JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 45.38.70.27

45.38.70.27 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 0%: ?

ISP	Subnet Digital LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	subnetdigital.com
Country	🇨🇦 Canada
City	Montreal, Quebec

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 45.38.70.27

Whois 45.38.70.27

IP Abuse Reports for 45.38.70.27:

This IP address has been reported a total of 10 times from 4 distinct sources. 45.38.70.27 was first reported on January 25th 2025, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇭 backslash	2026-04-18 18:57:00 (1 month ago)	block ruleset CC531825F9395F9A07FB06C1247C46770A2690F8	Bad Web Bot
🇺🇸 TPI-Abuse	2026-01-17 22:24:04 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 45.38.70.27 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 45.38.70.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 17:24:01.306103 2026] [security2:error] [pid 1985:tid 1985] [client 45.38.70.27:47265] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/example.htaccess"] [unique_id "aWwMAYE5j-AVo-tG-tWztQAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 17:14:14 (5 months ago)	(mod_security) mod_security (id:211070) triggered by 45.38.70.27 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:211070) triggered by 45.38.70.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 12:08:27.648675 2025] [security2:error] [pid 17095:tid 17121] [client 45.38.70.27:33445] ModSecurity: Access denied with code 403 (phase 1). Pattern match "," at REQUEST_HEADERS:Transfer-Encoding. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "38"] [id "211070"] [rev "1"] [msg "COMODO WAF: HTTP Request Smuggling Attack.\|\|www.kettlehill.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.com"] [uri "/tmui/login.jsp"] [unique_id "aVK1i4oTFc8_1e9ZpJ82fAAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-12 04:48:03 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 45.38.70.27 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 45.38.70.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 11 23:47:56.703051 2025] [security2:error] [pid 23865:tid 23865] [client 45.38.70.27:58471] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.nbcnewsradio.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.nbcnewsradio.com"] [uri "/default.php.bak"] [unique_id "aRQRfDXQLgZTFxnUt0GIwAAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-27 01:07:53 (10 months ago)	(mod_security) mod_security (id:211190) triggered by 45.38.70.27 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:211190) triggered by 45.38.70.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 21:07:51.321042 2025] [security2:error] [pid 653296:tid 653309] [client 45.38.70.27:42931] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|staging.kettlehill.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /index.php?option=com_imagebrowser&folder=../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "staging.kettlehill.com"] [uri "/index.php"] [unique_id "aIV7575epZI5Xx2m9sk3hQAAAUE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-07-22 03:22:19 (10 months ago)	Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
🇺🇸 TPI-Abuse	2025-05-29 19:52:32 (1 year ago)	(mod_security) mod_security (id:221260) triggered by 45.38.70.27 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:221260) triggered by 45.38.70.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 15:52:14.384767 2025] [security2:error] [pid 3312786:tid 3312786] [client 45.38.70.27:43215] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|cpcalendars.farmers123.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.farmers123.com"] [uri "/cgi-bin/status/status.cgi"] [unique_id "aDi67mLHg5uKktA9Iy3AGAAAAAk"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-04-19 05:25:12 (1 year ago)	(mod_security) mod_security (id:212790) triggered by 45.38.70.27 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:212790) triggered by 45.38.70.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 19 01:24:40.877469 2025] [security2:error] [pid 22650:tid 22662] [client 45.38.70.27:45603] [client 45.38.70.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "[\\\\s\\\\x22'](?:alert\|eval\|\\\\.fromcharcode)\\\\s?(?:\\\\(\|`)" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "72"] [id "212790"] [rev "5"] [msg "COMODO WAF: XSS Attack Detected\|\|www.blog.spinningdesigns.com\|F\|2"] [data "Matched Data: 'alert( found within REQUEST_URI: /dashboard/snapshot/{{constructor.constructor('alert(document.domain)')()}}?orgid=1"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "blog.spinningdesigns.com"] [uri "/dashboard/snapshot/{{constructor.constructor('alert(document.domain)')()}}"] [unique_id "aAMzmMLYwl69KqC_78iZ9AAAAEk"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-03-25 04:05:56 (1 year ago)	Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
Anonymous	2025-01-25 21:00:14 (1 year ago)	\| Shellshock attack detected	Hacking SQL Injection Web App Attack

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 162.216.149.216

🇨🇳 117.164.191.217

🇺🇸 65.49.20.80

🇹🇷 46.31.76.122

🇬🇧 35.203.211.142

🇺🇸 20.15.163.174

🇺🇸 172.253.91.145

🇺🇸 162.216.149.51

🇨🇳 116.179.37.250

🇺🇸 100.29.192.72

🇺🇸 20.168.0.134

🇺🇸 147.185.132.89

🇺🇸 91.230.168.83

🇳🇱 45.148.10.141

🇸🇬 212.73.148.21

🇮🇩 203.145.34.182

🇮🇳 182.18.161.165

🇸🇬 165.154.29.93

🇩🇪 159.195.21.168

🇮🇩 157.20.207.165