JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.245.157.221

172.245.157.221 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 10%: ?

10%

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	172-245-157-221-host.colocrossing.com
Domain Name	hostpapa.com
Country	🇺🇸 United States of America
City	Buffalo, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.245.157.221

Whois 172.245.157.221

IP Abuse Reports for 172.245.157.221:

This IP address has been reported a total of 12 times from 6 distinct sources. 172.245.157.221 was first reported on August 29th 2023, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-01 02:26:56 (2 weeks ago)	(mod_security) mod_security (id:210730) triggered by 172.245.157.221 (172-245-157-221-host.colocross ... show more (mod_security) mod_security (id:210730) triggered by 172.245.157.221 (172-245-157-221-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 22:26:52.077096 2026] [security2:error] [pid 7577:tid 7700] [client 172.245.157.221:56547] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.kettlehill.kettlehill.com\|F\|2"] [data ".kettlehill.kettlehill.com.db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.kettlehill.com"] [uri "/www.kettlehill.kettlehill.com.db"] [unique_id "ahzt7I6nP6TlQzUBlJvUZAAAANc"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-22 14:50:03 (3 weeks ago)	LH-Watcher: FAKE_ID [Fake Googlebot]	Bad Web Bot
🇺🇸 TPI-Abuse	2026-04-08 21:33:03 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 172.245.157.221 (172-245-157-221-host.colocross ... show more (mod_security) mod_security (id:210730) triggered by 172.245.157.221 (172-245-157-221-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 08 17:32:58.730156 2026] [security2:error] [pid 161311:tid 161311] [client 172.245.157.221:55909] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.nbcnewsradio.com\|F\|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.nbcnewsradio.com"] [uri "/www.key"] [unique_id "adbJikzjHau9o1sxRTOqwQAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-03-03 17:10:06 (3 months ago)	\| Common web attack.	Web App Attack Hacking SQL Injection
🇺🇸 TPI-Abuse	2026-03-01 19:57:30 (3 months ago)	(mod_security) mod_security (id:217200) triggered by 172.245.157.221 (172-245-157-221-host.colocross ... show more (mod_security) mod_security (id:217200) triggered by 172.245.157.221 (172-245-157-221-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 01 14:57:26.170991 2026] [security2:error] [pid 27385:tid 27393] [client 172.245.157.221:44647] ModSecurity: Access denied with code 403 (phase 1). Match of "endsWith /wp-cron.php" against "REQUEST_FILENAME" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "103"] [id "217200"] [rev "2"] [msg "COMODO WAF: HTTP/1.1 POST request missing Content-Length Header\|\|kettlehill.com:443\|F\|2"] [data "/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "kettlehill.com"] [uri "/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh"] [unique_id "aaSaJg3DRlze-QqtecCR8wAAAYA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 HandyTreff.de	2026-02-04 06:25:35 (4 months ago)	Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -47.658 (Bad < -10 / Very Bad < -20 ... show more Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -47.658 (Bad < -10 / Very Bad < -20 / Extreme < -35) \| UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0. show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-01 06:12:18 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 172.245.157.221 (172-245-157-221-host.colocross ... show more (mod_security) mod_security (id:210492) triggered by 172.245.157.221 (172-245-157-221-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 01:12:11.568187 2025] [security2:error] [pid 8488:tid 8579] [client 172.245.157.221:32991] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.com"] [uri "/.env.live"] [unique_id "aS0xu9ZHHfu_5jcVG6pjZAAAAZg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-29 04:39:07 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 172.245.157.221 (172-245-157-221-host.colocross ... show more (mod_security) mod_security (id:210730) triggered by 172.245.157.221 (172-245-157-221-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 29 00:39:03.576723 2025] [security2:error] [pid 11494:tid 11494] [client 172.245.157.221:57229] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.nbcnewsradio.com\|F\|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.nbcnewsradio.com"] [uri "/www.key"] [unique_id "aQGaZxaDC5hQNhJpfpZv2QAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-01 17:08:46 (8 months ago)	(mod_security) mod_security (id:210492) triggered by 172.245.157.221 (172-245-157-221-host.colocross ... show more (mod_security) mod_security (id:210492) triggered by 172.245.157.221 (172-245-157-221-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 13:08:40.245109 2025] [security2:error] [pid 30109:tid 30134] [client 172.245.157.221:34049] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.kettlehill.net"] [uri "/.env"] [unique_id "aN1gGJmcYLK3QOnvb--NrQAAAZI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-22 23:06:03 (8 months ago)	(mod_security) mod_security (id:210492) triggered by 172.245.157.221 (172-245-157-221-host.colocross ... show more (mod_security) mod_security (id:210492) triggered by 172.245.157.221 (172-245-157-221-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 22 19:05:57.955828 2025] [security2:error] [pid 13000:tid 13000] [client 172.245.157.221:41299] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.deandobkin.com"] [uri "/.svn/wc.db"] [unique_id "aNHWVTWl5mRj7VtQR7tgJQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇯🇵 KuhA	2025-09-22 01:46:00 (8 months ago)	"GET /..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5Cwindows%5Cwin.ini HTTP/1.1"	Hacking Web App Attack
🇦🇺 oncord	2023-08-29 17:50:47 (2 years ago)	Form spam	Web Spam

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 172.253.83.92

🇺🇸 143.42.1.84

🇨🇦 138.197.145.244

🇩🇪 64.188.83.244

🇰🇷 43.164.129.84

🇺🇸 216.25.89.110

🇧🇷 191.205.192.220

🇷🇺 178.69.56.70

🇮🇹 172.253.12.144

🇺🇸 150.107.38.195

🇫🇷 104.28.162.138

🇫🇷 91.231.89.83

🇹🇷 91.93.51.110

🇧🇬 78.128.114.106

🇫🇷 77.204.107.203

🇫🇷 51.77.236.241

🇺🇸 50.62.181.92

🇳🇱 45.148.10.147

🇩🇪 43.228.157.121

🇺🇸 35.237.94.18