JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 23.230.223.225

23.230.223.225 was found in our database!

This IP was reported 20 times. Confidence of Abuse is 0%: ?

ISP	EGIHosting
Usage Type	Data Center/Web Hosting/Transit
ASN	AS203380
Domain Name	egihosting.com
Country	🇧🇬 Bulgaria
City	Sofia, Sofia-Capital

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 23.230.223.225

Whois 23.230.223.225

IP Abuse Reports for 23.230.223.225:

This IP address has been reported a total of 20 times from 12 distinct sources. 23.230.223.225 was first reported on September 24th 2024, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 GreekCity	2026-05-16 17:12:29 (1 month ago)	bad-bot hacking for vulnerable links.	Hacking Exploited Host
🇺🇸 TPI-Abuse	2026-04-16 01:53:41 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 23.230.223.225 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 23.230.223.225 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 15 21:53:34.924669 2026] [security2:error] [pid 2268659:tid 2268659] [client 23.230.223.225:64363] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|vitalitywebb.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "vitalitywebb.com"] [uri "/backstore/Barcalounger/Images/Eclipse II/Thumbs.db"] [unique_id "aeBBHswoFNwt4U3Lh4t6PAAAABM"], referer: https://vitalitywebb.com/backstore/Barcalounger/Images/Eclipse%20II/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-28 10:40:00 (3 months ago)	(mod_security) mod_security (id:225170) triggered by 23.230.223.225 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 23.230.223.225 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 28 05:39:53.620833 2026] [security2:error] [pid 13559:tid 13559] [client 23.230.223.225:25509] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|wea-inc.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "wea-inc.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aaLF-ZLn-QvIIDQwFGOmAAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-27 16:35:16 (3 months ago)	(mod_security) mod_security (id:225170) triggered by 23.230.223.225 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 23.230.223.225 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 27 11:35:11.939414 2026] [security2:error] [pid 19570:tid 19596] [client 23.230.223.225:62429] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|pref-realestate.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "pref-realestate.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aaHHv3mgcz4IRBP8iAFobgAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-27 09:31:03 (3 months ago)	(mod_security) mod_security (id:225170) triggered by 23.230.223.225 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 23.230.223.225 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 27 04:30:56.054314 2026] [security2:error] [pid 15222:tid 15222] [client 23.230.223.225:9119] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|oakvillenaturopathicclinic.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "oakvillenaturopathicclinic.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aaFkUOWI42v2NuBBDhEHowAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 fbarela	2026-02-13 07:00:13 (4 months ago)	FortiGate SSL VPN login failures.	Hacking Brute-Force
🇺🇸 nodepile	2026-02-09 08:11:38 (4 months ago)	Requests denied due to proxy/VPN risk (tenant=82 method=GET path=/offroad-led-driving-lights-aries-x ... show more Requests denied due to proxy/VPN risk (tenant=82 method=GET path=/offroad-led-driving-lights-aries-xroad-led-light-bar-c-450_1150_1238.html ua='Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.1689.118 Safari/537.36') show less	Open Proxy VPN IP
🇱🇻 garmtech.com	2026-01-25 09:52:11 (5 months ago)	IM360 WAF: Attempt to upload malware	Hacking
🇺🇸 nodepile	2025-12-16 14:21:50 (6 months ago)	Requests denied due to proxy/VPN risk (tenant=82 method=GET path=/7-75w-led-headlight-for-jeep-6412. ... show more Requests denied due to proxy/VPN risk (tenant=82 method=GET path=/7-75w-led-headlight-for-jeep-6412.html ua='Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.431.65 Safari/537.36') show less	Open Proxy VPN IP
🇩🇪 Packets-Decreaser.NET	2025-12-10 14:37:49 (6 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇨🇭 backslash	2025-12-01 02:30:30 (6 months ago)	block ruleset 798ECF92F12ADC636D3520C2890AF17ADEFDE3BE	Bad Web Bot
🇨🇭 backslash	2025-10-17 05:00:39 (8 months ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
🇵🇹 tiagozip	2025-10-02 10:15:01 (8 months ago)	open proxy	Open Proxy
🇲🇽 licjperezl	2025-06-05 18:02:19 (1 year ago)	Ataque de diccionario o DDoS en nuestros servicios en linea	Brute-Force
🇬🇧 oncord	2025-02-04 14:36:12 (1 year ago)	Form spam	Web Spam

Showing 1 to 15 of 20 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇭 209.99.187.24

🇺🇸 162.216.150.113

🇺🇸 44.215.219.236

🇺🇸 13.220.224.38

🇺🇸 2a03:2880:f806:4a::

🇺🇸 2602:80d:1007::2e

🇯🇵 128.53.179.26

🇰🇷 119.199.188.205

🇨🇦 99.229.238.251

🇳🇱 45.148.10.152

🇳🇱 45.148.10.151

🇸🇦 37.125.6.231

🇮🇩 36.69.159.149

🇺🇸 20.127.170.172

🇬🇧 2a06:4883:b000::c2

🇺🇸 184.105.139.69

🇨🇳 180.76.103.111

🇧🇷 170.238.136.42

🇺🇸 147.185.132.15

🇨🇳 118.187.65.135