JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 45.150.174.97

45.150.174.97 was found in our database!

This IP was reported 441 times. Confidence of Abuse is 33%: ?

33%

ISP	Clouvider Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS62240
Domain Name	clouvider.com
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 45.150.174.97

Whois 45.150.174.97

IP Abuse Reports for 45.150.174.97:

This IP address has been reported a total of 441 times from 167 distinct sources. 45.150.174.97 was first reported on February 5th 2025, and the most recent report was 14 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇭 TOCE	2026-06-19 23:51:29 (14 hours ago)	17 hits seen on 2026-06-19, ports 5901 (VNC) on a honeypot from www.toce.ch	Brute-Force
🇨🇭 TOCE	2026-06-18 20:50:51 (1 day ago)	12 hits seen on 2026-06-18, ports 5901 (VNC) on a honeypot from www.toce.ch	Brute-Force
🇺🇸 sargetun	2026-06-17 15:15:33 (2 days ago)	Honeypot: Auto-ban: 24 hour idle after honeypot interaction. Auto-reported from VPS honeypot.	Brute-Force SSH Hacking
🇺🇸 sargetun	2026-06-16 01:40:45 (4 days ago)	Honeypot: VNC probe on port 5900 at 2026-06-16 01:38:36.087504. Automated report from VPS honeypot.	Port Scan
🇨🇭 TOCE	2026-06-15 21:11:37 (4 days ago)	13 hits seen on 2026-06-15, ports 5901 (VNC) on a honeypot from www.toce.ch	Brute-Force
🇺🇸 sargetun	2026-06-15 03:10:48 (5 days ago)	Honeypot: VNC probe on port 5900 at 2026-06-15 03:07:09.820296. Automated report from VPS honeypot.	Port Scan
🇺🇸 sargetun	2026-06-14 13:41:03 (6 days ago)	Honeypot: VNC probe on port 5900 at 2026-06-14 13:37:40.803987. Automated report from VPS honeypot.	Port Scan
🇳🇱 i-turnradio.nl	2026-05-16 21:28:13 (1 month ago)	2026-05-16 23:28:13 (CET) ~ Blocked by abusescan risk assessment	Web App Attack
🇯🇵 demonsword	2026-05-16 13:39:17 (1 month ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: www.expressapisv2.net:443 show less	Open Proxy Port Scan
🇺🇸 TPI-Abuse	2026-05-14 04:35:14 (1 month ago)	(mod_security) mod_security (id:240000) triggered by 45.150.174.97 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240000) triggered by 45.150.174.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 14 00:35:11.048573 2026] [security2:error] [pid 16246:tid 16246] [client 45.150.174.97:33512] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder\|\|disabilitydespair.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "disabilitydespair.com"] [uri "/images/stories/themes.php"] [unique_id "agVQ_5DAfgB8FCBAAFnuuwAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 nowyouknow	2026-05-13 01:49:09 (1 month ago)	(From [email protected]) Hello QuickBook User, I'm reaching out because our records show yo ... show more (From [email protected]) Hello QuickBook User, I'm reaching out because our records show your QuickBooks hasn't been upgraded yet, and I wanted to check in personally rather than send another generic reminder. Most customers who delay an upgrade aren't avoiding it on purpose — it's usually one of three things: 1. Worry about losing data or breaking existing reports 2. Not wanting to deal with downtime during a busy period 3. Uncertainty about whether the new features are actually worth it If any of those is the reason, I'd genuinely like to help. The fastest way is just to give us a quick call — most questions take less than 10 minutes to sort out. ────────────────────────────── Talk to a real person Call: [+1-855-734-5001] Hours: Mon–Fri, [9 AM – 6 PM] show less	Phishing Web Spam
🇪🇸 Michael McCarthy	2026-05-12 20:30:44 (1 month ago)		Web Spam
🇺🇸 TPI-Abuse	2026-05-11 18:19:20 (1 month ago)	(mod_security) mod_security (id:240335) triggered by 45.150.174.97 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 45.150.174.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 11 14:19:14.561813 2026] [security2:error] [pid 26490:tid 26523] [client 45.150.174.97:36166] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 45.150.174.97 (+1 hits since last alert)\|whitecrosslibrary.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "whitecrosslibrary.com"] [uri "/xmlrpc.php"] [unique_id "agIdor4QXX78jm9tUNx99QAAAFg"] show less	Brute-Force Bad Web Bot Web App Attack
🇲🇾 Rizzy	2026-05-11 18:17:50 (1 month ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇩🇪 barbarella	2026-05-06 15:04:01 (1 month ago)	Multiple (25) times attack on http port 80: unauthorized access to Wordpress files (GET /wp-content/ ... show more Multiple (25) times attack on http port 80: unauthorized access to Wordpress files (GET /wp-content/mu-plugins/) 15:04:01 Hacking attempt of Wordpress (GET /wp-includes/Text/Diff/Renderer/) 15:04:01 Hacking attempt of Wordpress (GET /wp-includes/certificates/) 15:04:01 Hacking attempt of Wordpress (GET /wp-includes/customize/) 15:04:01 Hacking attempt of Wordpress (GET /wp-includes/fonts/) 15:04:01 Hacking attempt of Wordpress (GET /wp-includes/images/) 15:04:31 unauthorized access to cgi-bin scripts (GET /cgi-bin/) 15:04:01 searcch for infected sites (GET /ALFA_DATA/) 15:04:41 Hacking attempt (GET /id/) show less	Hacking Web App Attack

Showing 1 to 15 of 441 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 223.83.114.88

🇮🇩 210.79.191.76

🇧🇩 202.84.34.85

🇰🇷 58.229.253.119

🇺🇸 34.162.236.157

🇺🇸 34.162.203.239

🇹🇼 211.22.222.251

🇺🇸 207.90.244.13

🇺🇸 184.154.76.34

🇺🇸 165.154.163.207

🇮🇷 130.185.72.228

🇩🇪 130.12.182.140

🇹🇷 87.232.127.53

🇵🇹 85.240.193.104

🇧🇬 79.124.59.78

🇺🇸 47.251.96.9

🇺🇸 35.223.170.51

🇺🇸 34.182.84.11

🇺🇸 34.168.26.251

🇳🇱 34.158.180.103