JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 45.61.96.254

45.61.96.254 was found in our database!

This IP was reported 32 times. Confidence of Abuse is 1%: ?

ISP	HostRoyale LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS46516
Hostname(s)	ip-45-61-96-254.fibre.fibrestream.ca
Domain Name	hostroyale.com
Country	🇺🇸 United States of America
City	Leesburg, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 45.61.96.254

Whois 45.61.96.254

IP Abuse Reports for 45.61.96.254:

This IP address has been reported a total of 32 times from 9 distinct sources. 45.61.96.254 was first reported on August 1st 2024, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-05-22 13:47:26 (2 weeks ago)	LH-Watcher: FAKE_ID [Fake Googlebot]	Bad Web Bot
🇺🇸 TPI-Abuse	2026-03-01 20:33:31 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 45.61.96.254 (ip-45-61-96-254.fibre.fibrestream ... show more (mod_security) mod_security (id:210492) triggered by 45.61.96.254 (ip-45-61-96-254.fibre.fibrestream.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 01 15:33:27.208373 2026] [security2:error] [pid 26067:tid 26092] [client 45.61.96.254:51945] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.kettlehill.com"] [uri "/wp-config.php.save"] [unique_id "aaSil05L5LRphzCVS7L2_gAAARU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-02-21 18:00:10 (3 months ago)	\| Suspicious URL access.	Web App Attack Hacking SQL Injection
🇺🇸 ersei.net	2026-02-18 07:57:01 (3 months ago)	Web app exploiting	Web App Attack
🇺🇸 TPI-Abuse	2026-01-16 16:32:57 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 45.61.96.254 (ip-45-61-96-254.fibre.fibrestream ... show more (mod_security) mod_security (id:210492) triggered by 45.61.96.254 (ip-45-61-96-254.fibre.fibrestream.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 11:32:50.546046 2026] [security2:error] [pid 8127:tid 8127] [client 45.61.96.254:40139] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.nbcnewsradio.com"] [uri "/.env.production"] [unique_id "aWpoMkP4qErjUjg2OzQk3QAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 22:27:38 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 45.61.96.254 (ip-45-61-96-254.fibre.fibrestream ... show more (mod_security) mod_security (id:210492) triggered by 45.61.96.254 (ip-45-61-96-254.fibre.fibrestream.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 17:27:33.420746 2025] [security2:error] [pid 4458:tid 4458] [client 45.61.96.254:52921] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.farmers123.com"] [uri "/.env.farmers123"] [unique_id "aS9n1fcTeuTiAsdLumTc6wAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-01 14:43:09 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 45.61.96.254 (ip-45-61-96-254.fibre.fibrestream ... show more (mod_security) mod_security (id:210730) triggered by 45.61.96.254 (ip-45-61-96-254.fibre.fibrestream.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 01 10:43:06.253946 2025] [security2:error] [pid 31390:tid 31417] [client 45.61.96.254:48689] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.kettlehill.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.kettlehill.com"] [uri "/db_backup.sql"] [unique_id "aQYcegTyOOjtViEU79eiowAAAJg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-28 21:44:12 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 45.61.96.254 (ip-45-61-96-254.fibre.fibrestream ... show more (mod_security) mod_security (id:210492) triggered by 45.61.96.254 (ip-45-61-96-254.fibre.fibrestream.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 17:44:04.406711 2025] [security2:error] [pid 27925:tid 27925] [client 45.61.96.254:39155] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autoconfig.nbcnewsradio.com"] [uri "/sample.htaccess"] [unique_id "aQE5JNzZEpPX7L8y20llJQAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 mgarofano80	2025-10-22 14:59:46 (7 months ago)		Brute-Force Web App Attack
🇯🇵 KuhA	2025-09-22 01:46:00 (8 months ago)	"GET /%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e/etc/passwd HTTP/1.1"	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-09-01 03:21:41 (9 months ago)	(mod_security) mod_security (id:210730) triggered by 45.61.96.254 (ip-45-61-96-254.fibre.fibrestream ... show more (mod_security) mod_security (id:210730) triggered by 45.61.96.254 (ip-45-61-96-254.fibre.fibrestream.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 31 23:21:35.954578 2025] [security2:error] [pid 4167008:tid 4167061] [client 45.61.96.254:46893] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kettlehill.kettlehill.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.kettlehill.com"] [uri "/login.php.bak"] [unique_id "aLURPw6DfZQKU24eXUxAaAAAAFQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-06-01 15:04:02 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 45.61.96.254 (ip-45-61-96-254.fibre.fibrestream ... show more (mod_security) mod_security (id:210730) triggered by 45.61.96.254 (ip-45-61-96-254.fibre.fibrestream.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 11:03:52.311359 2025] [security2:error] [pid 2942075:tid 2942075] [client 45.61.96.254:37087] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.nbcnewsradio.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.nbcnewsradio.com"] [uri "/....\\\\....\\\\....\\\\....\\\\....\\\\....\\\\....\\\\....\\\\....\\\\windows\\\\win.ini"] [unique_id "aDxr2GMebp0O1PZgtIqrCgAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-06-01 09:53:47 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 45.61.96.254 (ip-45-61-96-254.fibre.fibrestream ... show more (mod_security) mod_security (id:210492) triggered by 45.61.96.254 (ip-45-61-96-254.fibre.fibrestream.ca): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 05:53:44.661199 2025] [security2:error] [pid 2863391:tid 2863455] [client 45.61.96.254:44513] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htpasswd" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.com"] [uri "/.htpasswd"] [unique_id "aDwjKPklYGjXUmMZ-VoiEwAAAQU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2024-11-21 05:08:33 (1 year ago)	alibaba cloud ddos like web scan	Bad Web Bot
🇦🇺 MAGIC	2024-11-17 14:04:50 (1 year ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot

Showing 1 to 15 of 32 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 205.210.31.86

🇨🇳 180.184.84.77

🇹🇬 156.38.73.89

🇷🇴 92.118.39.223

🇷🇺 88.205.172.170

🇺🇸 74.179.68.15

🇺🇸 73.30.91.185

🇺🇸 64.72.74.162

🇲🇦 45.216.141.103

🇧🇷 45.205.1.247

🇳🇱 45.148.145.60

🇳🇱 45.148.10.152

🇮🇳 20.204.24.244

🇨🇳 183.61.109.222

🇺🇸 172.236.111.128

🇩🇪 162.19.243.145

🇨🇳 121.29.149.160

🇨🇳 117.69.235.5

🇳🇱 88.151.32.9

🇳🇱 81.19.216.101