JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.245.157.25

172.245.157.25 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 1%: ?

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	172-245-157-25-host.colocrossing.com
Domain Name	hostpapa.com
Country	🇺🇸 United States of America
City	Buffalo, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.245.157.25

Whois 172.245.157.25

IP Abuse Reports for 172.245.157.25:

This IP address has been reported a total of 10 times from 4 distinct sources. 172.245.157.25 was first reported on October 28th 2023, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-05-14 11:50:05 (3 weeks ago)	\| A web attack returned code 200 (success).	Web App Attack Hacking SQL Injection
🇨🇭 backslash	2026-03-09 13:33:00 (3 months ago)	block ruleset CC531825F9395F9A07FB06C1247C46770A2690F8	Bad Web Bot
🇺🇸 TPI-Abuse	2026-02-01 11:22:46 (4 months ago)	(mod_security) mod_security (id:211190) triggered by 172.245.157.25 (172-245-157-25-host.colocrossin ... show more (mod_security) mod_security (id:211190) triggered by 172.245.157.25 (172-245-157-25-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 01 06:22:34.271832 2026] [security2:error] [pid 16723:tid 16826] [client 172.245.157.25:41873] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|mail.kettlehill.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/usc-e-shop/functions/content-log.php?logfile=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.kettlehill.com"] [uri "/wp-content/plugins/usc-e-shop/functions/content-log.php"] [unique_id "aX83ev0s_0SzhyBvLdivTQAAAxU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-01 06:42:23 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 172.245.157.25 (172-245-157-25-host.colocrossin ... show more (mod_security) mod_security (id:210492) triggered by 172.245.157.25 (172-245-157-25-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 01:42:17.437784 2025] [security2:error] [pid 27471:tid 27509] [client 172.245.157.25:37015] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kettlehill.com"] [uri "/.svn/entries"] [unique_id "aS04yXLXOKC0tXS7y0kxxQAAAJU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-28 20:24:46 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 172.245.157.25 (172-245-157-25-host.colocrossin ... show more (mod_security) mod_security (id:210492) triggered by 172.245.157.25 (172-245-157-25-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 16:24:37.920051 2025] [security2:error] [pid 8963:tid 8963] [client 172.245.157.25:53653] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htpasswd" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.nbcnewsradio.com"] [uri "/.htpasswd"] [unique_id "aQEmhV6yjtCpiynmkqRoUAAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-01 18:23:50 (8 months ago)	(mod_security) mod_security (id:210492) triggered by 172.245.157.25 (172-245-157-25-host.colocrossin ... show more (mod_security) mod_security (id:210492) triggered by 172.245.157.25 (172-245-157-25-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 14:23:46.277830 2025] [security2:error] [pid 14803:tid 14817] [client 172.245.157.25:47139] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.com"] [uri "/.env.old"] [unique_id "aN1xsh3GBio1fk4ARmTC1QAAAMs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-30 21:48:12 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 172.245.157.25 (172-245-157-25-host.colocrossin ... show more (mod_security) mod_security (id:210730) triggered by 172.245.157.25 (172-245-157-25-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 30 17:48:05.379033 2025] [security2:error] [pid 725497:tid 725497] [client 172.245.157.25:50061] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|nbcnewsradio.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "nbcnewsradio.com"] [uri "/....\\\\....\\\\....\\\\....\\\\....\\\\....\\\\....\\\\....\\\\....\\\\windows\\\\win.ini"] [unique_id "aDonlXlJJ_aYB3VHhLnsvAAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-28 20:32:20 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 172.245.157.25 (172-245-157-25-host.colocrossin ... show more (mod_security) mod_security (id:210730) triggered by 172.245.157.25 (172-245-157-25-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 28 16:32:06.321856 2025] [security2:error] [pid 1863588:tid 1863588] [client 172.245.157.25:56973] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.farmers123.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.farmers123.com"] [uri "/db.php.bak"] [unique_id "aDdyxvBeIzwiYVBkJhMPOwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 backslash	2025-03-30 03:45:07 (1 year ago)	block ruleset CC531825F9395F9A07FB06C1247C46770A2690F8	Bad Web Bot
🇵🇱 rafix	2023-10-28 10:10:11 (2 years ago)	Scrapping website, using diffrent useragents, not wait for response, #botnet20231026	DDoS Attack Bad Web Bot

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 176.65.139.249

🇻🇳 116.111.2.94

🇻🇳 116.110.9.56

🇺🇸 20.102.42.78

🇺🇸 216.25.89.72

🇧🇷 189.90.138.149

🇻🇳 116.110.9.198

🇻🇳 116.110.7.102

🇻🇳 116.110.7.55

🇻🇳 116.110.5.211

🇨🇳 111.228.45.109

🇸🇬 101.32.240.31

🇬🇧 86.128.85.27

🇺🇸 64.62.156.54

🇳🇱 45.148.10.147

🇧🇪 35.195.141.153

🇺🇸 13.222.86.208

🇻🇪 190.142.97.50

🇦🇷 186.22.19.183

🇻🇳 116.110.3.242