JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.245.195.60

172.245.195.60 was found in our database!

This IP was reported 68 times. Confidence of Abuse is 100%: ?

100%

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	172-245-195-60-host.colocrossing.com
Domain Name	hostpapa.com
Country	🇺🇸 United States of America
City	Buffalo, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.245.195.60

Whois 172.245.195.60

IP Abuse Reports for 172.245.195.60:

This IP address has been reported a total of 68 times from 37 distinct sources. 172.245.195.60 was first reported on December 16th 2025, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 oralunal	2026-06-12 12:16:58 (2 hours ago)	IP banned by Fail2Ban in jail oral-suss access.log mvfnds ...	Bad Web Bot Web App Attack
Anonymous	2026-06-12 12:15:32 (2 hours ago)	(caddyscan) Scanner path probe from 172.245.195.60 (US/United States/172-245-195-60-host.colocrossin ... show more (caddyscan) Scanner path probe from 172.245.195.60 (US/United States/172-245-195-60-host.colocrossing.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 172.245.195.60 - - [12/Jun/2026:12:15:28 +0000] "GET /.git/HEAD HTTP/1.1" [REDACTED] 200 2627 172.245.195.60 - - [12/Jun/2026:12:15:28 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 172.245.195.60 - - [12/Jun/2026:12:15:28 +0000] "GET /.env.local HTTP/1.1" [REDACTED] 200 2627 172.245.195.60 - - [12/Jun/2026:12:15:28 +0000] "GET /.env.production HTTP/1.1" [REDACTED] 200 2627 172.245.195.60 - - [12/Jun/2026:12:15:28 +0000] "GET /.env.development HTTP/1.1" show less	Port Scan
🇫🇷 dynamix	2026-06-12 11:54:56 (3 hours ago)	Multiple WAF Violations	Web App Attack
Anonymous	2026-06-12 11:32:22 (3 hours ago)	(mod_security) mod_security triggered on hostname [redacted])	SQL Injection
🇨🇦 polycoda	2026-06-12 11:13:53 (4 hours ago)	AutoBlock: 🎯 Vulnerability Scanner (Non Decay-Based) - ⚙️ Configuration File Access (Non Decay-Based ... show more AutoBlock: 🎯 Vulnerability Scanner (Non Decay-Based) - ⚙️ Configuration File Access (Non Decay-Based) - ❌ Excessive 40X Errors (Decay-Based) show less	Hacking Bad Web Bot Web App Attack
🇩🇪 maxpower	2026-06-12 11:02:04 (4 hours ago)	(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 172.245.195.60 (US/United States/172-245 ... show more (exploit_critical) REGOLA 2 - Critical File Exploit Attempt 172.245.195.60 (US/United States/172-245-195-60-host.colocrossing.com): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 172.245.195.60 - - [12/Jun/2026:12:06:48 +0200] "GET /.aws/credentials HTTP/1.1" 500 711 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 Edg/146.0.3856.109" "-" host=mail.digiampaolo.it 172.245.195.60 - - [12/Jun/2026:13:01:54 +0200] "GET /.aws/credentials HTTP/1.1" 500 711 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 15.7; rv:149.0) Gecko/20100101 Firefox/149.0" "-" host=mail.digiampaolosrl.it show less	Port Scan
🇬🇧 Aetherweb Ark	2026-06-12 10:58:58 (4 hours ago)	(mod_security) mod_security (id:949110) triggered by 172.245.195.60 (US/United States/172-245-195-60 ... show more (mod_security) mod_security (id:949110) triggered by 172.245.195.60 (US/United States/172-245-195-60-host.colocrossing.com): N in the last X secs show less	Web App Attack
