JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 173.252.167.180

173.252.167.180 was found in our database!

This IP was reported 156 times. Confidence of Abuse is 37%: ?

37%

ISP	OrangeHost
Usage Type	Data Center/Web Hosting/Transit
ASN	AS19853
Hostname(s)	server218.orangehost.com
Domain Name	orangehost.com
Country	🇺🇸 United States of America
City	Hillsboro, Oregon

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 173.252.167.180

Whois 173.252.167.180

IP Abuse Reports for 173.252.167.180:

This IP address has been reported a total of 156 times from 51 distinct sources. 173.252.167.180 was first reported on March 26th 2025, and the most recent report was 5 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-06 13:12:58 (5 hours ago)	(mod_security) mod_security (id:225170) triggered by 173.252.167.180 (server218.orangehost.com): 1 i ... show more (mod_security) mod_security (id:225170) triggered by 173.252.167.180 (server218.orangehost.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 09:12:52.551527 2026] [security2:error] [pid 11451:tid 11451] [client 173.252.167.180:41578] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.iostation.kleens-uk.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.iostation.kleens-uk.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "aiQc1A-WrTg3538m5iyNwgAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 10:58:35 (8 hours ago)	(mod_security) mod_security (id:225170) triggered by 173.252.167.180 (server218.orangehost.com): 1 i ... show more (mod_security) mod_security (id:225170) triggered by 173.252.167.180 (server218.orangehost.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 06:58:30.022372 2026] [security2:error] [pid 5473:tid 5473] [client 173.252.167.180:48406] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|paleopathologist.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "paleopathologist.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "aiP9VkDpNX2XiQxQmpOW-AAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 06:31:25 (12 hours ago)	(mod_security) mod_security (id:225170) triggered by 173.252.167.180 (server218.orangehost.com): 1 i ... show more (mod_security) mod_security (id:225170) triggered by 173.252.167.180 (server218.orangehost.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 02:31:17.721233 2026] [security2:error] [pid 13114:tid 13114] [client 173.252.167.180:53212] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|fundaciondamashcc.org.ec\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "fundaciondamashcc.org.ec"] [uri "/wp-json/wp/v2/users/me"] [unique_id "aiO-tckRAQwjQZzVGRarlgAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2026-06-06 03:15:07 (15 hours ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇺🇸 lostswordfish.com	2026-06-04 08:10:07 (2 days ago)	Wordfence waf block on floridaactioncommittee	Web App Attack
🇲🇽 octageeks.com	2026-06-04 04:15:28 (2 days ago)	Wordpress malicious attack:[octawp]	Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 00:18:10 (3 days ago)	(mod_security) mod_security (id:225170) triggered by 173.252.167.180 (server218.orangehost.com): 1 i ... show more (mod_security) mod_security (id:225170) triggered by 173.252.167.180 (server218.orangehost.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 20:18:02.055307 2026] [security2:error] [pid 25327:tid 25327] [client 173.252.167.180:40284] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|internetnameregistration.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "internetnameregistration.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ah9yuu5wpFR5dfQZ3ofZxQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 london2038.com	2026-06-01 00:12:19 (5 days ago)	Attacking WordPress 173.252.167.180 - - [01/Jun/2026:02:12:17 +0200] "POST /wp-login.php HTTP/2.0" 5 ... show more Attacking WordPress 173.252.167.180 - - [01/Jun/2026:02:12:17 +0200] "POST /wp-login.php HTTP/2.0" 503 19287 "https://<REDACTED>/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" show less	Brute-Force Web App Attack
🇩🇪 london2038.com	2026-05-23 07:43:08 (2 weeks ago)	Attacking WordPress 173.252.167.180 - - [23/May/2026:09:43:05 +0200] "POST /wp-login.php HTTP/2.0" 5 ... show more Attacking WordPress 173.252.167.180 - - [23/May/2026:09:43:05 +0200] "POST /wp-login.php HTTP/2.0" 503 19289 "https://<REDACTED>/wp-login.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-22 14:41:24 (2 weeks ago)	(mod_security) mod_security (id:225170) triggered by 173.252.167.180 (server218.orangehost.com): 1 i ... show more (mod_security) mod_security (id:225170) triggered by 173.252.167.180 (server218.orangehost.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 22 10:41:19.280673 2026] [security2:error] [pid 18944:tid 18944] [client 173.252.167.180:52354] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|arogun.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "arogun.org"] [uri "/wp-json/wp/v2/users/me"] [unique_id "ahBrD1cwseKgWV3-lXjAcAAAACI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-19 23:27:39 (2 weeks ago)	(mod_security) mod_security (id:225170) triggered by 173.252.167.180 (server218.orangehost.com): 1 i ... show more (mod_security) mod_security (id:225170) triggered by 173.252.167.180 (server218.orangehost.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 19 19:27:33.389798 2026] [security2:error] [pid 10774:tid 10774] [client 173.252.167.180:45862] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|vaghyst.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "vaghyst.com"] [uri "/wp-json/wp/v2/users"] [unique_id "agzx5cRp1d1x97TP-HGWmQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-02-24 17:33:35 (3 months ago)	Failed Wordpress Logins	Web App Attack
Anonymous	2026-01-27 18:00:09 (4 months ago)	Failed Wordpress Logins	Web App Attack
🇳🇱 BlueWire Hosting	2026-01-15 10:45:50 (4 months ago)	Probing websites for vulnerabilities	Web App Attack
Anonymous	2026-01-15 09:40:43 (4 months ago)	Failed Wordpress Logins	Web App Attack

Showing 1 to 15 of 156 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 198.235.24.122

🇺🇸 162.216.150.17

🇳🇱 160.119.76.47

🇫🇮 62.220.236.203

🇷🇴 2.57.121.112

🇮🇳 192.178.119.16

🇱🇹 188.69.225.188

🇳🇱 176.65.148.242

🇰🇷 61.76.112.4

🇰🇷 59.26.132.170

🇬🇧 31.171.130.6

🇺🇸 18.97.5.44

🇺🇸 172.253.9.219

🇺🇸 109.105.210.62

🇨🇮 102.210.82.20

🇺🇸 66.132.172.235

🇺🇸 52.201.23.239

🇧🇪 35.210.61.208

🇨🇳 220.154.138.217

🇧🇷 205.210.31.171