JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 45.61.100.238

45.61.100.238 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 13%: ?

13%

ISP	HostRoyale LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS46516
Hostname(s)	ip-45-61-100-238.fibre.fibrestream.ca
Domain Name	hostroyale.com
Country	🇺🇸 United States of America
City	Floris, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 45.61.100.238

Whois 45.61.100.238

IP Abuse Reports for 45.61.100.238:

This IP address has been reported a total of 19 times from 6 distinct sources. 45.61.100.238 was first reported on November 27th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-05-27 22:00:40 (1 week ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-26. show less	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-05-27 17:43:19 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 45.61.100.238 (ip-45-61-100-238.fibre.fibrestre ... show more (mod_security) mod_security (id:210492) triggered by 45.61.100.238 (ip-45-61-100-238.fibre.fibrestream.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 13:43:10.978078 2026] [security2:error] [pid 28130:tid 28243] [client 45.61.100.238:51173] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "djkirby.com"] [uri "/.env.save"] [unique_id "ahctLsijgPv5aU7xlyRtYQAAAFU"], referer: https://www.google.com/search?q=djkirby.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 15:52:35 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 45.61.100.238 (ip-45-61-100-238.fibre.fibrestre ... show more (mod_security) mod_security (id:210492) triggered by 45.61.100.238 (ip-45-61-100-238.fibre.fibrestream.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 11:52:32.132282 2026] [security2:error] [pid 29792:tid 29792] [client 45.61.100.238:39767] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.lilytaylor.ingberinteriors.com"] [uri "/.env.dev"] [unique_id "ahcTQMNbUOPPOFDdaXHPOQAAAAE"], referer: https://www.google.com/search?q=www.lilytaylor.ingberinteriors.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 00:22:48 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 45.61.100.238 (ip-45-61-100-238.fibre.fibrestre ... show more (mod_security) mod_security (id:210492) triggered by 45.61.100.238 (ip-45-61-100-238.fibre.fibrestream.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 20:22:44.016491 2026] [security2:error] [pid 3904:tid 3904] [client 45.61.100.238:34117] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pappakotis.net"] [uri "/.env.dusk.local"] [unique_id "ahY5VKFo4l49TVqjP3fF2gAAAAc"], referer: https://www.google.com/search?q=pappakotis.net show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2026-05-26 21:59:34 (1 week ago)	Auto-ban: >3000 req/min op 2026-05-26	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-05-26 18:15:22 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 45.61.100.238 (ip-45-61-100-238.fibre.fibrestre ... show more (mod_security) mod_security (id:210492) triggered by 45.61.100.238 (ip-45-61-100-238.fibre.fibrestream.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 14:15:03.639675 2026] [security2:error] [pid 9837:tid 9837] [client 45.61.100.238:56345] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "onlineteacher.info"] [uri "/.env.development.local"] [unique_id "ahXjJ0A0HUME6z71TrLglAAAABU"], referer: https://www.google.com/search?q=onlineteacher.info show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 17:54:28 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 45.61.100.238 (ip-45-61-100-238.fibre.fibrestre ... show more (mod_security) mod_security (id:210492) triggered by 45.61.100.238 (ip-45-61-100-238.fibre.fibrestream.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 13:54:17.189304 2026] [security2:error] [pid 22036:tid 22036] [client 45.61.100.238:41319] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hogfiddlesandsuch.com"] [uri "/.env.save"] [unique_id "ahXeSbInj3sYUbQemJnXRAAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-27 03:00:26 (4 months ago)	(mod_security) mod_security (id:211190) triggered by 45.61.100.238 (ip-45-61-100-238.fibre.fibrestre ... show more (mod_security) mod_security (id:211190) triggered by 45.61.100.238 (ip-45-61-100-238.fibre.fibrestream.