JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 43.245.117.20

43.245.117.20 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 0%: ?

ISP	trafficforce, UAB
Usage Type	Commercial
ASN	AS133944
Domain Name	trafficforce.lt
Country	🇹🇷 Turkey
City	Istanbul, Istanbul

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 43.245.117.20

Whois 43.245.117.20

IP Abuse Reports for 43.245.117.20:

This IP address has been reported a total of 21 times from 8 distinct sources. 43.245.117.20 was first reported on October 30th 2023, and the most recent report was 1 year ago.

Old Reports: The most recent abuse report for this IP address is from 1 year ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2025-01-16 18:19:14 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇩🇪 ps-center	2024-11-27 10:39:52 (1 year ago)	SS1: Web Attack GET /wp-login.php?login-error=<script>alert(document.domain)</script>	Web Spam Hacking Bad Web Bot Web App Attack
🇩🇪 Alejandro Docasar	2024-11-26 14:40:21 (1 year ago)		Web App Attack
🇺🇸 TPI-Abuse	2024-10-27 02:31:51 (1 year ago)	(mod_security) mod_security (id:221260) triggered by 43.245.117.20 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:221260) triggered by 43.245.117.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 26 22:30:12.686425 2024] [security2:error] [pid 12081:tid 12351] [client 43.245.117.20:50969] [client 43.245.117.20] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|cpcontacts.kettlehill.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.kettlehill.com"] [uri "/test.cgi"] [unique_id "Zx2ltKh_svivc3gfY1Hh5AAAANQ"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-09-03 18:45:32 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 43.245.117.20 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 43.245.117.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 03 14:45:14.390477 2024] [security2:error] [pid 8859:tid 8859] [client 43.245.117.20:38337] [client 43.245.117.20] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.stdavids-media.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.stdavids-media.com"] [uri "/admin/logs/errors.log"] [unique_id "ZtdZOtvQ-54TbkPMSzW0mAAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-07-27 20:28:41 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 43.245.117.20 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 43.245.117.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 27 16:28:32.577334 2024] [security2:error] [pid 22441:tid 22519] [client 43.245.117.20:48971] [client 43.245.117.20] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|staging.kettlehill.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "staging.kettlehill.com"] [uri "/...\\\\...\\\\...\\\\...\\\\...\\\\...\\\\...\\\\...\\\\...\\\\windows\\\\win.ini"] [unique_id "ZqVYcNtjGEvj7KjXnvD-OgAAAFg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ps-center	2024-07-15 18:03:01 (1 year ago)	SS1: Web Attack GET /wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../ ... show more SS1: Web Attack GET /wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd show less	Web Spam Hacking Bad Web Bot Web App Attack
Anonymous	2024-07-02 13:20:29 (1 year ago)	Common attack or app scan event detected and blocked	Port Scan Hacking Web App Attack
🇪🇸 10dencehispahard SL	2024-06-29 03:06:52 (1 year ago)	Unauthorized login attempts [ accesslogs]	Brute-Force
🇺🇸 TPI-Abuse	2024-05-15 01:53:03 (2 years ago)	(mod_security) mod_security (id:210492) triggered by 43.245.117.20 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 43.245.117.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 14 21:52:54.331336 2024] [security2:error] [pid 5014:tid 47952275678976] [client 43.245.117.20:59615] [client 43.245.117.20] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.kettlehill.com"] [uri "/img../.git/config"] [unique_id "ZkQVduDW24d8EzRQX0RGxQAAAEk"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 10dencehispahard SL	2024-05-08 07:00:43 (2 years ago)	Unauthorized login attempts []	Brute-Force
🇪🇸 10dencehispahard SL	2024-05-08 06:51:59 (2 years ago)	Web Attack	DDoS Attack Brute-Force Web App Attack
🇪🇸 10dencehispahard SL	2024-03-27 07:00:25 (2 years ago)	Unauthorized login attempts [ BI-16635]	Brute-Force
🇪🇸 10dencehispahard SL	2024-03-27 06:44:08 (2 years ago)	WP scan	Web App Attack
🇺🇸 TPI-Abuse	2024-02-21 11:51:08 (2 years ago)	(mod_security) mod_security (id:210492) triggered by 43.245.117.20 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 43.245.117.20 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 21 06:49:31.056916 2024] [security2:error] [pid 12891:tid 47945771226880] [client 43.245.117.20:37853] [client 43.245.117.20] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.staging.kettlehill.com"] [uri "/web.config.zip"] [unique_id "ZdXjS25PvTkiNJv6s-k8ygAAAQQ"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 192.185.4.81

🇩🇪 167.94.146.38

🇺🇸 155.2.215.37

🇫🇷 151.80.77.244

🇨🇳 122.8.46.217

🇨🇳 112.46.215.98

🇪🇸 104.28.162.223

🇺🇸 98.80.4.23

🇫🇮 91.227.114.132

🇨🇾 85.208.98.23

🇨🇳 58.47.106.41

🇳🇱 45.148.10.157

🇮🇶 45.128.121.83

🇺🇸 3.216.13.10

🇨🇳 218.21.123.2

🇬🇧 217.146.80.114

🇻🇪 206.0.171.237

🇺🇸 194.62.107.148

🇹🇭 184.22.189.210

🇩🇪 164.92.143.110