JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 23.129.252.22

23.129.252.22 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 0%: ?

ISP	Webhosting Holdings LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS965
Domain Name	webhostingholdings.com
Country	🇧🇷 Brazil
City	Sao Paulo, Sao Paulo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 23.129.252.22

Whois 23.129.252.22

IP Abuse Reports for 23.129.252.22:

This IP address has been reported a total of 10 times from 5 distinct sources. 23.129.252.22 was first reported on May 31st 2025, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 HandyTreff.de	2026-01-31 20:06:12 (4 months ago)	Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -20.954 (Bad < -10 / Very Bad < -20 ... show more Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -20.954 (Bad < -10 / Very Bad < -20 / Extreme < -35) \| UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Sa show less	Bad Web Bot Web App Attack
🇬🇧 bcon	2025-12-11 09:43:00 (6 months ago)	slow probe; backdoor probe; LFI	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-12-01 07:14:59 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 23.129.252.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 23.129.252.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 02:14:54.360760 2025] [security2:error] [pid 30768:tid 30795] [client 23.129.252.22:36301] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.kettlehill.com"] [uri "/.env"] [unique_id "aS1Abv5kVQ-rlVW6wYR9UQAAAVc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-28 23:18:06 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 23.129.252.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 23.129.252.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 19:18:02.997781 2025] [security2:error] [pid 1470:tid 1470] [client 23.129.252.22:37465] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.nbcnewsradio.com"] [uri "/.env.live"] [unique_id "aQFPKjOghhFXs-qBn489XgAAACI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-01 14:40:56 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 23.129.252.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 23.129.252.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 10:40:53.108733 2025] [security2:error] [pid 21347:tid 21365] [client 23.129.252.22:48731] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.kettlehill.kettlehill.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.kettlehill.com"] [uri "/\\\\windows/win.ini"] [unique_id "aN09dTQa5dHzoOSVGKqAVQAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-22 19:38:21 (8 months ago)	(mod_security) mod_security (id:210492) triggered by 23.129.252.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 23.129.252.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 22 15:38:06.743815 2025] [security2:error] [pid 5228:tid 5228] [client 23.129.252.22:37759] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "deandobkin.com"] [uri "/.env.stage"] [unique_id "aNGlnnY8yVjI5wSAscRgCQAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇯🇵 KuhA	2025-09-22 01:46:00 (8 months ago)	"GET /../../../../../../../../etc/passwd HTTP/1.1"	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-08-01 08:09:34 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 23.129.252.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 23.129.252.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 04:09:31.717028 2025] [security2:error] [pid 3705323:tid 3705341] [client 23.129.252.22:52045] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.kettlehill.com"] [uri "/wp-config.php.bak"] [unique_id "aIx2O1SqWoxQtnj67bcoCAAAAEI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-06-01 06:33:11 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 23.129.252.22 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 23.129.252.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 02:33:05.144418 2025] [security2:error] [pid 2256137:tid 2256244] [client 23.129.252.22:35005] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kettlehill.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.com"] [uri "/localhost.sql"] [unique_id "aDv0IWQ8Dui5hvebpq-KtgAAAM0"], referer: https://www.kettlehill.com/localhost.sql show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-05-31 03:30:05 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 200.232.114.71

🇻🇳 180.93.172.213

🇿🇦 173.194.171.222

🇮🇳 162.216.142.81

🇩🇪 156.236.31.85

🇺🇸 152.32.233.96

🇺🇸 146.103.44.19

🇺🇸 135.119.106.236

🇮🇳 103.54.101.248

🇰🇷 1.212.225.99

🇻🇳 203.205.37.233

🇦🇷 190.104.32.86

🇳🇱 176.65.148.215

🇺🇸 154.219.125.240

🇺🇦 159.224.132.77

🇨🇳 101.89.141.184

🇬🇧 84.32.41.141

🇷🇴 80.94.92.171

🇨🇳 223.74.232.36

🇩🇪 213.209.159.225