🇳🇱 Eric	2026-06-12 10:49:32 (4 hours ago)	[Fri Jun 12 10:49:29.913681 2026] [security2:error] [pid 3877589:tid 3877589] [client 172.245.195.60 ... show more [Fri Jun 12 10:49:29.913681 2026] [security2:error] [pid 3877589:tid 3877589] [client 172.245.195.60:59690] [client 172.245.195.60] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.fambus.nl"] [uri "/.git/HEAD"] [unique_id "aivkOS6GYZImee1JOuAhxAAAACI"] [Fri Jun 12 10:49:30.851272 2026] [security2:error] [pid 3877589:tid 3877589] [client 172.245.195.60:59690] [client 172.245.195.60] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: ... show less	Hacking Web App Attack
Anonymous	2026-06-12 09:51:44 (5 hours ago)	(caddyscan) Scanner path probe from 172.245.195.60 (US/United States/172-245-195-60-host.colocrossin ... show more (caddyscan) Scanner path probe from 172.245.195.60 (US/United States/172-245-195-60-host.colocrossing.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 172.245.195.60 - - [12/Jun/2026:09:51:39 +0000] "GET /.git/HEAD HTTP/1.1" [REDACTED] 200 2627 172.245.195.60 - - [12/Jun/2026:09:51:39 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 172.245.195.60 - - [12/Jun/2026:09:51:40 +0000] "GET /.env.local HTTP/1.1" [REDACTED] 200 2627 172.245.195.60 - - [12/Jun/2026:09:51:40 +0000] "GET /.aws/credentials HTTP/1.1" [REDACTED] 200 2627 172.245.195.60 - - [12/Jun/2026:09:51:40 +0000] "GET /.env.production HTTP/1.1" show less	Port Scan
🇺🇸 Starburst SysOp Team	2026-06-12 09:33:40 (5 hours ago)	(mod_security-custom) mod_security (id:210492) triggered by 172.245.195.60 (US/United States/New Yor ... show more (mod_security-custom) mod_security (id:210492) triggered by 172.245.195.60 (US/United States/New York/Buffalo/172-245-195-60-host.colocrossing.com/[AS36352 AS-COLOCROSSING]): 1 in the last 3600 secs (0-srv1) show less	Hacking
🇳🇱 e.fierstra	2026-06-07 18:35:23 (4 days ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇳🇱 Mangelot Hosting	2026-06-07 18:34:31 (4 days ago)	(modsecurity) srv101 ModSecurity 172.245.195.60 (US/United States/172-245-195-60-host.colocrossing.c ... show more (modsecurity) srv101 ModSecurity 172.245.195.60 (US/United States/172-245-195-60-host.colocrossing.com): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
🇩🇪 ger-stg-sifi1	2026-06-07 18:31:51 (4 days ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
Anonymous	2026-06-07 18:26:24 (4 days ago)	(mod_security) mod_security triggered on hostname [redacted] 172.245.195.60 (US/United States/172-24 ... show more (mod_security) mod_security triggered on hostname [redacted] 172.245.195.60 (US/United States/172-245-195-60-host.colocrossing.com) show less	SQL Injection
🇫🇷 masterguru	2026-06-07 18:05:30 (4 days ago)	Restricted File Access Attempt. Matched phrase ".git/" at REQUEST_FILENAME. (930130-201)	Hacking Web App Attack

Showing 1 to 15 of 68 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇶 188.64.139.147

🇷🇺 62.16.103.46

🇬🇧 35.203.210.130

🇮🇳 122.172.84.48

🇳🇱 93.123.109.164

🇵🇹 80.172.227.24

🇱🇹 62.60.130.234

🇬🇧 35.203.211.186

🇺🇸 216.244.66.195

🇬🇧 188.122.37.97

🇦🇪 176.205.254.176

🇳🇱 176.65.139.56

🇺🇸 172.56.216.152

🇱🇦 103.114.147.217

🇫🇮 81.27.98.217

🇺🇸 20.163.2.150

🇬🇧 193.176.29.20

🇲🇽 186.96.145.241

🇺🇸 172.234.218.34

🇲🇽 149.232.131.196