JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 198.23.239.155

198.23.239.155 was found in our database!

This IP was reported 13 times. Confidence of Abuse is 2%: ?

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	198-23-239-155-host.colocrossing.com
Domain Name	colocrossing.com
Country	🇺🇸 United States of America
City	Buffalo, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 198.23.239.155

Whois 198.23.239.155

IP Abuse Reports for 198.23.239.155:

This IP address has been reported a total of 13 times from 5 distinct sources. 198.23.239.155 was first reported on September 20th 2024, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-01 02:18:12 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 198.23.239.155 (198-23-239-155-host.colocrossin ... show more (mod_security) mod_security (id:210492) triggered by 198.23.239.155 (198-23-239-155-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 22:17:56.645087 2026] [security2:error] [pid 7732:tid 7754] [client 198.23.239.155:56791] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.kettlehill.kettlehill.com"] [uri "/.svn/wc.db"] [unique_id "ahzr1CKq_i-FrRbJEDIAfAAAAUg"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇬 Stoyko Stoykov	2026-03-18 02:46:32 (3 months ago)	198.23.239.155 - - [18/Mar/2026:04:46:32 +0200] "GET /_profiler/phpinfo.php HTTP/1.1" 404 0 "http:// ... show more 198.23.239.155 - - [18/Mar/2026:04:46:32 +0200] "GET /_profiler/phpinfo.php HTTP/1.1" 404 0 "http://213.91.237.205/_profiler/phpinfo.php" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-02-01 12:46:37 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 198.23.239.155 (198-23-239-155-host.colocrossin ... show more (mod_security) mod_security (id:210492) triggered by 198.23.239.155 (198-23-239-155-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 01 07:46:29.691608 2026] [security2:error] [pid 12299:tid 12334] [client 198.23.239.155:58787] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.com"] [uri "/.env.live"] [unique_id "aX9LJc_CAppeKcdveJ3kJAAAAJA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 22:11:21 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 198.23.239.155 (198-23-239-155-host.colocrossin ... show more (mod_security) mod_security (id:210492) triggered by 198.23.239.155 (198-23-239-155-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 17:11:17.993131 2025] [security2:error] [pid 17694:tid 17694] [client 198.23.239.155:58743] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.farmers123.com"] [uri "/.env"] [unique_id "aS9kBblQm-_Gv6VLYKTaUgAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-01 05:53:03 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 198.23.239.155 (198-23-239-155-host.colocrossin ... show more (mod_security) mod_security (id:210730) triggered by 198.23.239.155 (198-23-239-155-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 00:52:54.664619 2025] [security2:error] [pid 5083:tid 5086] [client 198.23.239.155:60281] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.kettlehill.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.kettlehill.com"] [uri "/admin/logs/error.log"] [unique_id "aS0tNrlODMhtlQGnj5c4vgAAAEA"], referer: http://mail.kettlehill.com/admin/logs/error.log show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-12 16:31:39 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 198.23.239.155 (198-23-239-155-host.colocrossin ... show more (mod_security) mod_security (id:210730) triggered by 198.23.239.155 (198-23-239-155-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 12 11:31:35.502457 2025] [security2:error] [pid 7050:tid 7050] [client 198.23.239.155:56267] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.nbcnewsradio.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.nbcnewsradio.com"] [uri "/..../..../..../..../..../..../..../..../..../windows/win.ini"] [unique_id "aRS2Z7Nxq6WhnCpz_uJ_9AAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-01 15:24:23 (8 months ago)	(mod_security) mod_security (id:210492) triggered by 198.23.239.155 (198-23-239-155-host.colocrossin ... show more (mod_security) mod_security (id:210492) triggered by 198.23.239.155 (198-23-239-155-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 11:24:18.650227 2025] [security2:error] [pid 31612:tid 31732] [client 198.23.239.155:58051] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whm.kettlehill.com"] [uri "/.env.old"] [unique_id "aN1HovVYIT9TWn2lWzKDQQAAAQU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-01 06:48:26 (10 months ago)	(mod_security) mod_security (id:210730) triggered by 198.23.239.155 (198-23-239-155-host.colocrossin ... show more (mod_security) mod_security (id:210730) triggered by 198.23.239.155 (198-23-239-155-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 02:47:05.132213 2025] [security2:error] [pid 3332372:tid 3332393] [client 198.23.239.155:41451] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|autodiscover.kettlehill.net\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "autodiscover.kettlehill.net"] [uri "/logs/error.log"] [unique_id "aIxi6R33aKcnOojmIbhYgAAAApM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-06-02 00:28:14 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 198.23.239.155 (198-23-239-155-host.colocrossin ... show more (mod_security) mod_security (id:210730) triggered by 198.23.239.155 (198-23-239-155-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 20:28:07.570285 2025] [security2:error] [pid 3448590:tid 3448590] [client 198.23.239.155:53301] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.nbcnewsradio.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.nbcnewsradio.com"] [uri "/\\\\windows/win.ini"] [unique_id "aDzwFzfPCiNZJp2-CQn8_AAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-06-01 07:16:20 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 198.23.239.155 (198-23-239-155-host.colocrossin ... show more (mod_security) mod_security (id:210730) triggered by 198.23.239.155 (198-23-239-155-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 03:16:12.651646 2025] [security2:error] [pid 2476985:tid 2477037] [client 198.23.239.155:37527] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.kettlehill.net\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.kettlehill.net"] [uri "/logs/errors.log"] [unique_id "aDv-PIWY4ssUEn37NuVPlgAAAYE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-05-27 02:40:04 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack
Anonymous	2025-02-05 02:12:15 (1 year ago)	Malicious activity detected	Hacking Brute-Force
🇩🇪 ps-center	2024-09-20 16:07:44 (1 year ago)	DIS: Web Attack GET /wp-login.php?action=register	Web Spam Hacking Bad Web Bot Web App Attack

Showing 1 to 13 of 13 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 119.200.229.33

🇨🇳 115.59.83.229

🇺🇸 109.105.210.62

🇺🇸 72.214.49.194

🇺🇸 66.215.233.214

🇱🇹 45.227.254.170

🇪🇨 45.4.203.45

🇶🇦 176.203.34.201

🇰🇷 175.205.37.98

🇨🇳 171.213.166.206

🇸🇬 152.32.218.149

🇺🇸 147.185.132.35

🇨🇳 122.194.9.162

🇨🇳 111.113.89.191

🇨🇳 111.113.89.69

🇺🇸 107.173.155.35

🇮🇹 101.57.239.32

🇷🇺 95.108.213.137

🇫🇷 91.196.152.24

🇳🇱 91.92.40.66