JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 198.23.239.187

198.23.239.187 was found in our database!

This IP was reported 20 times. Confidence of Abuse is 0%: ?

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	198-23-239-187-host.colocrossing.com
Domain Name	colocrossing.com
Country	🇺🇸 United States of America
City	Buffalo, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 198.23.239.187

Whois 198.23.239.187

IP Abuse Reports for 198.23.239.187:

This IP address has been reported a total of 20 times from 7 distinct sources. 198.23.239.187 was first reported on October 30th 2023, and the most recent report was 5 months ago.

Old Reports: The most recent abuse report for this IP address is from 5 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2025-12-29 19:25:23 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 198.23.239.187 (198-23-239-187-host.colocrossin ... show more (mod_security) mod_security (id:210730) triggered by 198.23.239.187 (198-23-239-187-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 14:25:20.007064 2025] [security2:error] [pid 22839:tid 22957] [client 198.23.239.187:50105] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.kettlehill.net\|F\|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.net"] [uri "/moveitisapi/moveitisapi.dll"] [unique_id "aVLVoKhQT-NrkrxX7z3N3gAAAEA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 SCHAPPY	2025-07-29 22:30:07 (10 months ago)	IP was involved in L7 DDoS attack.	DDoS Attack
🇺🇸 TPI-Abuse	2024-12-27 06:37:13 (1 year ago)	(mod_security) mod_security (id:221260) triggered by 198.23.239.187 (198-23-239-187-host.colocrossin ... show more (mod_security) mod_security (id:221260) triggered by 198.23.239.187 (198-23-239-187-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 27 01:36:11.630701 2024] [security2:error] [pid 23753:tid 23756] [client 198.23.239.187:36301] [client 198.23.239.187] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|cpanel.kettlehill.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.kettlehill.net"] [uri "/"] [unique_id "Z25K2-1hrc_zKlQ4F2XUpAAAAAE"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Alejandro Docasar	2024-11-28 11:58:18 (1 year ago)		Web App Attack
🇺🇸 TPI-Abuse	2024-09-27 00:12:19 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 198.23.239.187 (198-23-239-187-host.colocrossin ... show more (mod_security) mod_security (id:211190) triggered by 198.23.239.187 (198-23-239-187-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 26 20:10:45.920159 2024] [security2:error] [pid 16248:tid 16268] [client 198.23.239.187:50045] [client 198.23.239.187] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|kettlehill.kettlehill.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /blast/nph-viewgif.cgi?../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.kettlehill.com"] [uri "/blast/nph-viewgif.cgi"] [unique_id "ZvX4BaCPOG9JWfFC0TMapAAAAFI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-09-04 03:05:34 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 198.23.239.187 (198-23-239-187-host.colocrossin ... show more (mod_security) mod_security (id:211190) triggered by 198.23.239.187 (198-23-239-187-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 03 23:05:25.368348 2024] [security2:error] [pid 32182:tid 32182] [client 198.23.239.187:55171] [client 198.23.239.187] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|www.stdavids-media.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /webadmin/reporter/view_server_log.php?act=stats&filename=log&offset=1&count=1&sortorder=0&filter=0&log=../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.stdavids-media.com"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZtfOddABagWopZqpwm29SwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ps-center	2024-07-16 00:46:10 (1 year ago)	SS1: Web Attack GET /admin/logs/errors.log	Web Spam Hacking Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-07-05 09:18:24 (1 year ago)	(mod_security) mod_security (id:221260) triggered by 198.23.239.187 (198-23-239-187-host.colocrossin ... show more (mod_security) mod_security (id:221260) triggered by 198.23.239.187 (198-23-239-187-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 05 05:18:12.004482 2024] [security2:error] [pid 32640:tid 47646779741952] [client 198.23.239.187:39113] [client 198.23.239.187] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|cpanel.kettlehill.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.kettlehill.net"] [uri "/cgi-bin/test-cgi"] [unique_id "Zoe6VDfHIHkYjbbUhT6J4wAAAUI"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 10dencehispahard SL	2024-06-27 11:00:14 (1 year ago)	Unauthorized login attempts [ accesslogs]	Brute-Force
🇪🇸 10dencehispahard SL	2024-05-08 07:00:43 (2 years ago)	Unauthorized login attempts []	Brute-Force
🇪🇸 10dencehispahard SL	2024-05-08 06:40:43 (2 years ago)	Web Attack	DDoS Attack Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2024-04-10 02:52:51 (2 years ago)	(mod_security) mod_security (id:210492) triggered by 198.23.239.187 (198-23-239-187-host.colocrossin ... show more (mod_security) mod_security (id:210492) triggered by 198.23.239.187 (198-23-239-187-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 09 22:52:03.685322 2024] [security2:error] [pid 31283:tid 47092015781632] [client 198.23.239.187:55131] [client 198.23.239.187] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.kettlehill.com"] [uri "/wp-config.php.original"] [unique_id "ZhX-066aFZrCsO2K3ClfXgAAAEo"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 10dencehispahard SL	2024-03-27 07:00:25 (2 years ago)	Unauthorized login attempts [ BI-16635]	Brute-Force
🇪🇸 10dencehispahard SL	2024-03-27 06:50:21 (2 years ago)	WP scan	Web App Attack
Anonymous	2024-02-07 16:45:02 (2 years ago)	\| Common web attack.	Hacking SQL Injection Web App Attack

Showing 1 to 15 of 20 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇵🇭 180.191.124.238

🇳🇴 79.135.26.98

🇰🇷 218.149.228.138

🇨🇳 218.94.25.243

🇭🇰 199.45.155.103

🇩🇪 185.30.32.9

🇳🇱 176.65.139.251

🇳🇱 176.65.139.87

🇹🇭 171.7.216.172

🇸🇬 167.71.213.48

🇻🇳 103.241.43.193

🇧🇩 103.183.62.0

🇪🇸 81.42.221.26

🇹🇷 78.187.9.111

🇨🇳 61.191.145.123

🇨🇳 61.156.31.141

🇷🇺 46.44.40.82

🇳🇱 45.148.10.151

🇳🇱 34.34.11.61

🇩🇪 193.124.20.235