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 26 22:00:15.839218 2026] [security2:error] [pid 16656:tid 16663] [client 45.61.100.238:35409] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|ftp.kettlehill.net\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /filemanager/ajax_calls.php?action=get_file&sub_action=preview&preview_mode=text&title=source&file=../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.kettlehill.net"] [uri "/filemanager/ajax_calls.php"] [unique_id "aXgqPz4D1upuVdMC6K4NygAAAEQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-17 07:39:11 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 45.61.100.238 (ip-45-61-100-238.fibre.fibrestre ... show more (mod_security) mod_security (id:210492) triggered by 45.61.100.238 (ip-45-61-100-238.fibre.fibrestream.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 02:39:04.424818 2026] [security2:error] [pid 3257:tid 3257] [client 45.61.100.238:56637] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/.env.cpcalendars"] [unique_id "aWs8mM99E24O7ISjPxLhRQAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-12 04:43:32 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 45.61.100.238 (ip-45-61-100-238.fibre.fibrestre ... show more (mod_security) mod_security (id:210730) triggered by 45.61.100.238 (ip-45-61-100-238.fibre.fibrestream.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 11 23:43:25.235817 2025] [security2:error] [pid 2942:tid 2942] [client 45.61.100.238:55903] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.nbcnewsradio.com\|F\|2"] [data ".nbcnewsradio.com_db.sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.nbcnewsradio.com"] [uri "/mail.nbcnewsradio.com_db.sql"] [unique_id "aRQQbWSjl4Ox46Nw-vaY0wAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇪 RoboSOC	2025-10-16 12:33:32 (7 months ago)	phpunit Remote Code Execution Vulnerability, PTR: ip-45-61-100-238.fibre.fibrestream.ca.	Hacking
🇺🇸 TPI-Abuse	2025-05-29 19:50:26 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 45.61.100.238 (ip-45-61-100-238.fibre.fibrestre ... show more (mod_security) mod_security (id:210492) triggered by 45.61.100.238 (ip-45-61-100-238.fibre.fibrestream.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 15:50:18.602275 2025] [security2:error] [pid 3358226:tid 3358226] [client 45.61.100.238:34371] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whm.farmers123.com"] [uri "/wp-config.php.html"] [unique_id "aDi6euxKsJBr8GXm3J5rwwAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-04-19 05:19:13 (1 year ago)	(mod_security) mod_security (id:220150) triggered by 45.61.100.238 (ip-45-61-100-238.fibre.fibrestre ... show more (mod_security) mod_security (id:220150) triggered by 45.61.100.238 (ip-45-61-100-238.fibre.fibrestream.ca): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 19 01:19:05.467696 2025] [security2:error] [pid 26434:tid 26461] [client 45.61.100.238:49351] [client 45.61.100.238] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:union(?:\\\\/\\\\.{0,399}\\\\*\\\\/)?select)" at ARGS:id. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5662"] [id "220150"] [rev "5"] [msg "COMODO WAF: SQL injection vulnerability in Ginkgo CMS 5.0 (CVE-2013-5318)\|\|www.blog.spinningdesigns.com\|F\|2"] [data "-1unionselect1,md5(999999999),3,4,5--"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "blog.spinningdesigns.com"] [uri "/admin/manage_user.php"] [unique_id "aAMySUBDF0hFmouiiEBEmQAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-02-28 21:38:14 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 45.61.100.238 (ip-45-61-100-238.fibre.fibrestre ... show more (mod_security) mod_security (id:210492) triggered by 45.61.100.238 (ip-45-61-100-238.fibre.fibrestream.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 28 16:37:22.508250 2025] [security2:error] [pid 14500:tid 14617] [client 45.61.100.238:32915] [client 45.61.100.238] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.kettlehill.net"] [uri "/.env.example"] [unique_id "Z8IskrBju728IJklrll3TgAAAcA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-01-17 15:50:42 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 185.191.171.14

🇮🇩 165.154.151.176

🇩🇪 91.107.186.62

🇨🇳 49.72.212.22

🇦🇷 45.162.20.138

🇬🇧 185.247.137.188

🇨🇳 117.72.100.85

🇳🇱 86.54.31.44

🇸🇬 74.114.28.21

🇨🇳 47.116.41.234

🇳🇱 45.156.87.13

🇳🇱 45.86.200.174

🇧🇷 206.42.8.243

🇲🇦 196.123.209.78

🇰🇷 121.179.93.147

🇨🇳 58.254.16.239

🇫🇷 2001:41d0:33a:a00::407

🇺🇸 185.191.171.13

🇺🇸 2604:a880:400:d1:0:4:8bed:c001

🇬🇧 193.176.29.22