JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.245.157.253

172.245.157.253 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 12%: ?

12%

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	172-245-157-253-host.colocrossing.com
Domain Name	hostpapa.com
Country	🇺🇸 United States of America
City	Buffalo, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.245.157.253

Whois 172.245.157.253

IP Abuse Reports for 172.245.157.253:

This IP address has been reported a total of 10 times from 5 distinct sources. 172.245.157.253 was first reported on July 4th 2023, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-01 02:10:56 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 172.245.157.253 (172-245-157-253-host.colocross ... show more (mod_security) mod_security (id:210492) triggered by 172.245.157.253 (172-245-157-253-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 22:08:39.941499 2026] [security2:error] [pid 7732:tid 7747] [client 172.245.157.253:37759] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.staging.kettlehill.com"] [uri "/wp-config.php.dist"] [unique_id "ahzppyKq_i-FrRbJEDL7BQAAAUE"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 bigorre.org	2026-05-21 16:22:21 (3 weeks ago)	Excessive crawling : exceed crawl-delay defined in robots.txt	Bad Web Bot
🇺🇸 TPI-Abuse	2025-12-02 23:36:15 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 172.245.157.253 (172-245-157-253-host.colocross ... show more (mod_security) mod_security (id:210730) triggered by 172.245.157.253 (172-245-157-253-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 18:36:11.308952 2025] [security2:error] [pid 27513:tid 27513] [client 172.245.157.253:36325] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.farmers123.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.farmers123.com"] [uri "/mail.farmers123.com/errors.log"] [unique_id "aS936-EJTLrv8N5BNgcr1QAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-12 11:03:43 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 172.245.157.253 (172-245-157-253-host.colocross ... show more (mod_security) mod_security (id:210492) triggered by 172.245.157.253 (172-245-157-253-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 12 06:03:36.105915 2025] [security2:error] [pid 9346:tid 9346] [client 172.245.157.253:56677] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.nbcnewsradio.com"] [uri "/.env.live"] [unique_id "aRRpiJsqMeSZP7yL3jp0zAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-10-26 05:07:49 (7 months ago)	Malicious activity detected	Hacking Brute-Force
🇺🇸 TPI-Abuse	2025-07-01 06:33:28 (11 months ago)	(mod_security) mod_security (id:212620) triggered by 172.245.157.253 (172-245-157-253-host.colocross ... show more (mod_security) mod_security (id:212620) triggered by 172.245.157.253 (172-245-157-253-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 01 02:33:22.967310 2025] [security2:error] [pid 30219:tid 30234] [client 172.245.157.253:56547] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|kettlehill.com\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /?s=</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "kettlehill.com"] [uri "/"] [unique_id "aGOBMvtpdo0a25O2Z1bX7AAAAMs"], referer: https://www.kettlehill.com/?s=<%2Fscript><script>alert%28document.domain%29<%2Fscript> show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-06-01 16:16:23 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 172.245.157.253 (172-245-157-253-host.colocross ... show more (mod_security) mod_security (id:210730) triggered by 172.245.157.253 (172-245-157-253-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 12:16:17.446334 2025] [security2:error] [pid 3018820:tid 3018820] [client 172.245.157.253:57745] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.nbcnewsradio.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.nbcnewsradio.com"] [uri "/admin/errors.log"] [unique_id "aDx80ds68IRUuyw4ell4lQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-28 20:05:18 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 172.245.157.253 (172-245-157-253-host.colocross ... show more (mod_security) mod_security (id:210730) triggered by 172.245.157.253 (172-245-157-253-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 28 16:05:09.471607 2025] [security2:error] [pid 1825735:tid 1825735] [client 172.245.157.253:49267] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|autodiscover.farmers123.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "autodiscover.farmers123.com"] [uri "/autodiscover.farmers123.com/error.log"] [unique_id "aDdsdQON9kaqMNyuYFo9EgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 rafix	2023-10-28 10:10:12 (2 years ago)	Scrapping website, using diffrent useragents, not wait for response, #botnet20231026	DDoS Attack Bad Web Bot
🇨🇭 backslash	2023-07-04 10:50:05 (2 years ago)	block ruleset CC531825F9395F9A07FB06C1247C46770A2690F8	Bad Web Bot

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2607:f8b0:4001:c76::12c

🇵🇾 190.128.241.2

🇺🇸 185.180.141.48

🇵🇰 182.181.190.223

🇨🇻 154.203.67.190

🇺🇸 135.148.68.54

🇺🇸 96.232.248.99

🇷🇴 80.94.92.70

🇺🇸 65.49.1.70

🇺🇸 64.62.156.202

🇧🇷 45.161.6.11

🇭🇰 43.255.118.11

🇮🇳 20.193.141.133

🇨🇦 199.167.138.45

🇺🇸 185.180.141.50

🇷🇺 185.147.26.126

🇯🇵 156.227.232.198

🇨🇳 111.30.42.43

🇷🇺 82.147.84.225

🇵🇱 57.128.214.238