JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.245.157.34

172.245.157.34 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 0%: ?

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	172-245-157-34-host.colocrossing.com
Domain Name	hostpapa.com
Country	🇺🇸 United States of America
City	Buffalo, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.245.157.34

Whois 172.245.157.34

IP Abuse Reports for 172.245.157.34:

This IP address has been reported a total of 19 times from 9 distinct sources. 172.245.157.34 was first reported on October 30th 2023, and the most recent report was 1 year ago.

Old Reports: The most recent abuse report for this IP address is from 1 year ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2024-11-28 06:19:24 (1 year ago)	172.245.157.34 - - [28/Nov/2024:07:19:23 +0100] "GET /poc.jsp?cmd=cat+%2Fetc%2Fpasswd HTTP/1.1" 404 ... show more 172.245.157.34 - - [28/Nov/2024:07:19:23 +0100] "GET /poc.jsp?cmd=cat+%2Fetc%2Fpasswd HTTP/1.1" 404 5458 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" ... show less	Hacking
🇩🇪 ps-center	2024-11-27 04:57:01 (1 year ago)	SS1: Web Attack GET /wp-content/plugins/profile-builder/assets/misc/fallback-page.php?site_url=javas ... show more SS1: Web Attack GET /wp-content/plugins/profile-builder/assets/misc/fallback-page.php?site_url=javascript:alert(document.domain);&message=Not+Found&site_name=404 show less	Web Spam Hacking Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-11-26 23:18:28 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 172.245.157.34 (172-245-157-34-host.colocrossin ... show more (mod_security) mod_security (id:211190) triggered by 172.245.157.34 (172-245-157-34-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 26 18:17:51.749061 2024] [security2:error] [pid 14708:tid 14884] [client 172.245.157.34:40921] [client 172.245.157.34] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|www.staging.kettlehill.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /index.php?option=com_rokdownloads&controller=../../../../../../../../../../etc/passwd%00"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.staging.kettlehill.com"] [uri "/index.php"] [unique_id "Z0ZXH7Z-yNDsuHkwIgxqjQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Alejandro Docasar	2024-11-26 18:57:04 (1 year ago)		Web App Attack
🇺🇸 TPI-Abuse	2024-09-03 18:40:46 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 172.245.157.34 (172-245-157-34-host.colocrossin ... show more (mod_security) mod_security (id:210492) triggered by 172.245.157.34 (172-245-157-34-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 03 14:40:06.846733 2024] [security2:error] [pid 11204:tid 11204] [client 172.245.157.34:51477] [client 172.245.157.34] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.stdavids-media.com"] [uri "/wp-content/plugins/wpsite-background-takeover/exports/download.php"] [unique_id "ZtdYBviUDdxQSyxVOPbSTAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-09-01 01:48:24 (1 year ago)	(mod_security) mod_security (id:210580) triggered by 172.245.157.34 (172-245-157-34-host.colocrossin ... show more (mod_security) mod_security (id:210580) triggered by 172.245.157.34 (172-245-157-34-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 31 21:48:09.008384 2024] [security2:error] [pid 3087953:tid 3087966] [client 172.245.157.34:57917] [client 172.245.157.34] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/passwd" at ARGS:style. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt\|\|autodiscover.kettlehill.net\|F\|2"] [data "Matched Data: etc/passwd found within ARGS:style: ../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "autodiscover.kettlehill.net"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZtPH2epNq9YuaJqIJW3IkQAAAIs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2024-08-19 04:14:07 (1 year ago)	Malicious activity detected	Hacking Web App Attack
🇺🇸 TPI-Abuse	2024-06-27 07:03:21 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 172.245.157.34 (172-245-157-34-host.colocrossin ... show more (mod_security) mod_security (id:210492) triggered by 172.245.157.34 (172-245-157-34-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 27 03:03:14.550772 2024] [security2:error] [pid 31357:tid 47386280683264] [client 172.245.157.34:44973] [client 172.245.157.34] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.kettlehill.net"] [uri "/.env"] [unique_id "Zn0Osuhhp4qy_W6hp2wpmQAAAMI"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 10dencehispahard SL	2024-05-08 07:00:43 (2 years ago)	Unauthorized login attempts []	Brute-Force
🇪🇸 10dencehispahard SL	2024-05-08 06:34:00 (2 years ago)	Web Attack	DDoS Attack Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2024-04-01 16:04:40 (2 years ago)	(mod_security) mod_security (id:210492) triggered by 172.245.157.34 (172-245-157-34-host.colocrossin ... show more (mod_security) mod_security (id:210492) triggered by 172.245.157.34 (172-245-157-34-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 01 12:03:33.699281 2024] [security2:error] [pid 12508:tid 47912189536000] [client 172.245.157.34:49417] [client 172.245.157.34] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.staging.kettlehill.com"] [uri "/wp-config.php.orig"] [unique_id "Zgra1VzC3Qy70orr9wrbcAAAAUA"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 10dencehispahard SL	2024-03-27 07:00:25 (2 years ago)	Unauthorized login attempts [ BI-16635]	Brute-Force
🇪🇸 10dencehispahard SL	2024-03-27 06:55:04 (2 years ago)	WP scan	Web App Attack
🇩🇪 ghostwarriors	2024-02-07 08:50:10 (2 years ago)	Attempts against non-existent wp-login	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2024-01-26 13:26:08 (2 years ago)	(mod_security) mod_security (id:210730) triggered by 172.245.157.34 (172-245-157-34-host.colocrossin ... show more (mod_security) mod_security (id:210730) triggered by 172.245.157.34 (172-245-157-34-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 26 08:26:04.103287 2024] [security2:error] [pid 30537] [client 172.245.157.34:50011] [client 172.245.157.34] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|stdavids-media.com\|F\|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "stdavids-media.com"] [uri "/localhost.key"] [unique_id "ZbOy7ABE05DgysYpkrqZAgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 60.12.5.190

🇮🇩 210.87.91.38

🇨🇦 185.92.26.60

🇺🇸 172.217.41.144

🇰🇪 102.210.148.92

🇭🇰 45.78.18.182

🇺🇸 172.253.2.26

🇺🇸 162.216.150.132

🇩🇪 156.236.31.85

🇫🇮 147.185.133.81

🇲🇦 105.154.32.240

🇷🇴 80.94.92.167

🇺🇸 47.77.217.62

🇮🇩 43.230.5.42

🇮🇳 13.234.152.56

🇵🇪 2620:0:877:5100::42

🇨🇳 114.100.48.120

🇩🇪 91.98.140.41

🇷🇺 77.37.179.158

🇨🇳 14.103.123.87