JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 37.61.226.78

37.61.226.78 was found in our database!

This IP was reported 20 times. Confidence of Abuse is 11%: ?

11%

ISP	HostRoyale Technologies Pvt Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS207990
Domain Name	hostroyale.com
Country	🇧🇷 Brazil
City	Guarulhos, Sao Paulo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 37.61.226.78

Whois 37.61.226.78

IP Abuse Reports for 37.61.226.78:

This IP address has been reported a total of 20 times from 9 distinct sources. 37.61.226.78 was first reported on June 5th 2023, and the most recent report was 6 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-01 02:03:46 (6 days ago)	(mod_security) mod_security (id:210730) triggered by 37.61.226.78 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 37.61.226.78 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 22:02:04.332068 2026] [security2:error] [pid 17654:tid 17747] [client 37.61.226.78:41921] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.staging.kettlehill.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.staging.kettlehill.com"] [uri "/default.php.bak"] [unique_id "ahzoHNmdiBK8fg9Le5CbwAAAANI"] show less	Brute-Force Bad Web Bot Web App Attack
🇸🇬 securejdprop	2026-04-30 11:49:52 (1 month ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-probing. crowdsecurity/http-probing	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-03-01 20:16:17 (3 months ago)	(mod_security) mod_security (id:220150) triggered by 37.61.226.78 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:220150) triggered by 37.61.226.78 (-): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 01 15:16:10.518574 2026] [security2:error] [pid 27385:tid 27412] [client 37.61.226.78:32949] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:union(?:\\\\/\\\\.{0,399}\\\\*\\\\/)?select)" at ARGS:bwg_tag_id_bwg_thumbnails_0[]. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5662"] [id "220150"] [rev "5"] [msg "COMODO WAF: SQL injection vulnerability in Ginkgo CMS 5.0 (CVE-2013-5318)\|\|www.kettlehill.com\|F\|2"] [data ")\\x22unionselect1,2,3,4,5,6,7,concat(md5(999999999),0x2c,8),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23--g"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.kettlehill.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "aaSeig3DRlze-QqtecCbGAAAAZM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-01 06:03:17 (6 months ago)	(mod_security) mod_security (id:211190) triggered by 37.61.226.78 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:211190) triggered by 37.61.226.78 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 01:03:00.986000 2025] [security2:error] [pid 31256:tid 31274] [client 37.61.226.78:38949] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|www.kettlehill.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/admin-word-count-column/download-csv.php?path=../../../../../../../../../../../../etc/passwd\\x5c0"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kettlehill.com"] [uri "/wp-content/plugins/admin-word-count-column/download-csv.php"] [unique_id "aS0vlG28JkE_f6YcP87xhgAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-01 16:01:02 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 37.61.226.78 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 37.61.226.78 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 12:00:57.657948 2025] [security2:error] [pid 30110:tid 30163] [client 37.61.226.78:43253] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.kettlehill.net\|F\|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.kettlehill.net"] [uri "/server.key"] [unique_id "aN1QOckWrLLgoGKIU58tLwAAAdI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-01 08:18:45 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 37.61.226.78 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 37.61.226.78 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 04:18:42.509189 2025] [security2:error] [pid 3705323:tid 3705341] [client 37.61.226.78:34889] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whm.kettlehill.net"] [uri "/_.htaccess"] [unique_id "aIx4YlSqWoxQtnj67bcrIwAAAEI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-06-01 06:48:40 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 37.61.226.78 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 37.61.226.78 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 02:48:24.875300 2025] [security2:error] [pid 2476985:tid 2477043] [client 37.61.226.78:41057] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|staging.kettlehill.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "staging.kettlehill.com"] [uri "/wp-login.php.bak"] [unique_id "aDv3uIWY4ssUEn37NuVN-AAAAYc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-30 18:00:03 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 37.61.226.78 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 37.61.226.78 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 30 13:59:57.855149 2025] [security2:error] [pid 467434:tid 467434] [client 37.61.226.78:46457] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.nbcnewsradio.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.nbcnewsradio.com"] [uri "/php_errors.log"] [unique_id "aDnyHVjJt6zQuBnyhTNZ5AAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-03-18 13:50:03 (1 year ago)	Malicious activity detected	Hacking Web App Attack
🇨🇭 backslash	2025-03-10 13:35:07 (1 year ago)	block ruleset CC531825F9395F9A07FB06C1247C46770A2690F8	Bad Web Bot
🇲🇽 valeria mendoza	2024-08-26 19:38:51 (1 year ago)	This IP address has been reported for engaging in malicious activities, specifically a dictionary at ... show more This IP address has been reported for engaging in malicious activities, specifically a dictionary attack or DDoS targeting online services. Grettings from MX show less	Brute-Force
🇨🇭 backslash	2024-03-01 01:05:07 (2 years ago)	block ruleset CC531825F9395F9A07FB06C1247C46770A2690F8	Bad Web Bot
🇺🇸 VSM Networks	2023-11-06 03:21:58 (2 years ago)	Credential Stuffing	Brute-Force
Anonymous	2023-10-17 16:39:59 (2 years ago)	Malicious activity detected	Hacking Web App Attack
Anonymous	2023-08-07 00:30:12 (2 years ago)	\| Common web attack.	Hacking SQL Injection Web App Attack

Showing 1 to 15 of 20 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 122.13.25.186

🇷🇺 95.139.90.64

🇵🇹 85.244.8.67

🇱🇹 81.30.98.158

🇸🇦 51.253.215.78

🇺🇸 18.226.8.239

🇮🇪 3.252.128.103

🇺🇸 3.149.234.245

🇨🇦 3.98.49.38

🇨🇳 223.243.179.70

🇺🇸 216.73.161.184

🇬🇧 195.206.182.212

🇧🇷 178.92.205.166

🇮🇪 128.251.36.118

🇨🇳 117.82.134.122

🇧🇪 91.86.88.24

🇩🇪 49.13.138.33

🇮🇶 45.157.54.7

🇬🇧 31.14.254.67

🇺🇸 18.218.63.16