JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 192.210.132.157

192.210.132.157 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 1%: ?

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	192-210-132-157-host.colocrossing.com
Domain Name	hostpapa.com
Country	🇺🇸 United States of America
City	Buffalo, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 192.210.132.157

Whois 192.210.132.157

IP Abuse Reports for 192.210.132.157:

This IP address has been reported a total of 17 times from 6 distinct sources. 192.210.132.157 was first reported on August 31st 2023, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-01 02:17:54 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 192.210.132.157 (192-210-132-157-host.colocross ... show more (mod_security) mod_security (id:210730) triggered by 192.210.132.157 (192-210-132-157-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 22:17:48.348568 2026] [security2:error] [pid 12707:tid 12715] [client 192.210.132.157:44287] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kettlehill.net\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.net"] [uri "/admin/logs/errors.log"] [unique_id "ahzrzPr1zQOtbkd9viUrXwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-27 02:36:30 (4 months ago)	(mod_security) mod_security (id:221260) triggered by 192.210.132.157 (192-210-132-157-host.colocross ... show more (mod_security) mod_security (id:221260) triggered by 192.210.132.157 (192-210-132-157-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 26 21:34:43.563366 2026] [security2:error] [pid 1914:tid 1927] [client 192.210.132.157:50431] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|cpcalendars.kettlehill.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.kettlehill.com"] [uri "/debug.cgi"] [unique_id "aXgkQ8Pq0E0MroPkyLy2ygAAAAc"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-17 00:18:11 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 192.210.132.157 (192-210-132-157-host.colocross ... show more (mod_security) mod_security (id:210730) triggered by 192.210.132.157 (192-210-132-157-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 19:17:38.450636 2026] [security2:error] [pid 28019:tid 28019] [client 192.210.132.157:35355] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.nbcnewsradio.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.nbcnewsradio.com"] [uri "/wp-content/mysql.sql"] [unique_id "aWrVIqA_Nxm0bB5sPEJvpwAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-13 11:07:35 (7 months ago)	(mod_security) mod_security (id:211190) triggered by 192.210.132.157 (192-210-132-157-host.colocross ... show more (mod_security) mod_security (id:211190) triggered by 192.210.132.157 (192-210-132-157-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 06:07:32.567948 2025] [security2:error] [pid 3943:tid 3943] [client 192.210.132.157:52115] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|ftp.nbcnewsradio.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /index.php?option=com_projectfork&section=../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.nbcnewsradio.com"] [uri "/index.php"] [unique_id "aRW79ELRpeuLRZffkiPCiAAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 SCHAPPY	2025-08-27 13:40:05 (9 months ago)	IP was involved in L7 DDoS attack.	DDoS Attack
🇩🇪 SCHAPPY	2025-07-23 05:50:05 (11 months ago)	IP was involved in L7 DDoS attack.	DDoS Attack
🇺🇸 TPI-Abuse	2025-07-03 13:47:42 (11 months ago)	(mod_security) mod_security (id:210492) triggered by 192.210.132.157 (192-210-132-157-host.colocross ... show more (mod_security) mod_security (id:210492) triggered by 192.210.132.157 (192-210-132-157-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 03 09:46:06.029850 2025] [security2:error] [pid 13360:tid 13380] [client 192.210.132.157:41483] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.staging.kettlehill.com"] [uri "/.env.www"] [unique_id "aGaJnqUco3AoK6nd7NE__wAAAIY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-29 17:19:05 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 192.210.132.157 (192-210-132-157-host.colocross ... show more (mod_security) mod_security (id:210730) triggered by 192.210.132.157 (192-210-132-157-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 13:18:54.057600 2025] [security2:error] [pid 3057296:tid 3057296] [client 192.210.132.157:40981] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.farmers123.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.farmers123.com"] [uri "/admin/logs/error.log"] [unique_id "aDiW_lL5th9sYEHtk70NagAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-04-19 05:29:21 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 192.210.132.157 (192-210-132-157-host.colocross ... show more (mod_security) mod_security (id:211190) triggered by 192.210.132.157 (192-210-132-157-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 19 01:29:08.481228 2025] [security2:error] [pid 26434:tid 26453] [client 192.210.132.157:50059] [client 192.210.132.157] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|www.blog.spinningdesigns.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /?file=http://0177.0.0.1/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "blog.spinningdesigns.com"] [uri "/"] [unique_id "aAM0pEBDF0hFmouiiEBHTgAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-02-27 14:45:30 (1 year ago)	(mod_security) mod_security (id:212620) triggered by 192.210.132.157 (192-210-132-157-host.colocross ... show more (mod_security) mod_security (id:212620) triggered by 192.210.132.157 (192-210-132-157-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 27 09:45:17.291607 2025] [security2:error] [pid 27061:tid 27152] [client 192.210.132.157:52891] [client 192.210.132.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|www.kettlehill.net\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /ie50/system/login/sysloginuser.aspx?login=denied&uid=</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.kettlehill.net"] [uri "/ie50/system/login/SysLoginUser.aspx"] [unique_id "Z8B6fR0YO9vnfm9-bP1BVQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-01-25 09:10:22 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack
🇩🇪 nyuuzyou	2024-12-11 23:11:41 (1 year ago)	Intensive scraping: /web?s=Tax%20preparation%20services%20Virginia&scraper=yep. User-Agent: Mozilla/ ... show more Intensive scraping: /web?s=Tax%20preparation%20services%20Virginia&scraper=yep. User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12.5; rv:114.0) Gecko/20100101 Firefox/114.0. show less	Bad Web Bot
🇺🇸 ChamberofCommerce.com	2023-11-06 03:38:07 (2 years ago)	Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested ... show more Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested Before Block:226 show less	Bad Web Bot
🇺🇸 ChamberofCommerce.com	2023-11-04 01:19:57 (2 years ago)	Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested ... show more Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested Before Block:226 show less	Bad Web Bot
🇺🇸 ChamberofCommerce.com	2023-11-02 05:17:58 (2 years ago)	Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested ... show more Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested Before Block:226 show less	Bad Web Bot

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 91.92.40.7

🇨🇳 42.100.63.119

🇷🇴 2.57.121.25

🇺🇸 216.131.87.122

🇺🇸 195.184.76.13

🇹🇼 122.254.30.34

🇮🇳 103.149.154.141

🇺🇸 91.230.168.21

🇺🇸 91.230.168.19

🇺🇸 66.132.186.167

🇺🇸 45.79.213.172

🇱🇰 220.247.224.226

🇺🇸 192.204.137.83

🇦🇷 190.185.159.132

🇰🇷 175.207.202.32

🇸🇬 172.188.89.41

🇩🇪 167.94.146.56

🇺🇸 162.216.150.11

🇺🇸 147.185.132.176

🇨🇳 111.228.2.14