqaMwAAAUU"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 10dencehispahard SL	2024-05-08 07:00:43 (2 years ago)	Unauthorized login attempts []	Brute-Force
🇪🇸 10dencehispahard SL	2024-05-08 06:33:56 (2 years ago)	Web Attack	DDoS Attack Brute-Force Web App Attack

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇱 200.89.69.247

🇧🇪 198.235.24.163

🇲🇾 180.74.84.64

🇮🇳 34.180.51.47

🇺🇸 13.218.167.231

🇳🇱 195.178.110.30

🇺🇸 136.49.53.226

🇮🇪 132.164.254.30

🇱🇹 81.30.98.49

🇦🇹 77.119.21.222

🇨🇳 61.52.12.86

🇻🇳 45.122.242.218

🇷🇴 2.57.122.177

🇩🇪 2.27.20.149

🇧🇷 205.210.31.207

🇭🇰 199.45.154.138

🇹🇼 198.235.24.107

🇹🇼 198.235.24.93

🇮🇳 135.235.138.43

🇬🇧 132.145.62.134