JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 23.27.196.38

23.27.196.38 was found in our database!

This IP was reported 11 times. Confidence of Abuse is 21%: ?

21%

ISP	Ace Data Centers II, L.L.C.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS40676
Hostname(s)	23-27-196-38.ips.acedatacenter.com
Domain Name	acedatacenter.com
Country	🇺🇸 United States of America
City	Centreville, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 23.27.196.38

Whois 23.27.196.38

IP Abuse Reports for 23.27.196.38:

This IP address has been reported a total of 11 times from 4 distinct sources. 23.27.196.38 was first reported on February 27th 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 mnsf	2026-05-29 10:05:58 (1 week ago)	Abuse Detected (3)	Brute-Force Web App Attack
🇳🇱 homeshowdomain.nl	2026-05-28 22:03:52 (1 week ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-27. show less	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-05-28 02:00:49 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 23.27.196.38 (23-27-196-38.ips.acedatacenter.co ... show more (mod_security) mod_security (id:210492) triggered by 23.27.196.38 (23-27-196-38.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 22:00:46.448000 2026] [security2:error] [pid 17853:tid 17853] [client 23.27.196.38:50105] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "title34.com"] [uri "/wp-config.php.save"] [unique_id "ahehzooPsxuh-_5FOqBYjwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2026-05-27 21:59:25 (1 week ago)	Auto-ban: >3000 req/min op 2026-05-27	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-05-27 17:43:21 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 23.27.196.38 (23-27-196-38.ips.acedatacenter.co ... show more (mod_security) mod_security (id:210730) triggered by 23.27.196.38 (23-27-196-38.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 13:43:16.511393 2026] [security2:error] [pid 19768:tid 19768] [client 23.27.196.38:45059] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|gisur.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "gisur.com"] [uri "/backup.sql"] [unique_id "ahctNH4mM4_eJdrBXH5euAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 03:07:13 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 23.27.196.38 (23-27-196-38.ips.acedatacenter.co ... show more (mod_security) mod_security (id:210492) triggered by 23.27.196.38 (23-27-196-38.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 23:07:00.579151 2026] [security2:error] [pid 31807:tid 31807] [client 23.27.196.38:53637] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/config/parameters.yml" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bioemperor.com"] [uri "/app/config/parameters.yml"] [unique_id "ahZf1ODAKeaGfImWwDPGKQAAAAw"], referer: https://www.google.com/search?q=bioemperor.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 16:49:10 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 23.27.196.38 (23-27-196-38.ips.acedatacenter.co ... show more (mod_security) mod_security (id:210492) triggered by 23.27.196.38 (23-27-196-38.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 12:49:01.189904 2026] [security2:error] [pid 31348:tid 31372] [client 23.27.196.38:50221] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.mjam.newtrendmag.org"] [uri "/wp-config.php.swp"] [unique_id "ahXO_TfJyb1E1B3y0mZUbAAAARY"], referer: https://www.google.com/search?q=www.mjam.newtrendmag.org show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-26 23:08:15 (10 months ago)	(mod_security) mod_security (id:221260) triggered by 23.27.196.38 (23-27-196-38.ips.acedatacenter.co ... show more (mod_security) mod_security (id:221260) triggered by 23.27.196.38 (23-27-196-38.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 19:07:59.413441 2025] [security2:error] [pid 19500:tid 19527] [client 23.27.196.38:56203] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|webdisk.staging.kettlehill.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.staging.kettlehill.com"] [uri "/"] [unique_id "aIVfzy-82AcwFY0KVGEXuQAAAFQ"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-29 17:20:08 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 23.27.196.38 (23-27-196-38.ips.acedatacenter.co ... show more (mod_security) mod_security (id:210492) triggered by 23.27.196.38 (23-27-196-38.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 13:19:51.496791 2025] [security2:error] [pid 3053303:tid 3053303] [client 23.27.196.38:49191] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.farmers123.com"] [uri "/.env.production"] [unique_id "aDiXN5qFYgYWt_C2KYeBDgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-04-19 05:37:45 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 23.27.196.38 (23-27-196-38.ips.acedatacenter.co ... show more (mod_security) mod_security (id:210730) triggered by 23.27.196.38 (23-27-196-38.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 19 01:37:23.104983 2025] [security2:error] [pid 22650:tid 22653] [client 23.27.196.38:58975] [client 23.27.196.38] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.blog.spinningdesigns.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "blog.spinningdesigns.com"] [uri "/log/errors.log"] [unique_id "aAM2k8LYwl69KqC_78ihYgAAAEA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-02-27 17:30:16 (1 year ago)	\| SQL injection attempt.	Hacking SQL Injection Web App Attack

Showing 1 to 11 of 11 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 141.11.250.239

🇷🇺 37.110.48.196

🇪🇸 213.165.74.84

🇨🇱 200.89.69.247

🇨🇱 190.46.77.254

🇱🇹 45.227.254.170

🇳🇱 45.148.10.157

🇫🇷 45.94.209.196

🇧🇷 45.5.47.180

🇨🇳 39.97.54.189

🇬🇧 2a06:4880:a000::c2

🇰🇬 146.19.220.38

🇧🇬 79.124.62.126

🇺🇸 70.120.203.193

🇺🇬 196.0.107.22

🇧🇷 186.219.184.142

🇺🇸 167.88.165.11

🇺🇸 162.216.150.79

🇺🇸 162.216.149.8

🇫🇷 85.204.70.92