JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 192.3.48.28

192.3.48.28 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 0%: ?

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	192-3-48-28-host.colocrossing.com
Domain Name	colocrossing.com
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 192.3.48.28

Whois 192.3.48.28

IP Abuse Reports for 192.3.48.28:

This IP address has been reported a total of 17 times from 9 distinct sources. 192.3.48.28 was first reported on January 1st 2023, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-01-17 07:03:09 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 192.3.48.28 (192-3-48-28-host.colocrossing.com) ... show more (mod_security) mod_security (id:210492) triggered by 192.3.48.28 (192-3-48-28-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 02:03:03.144242 2026] [security2:error] [pid 26368:tid 26368] [client 192.3.48.28:38625] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/images../.git/config"] [unique_id "aWs0J27LJyxI1OyUiMLKkgAAACU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 21:14:02 (5 months ago)	(mod_security) mod_security (id:211190) triggered by 192.3.48.28 (192-3-48-28-host.colocrossing.com) ... show more (mod_security) mod_security (id:211190) triggered by 192.3.48.28 (192-3-48-28-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 16:13:55.552017 2025] [security2:error] [pid 9999:tid 10015] [client 192.3.48.28:60961] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|www.kettlehill.net\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /index.php?rest_route=%2Fessential-blocks%2Fv1%2Fproducts&is_frontend=true&attributes={\\x22__file\\x22:\\x22/etc%2fpasswd\\x22}"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kettlehill.net"] [uri "/index.php"] [unique_id "aVLvE4un-3ctHNDZklO-gQAAAIg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 [email protected]	2025-12-29 03:55:31 (5 months ago)	Attack attempt against Interwebbi servers; Port Scan detected from 192.3.48.28 (US/United States/1 ... show more Attack attempt against Interwebbi servers; Port Scan detected from 192.3.48.28 (US/United States/192-3-48-28-host.colocrossing.com). 5 hits in the last 320 seconds; IP: 192.3.48.28; Ports: *; Direction: 0; Trigger: PS_LIMIT; show less	Brute-Force
🇺🇸 TPI-Abuse	2025-11-01 07:58:48 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 192.3.48.28 (192-3-48-28-host.colocrossing.com) ... show more (mod_security) mod_security (id:225170) triggered by 192.3.48.28 (192-3-48-28-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 01 03:58:43.997056 2025] [security2:error] [pid 15500:tid 15599] [client 192.3.48.28:57691] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|staging.kettlehill.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "staging.kettlehill.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aQW9s8Huy00I7sCwul4H-AAAAI8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-28 20:25:07 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 192.3.48.28 (192-3-48-28-host.colocrossing.com) ... show more (mod_security) mod_security (id:210492) triggered by 192.3.48.28 (192-3-48-28-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 16:24:57.462547 2025] [security2:error] [pid 4102:tid 4102] [client 192.3.48.28:36061] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.nbcnewsradio.com"] [uri "/sample.htaccess"] [unique_id "aQEmma0lY_AtYFMMCMNhXgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-27 00:29:19 (10 months ago)	(mod_security) mod_security (id:221260) triggered by 192.3.48.28 (192-3-48-28-host.colocrossing.com) ... show more (mod_security) mod_security (id:221260) triggered by 192.3.48.28 (192-3-48-28-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 20:29:13.284177 2025] [security2:error] [pid 291259:tid 291319] [client 192.3.48.28:59775] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|autoconfig.kettlehill.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autoconfig.kettlehill.com"] [uri "/cgi-bin/status"] [unique_id "aIVy2WQX5AgegSXcd9rdMQAAAQ4"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇭🇺 bcsaba	2025-06-10 22:33:19 (1 year ago)	Joomla spam 192.3.48.28 - - [11/Jun/2025:00:33:17 +0200] "GET /index.php?option=com_easyblog&view=da ... show more Joomla spam 192.3.48.28 - - [11/Jun/2025:00:33:17 +0200] "GET /index.php?option=com_easyblog&view=dashboard&layout=write HTTP/1.1" 404 789 "https://REDACTED" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" show less	Web App Attack
🇦🇺 MAGIC	2025-06-04 06:08:06 (1 year ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇬🇧 Steve	2025-06-01 14:17:27 (1 year ago)	Excessive crawling - not obeying robots.txt	Bad Web Bot
🇺🇸 TPI-Abuse	2025-05-29 17:17:03 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 192.3.48.28 (192-3-48-28-host.colocrossing.com) ... show more (mod_security) mod_security (id:211190) triggered by 192.3.48.28 (192-3-48-28-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 13:16:55.592925 2025] [security2:error] [pid 3054169:tid 3054169] [client 192.3.48.28:55903] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|ftp.farmers123.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /index.php?option=com_jinventory&controller=../../../../../../../../../../etc/passwd%00"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.farmers123.com"] [uri "/index.php"] [unique_id "aDiWh7EQRNl-Hh1tpZTmKAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-02-27 15:01:59 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 192.3.48.28 (192-3-48-28-host.colocrossing.com) ... show more (mod_security) mod_security (id:210730) triggered by 192.3.48.28 (192-3-48-28-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 27 10:01:18.836702 2025] [security2:error] [pid 27062:tid 27199] [client 192.3.48.28:40239] [client 192.3.48.28] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.kettlehill.kettlehill.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.kettlehill.com"] [uri "/log.log"] [unique_id "Z8B-PggBT3qhfe6UoI1IGAAAAFc"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 10dencehispahard SL	2024-05-20 17:00:46 (2 years ago)	Unauthorized login attempts [ accesslogs]	Brute-Force
🇩🇪 FeG Deutschland	2024-05-20 16:23:10 (2 years ago)	Looking for CMS/PHP/SQL vulnerablilities - 13	Exploited Host Web App Attack
🇺🇸 ChamberofCommerce.com	2023-11-06 00:54:04 (2 years ago)	Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested ... show more Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested Before Block:226 show less	Bad Web Bot
🇺🇸 ChamberofCommerce.com	2023-11-02 05:42:40 (2 years ago)	Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested ... show more Unauthorized Scraping Attempt - More then 225 Pages Requested in a 24 hour period - Total Requested Before Block:226 show less	Bad Web Bot

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 193.32.209.234

🇦🇱 185.226.89.235

🇮🇳 172.232.108.36

🇧🇷 164.163.36.125

🇧🇷 131.100.242.102

🇮🇳 122.161.48.215

🇺🇸 107.173.197.98

🇮🇳 103.216.179.4

🇮🇳 103.156.138.90

🇮🇩 103.151.140.97

🇦🇴 102.213.34.99

🇸🇬 101.32.240.213

🇳🇱 91.92.40.13

🇳🇱 81.19.216.114

🇬🇧 80.7.198.34

🇩🇪 69.5.169.33

🇺🇸 66.132.195.82

🇨🇳 218.90.83.137

🇩🇪 188.109.110.82

🇺🇾 186.54.105.99