JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 23.27.210.29

23.27.210.29 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 39%: ?

39%

ISP	Ace Data Centers II, L.L.C.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS40676
Hostname(s)	23-27-210-29.ips.acedatacenter.com
Domain Name	acedatacenter.com
Country	🇺🇸 United States of America
City	Centreville, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 23.27.210.29

Whois 23.27.210.29

IP Abuse Reports for 23.27.210.29:

This IP address has been reported a total of 17 times from 10 distinct sources. 23.27.210.29 was first reported on January 15th 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-05-28 22:00:40 (1 week ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-27. show less	Web App Attack SSH Hacking
Anonymous	2026-05-27 23:20:08 (1 week ago)	suspicious request in access.log	Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 18:13:58 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 23.27.210.29 (23-27-210-29.ips.acedatacenter.co ... show more (mod_security) mod_security (id:210492) triggered by 23.27.210.29 (23-27-210-29.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 14:13:46.366258 2026] [security2:error] [pid 19897:tid 19897] [client 23.27.210.29:43123] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.test.mathewyoung.com"] [uri "/wp-config.php.save"] [unique_id "ahc0WkOiwQndjIZUOQiB7wAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 wlt-blocker	2026-05-27 01:10:50 (1 week ago)	Unauthorized access to webpage admin	Web App Attack
🇨🇭 4server	2026-05-27 00:57:24 (1 week ago)	[WedMay2702:57:19.3385062026][security2:error][pid366231:tid366435][client23.27.210.29:0]ModSecurity ... show more [WedMay2702:57:19.3385062026][security2:error][pid366231:tid366435][client23.27.210.29:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\"wp-config\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"364\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"aidconsultancy.ch.81-17-25-250.cpanel.site\"][uri\"/wp-config.php.save\"][unique_id\"ahZBb3nH08FBH6UBi3zTvAAAAMo\"]\,referer:https://www.google.com/search\?q=aidconsultancy.ch.81-17-25-250.cpanel.site show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 00:23:50 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 23.27.210.29 (23-27-210-29.ips.acedatacenter.co ... show more (mod_security) mod_security (id:210492) triggered by 23.27.210.29 (23-27-210-29.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 20:23:40.583304 2026] [security2:error] [pid 6394:tid 6394] [client 23.27.210.29:44577] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ionekotis.net"] [uri "/.env.backup"] [unique_id "ahY5jIPS7T387yt4t0PIVwAAAAM"], referer: https://www.google.com/search?q=ionekotis.net show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 18:07:42 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 23.27.210.29 (23-27-210-29.ips.acedatacenter.co ... show more (mod_security) mod_security (id:210492) triggered by 23.27.210.29 (23-27-210-29.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 14:07:30.953142 2026] [security2:error] [pid 12381:tid 12381] [client 23.27.210.29:60199] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thomasandross.com"] [uri "/.env.development"] [unique_id "ahXhYkIK-EN5IFhTZ-E5_gAAAAI"], referer: https://www.google.com/search?q=thomasandross.com show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-22 13:59:56 (1 week ago)	LH-Watcher: FAKE_ID [Fake Googlebot]	Bad Web Bot
🇩🇪 SCHAPPY	2026-05-06 10:26:51 (4 weeks ago)	Bad bot identified by user agent	Bad Web Bot
🇺🇸 TPI-Abuse	2026-01-17 20:58:51 (4 months ago)	(mod_security) mod_security (id:221260) triggered by 23.27.210.29 (23-27-210-29.ips.acedatacenter.co ... show more (mod_security) mod_security (id:221260) triggered by 23.27.210.29 (23-27-210-29.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 15:58:45.272551 2026] [security2:error] [pid 28607:tid 28607] [client 23.27.210.29:52865] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|cpcalendars.nbcnewsradio.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/cgi-bin/stats"] [unique_id "aWv4BewBhnaNutIv-j2sMwAAAAk"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 20:58:01 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 23.27.210.29 (23-27-210-29.ips.acedatacenter.co ... show more (mod_security) mod_security (id:210492) triggered by 23.27.210.29 (23-27-210-29.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 15:57:56.282425 2025] [security2:error] [pid 22839:tid 22962] [client 23.27.210.29:50467] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.kettlehill.com"] [uri "/.env.stage"] [unique_id "aVLrVKhQT-NrkrxX7z34BgAAAEM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-13 08:56:39 (6 months ago)	(mod_security) mod_security (id:211190) triggered by 23.27.210.29 (23-27-210-29.ips.acedatacenter.co ... show more (mod_security) mod_security (id:211190) triggered by 23.27.210.29 (23-27-210-29.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 03:56:23.522870 2025] [security2:error] [pid 25934:tid 25934] [client 23.27.210.29:44147] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|ftp.nbcnewsradio.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /index.php?op=fileviewer&file=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.nbcnewsradio.com"] [uri "/index.php"] [unique_id "aRWdN7cWjBbFisv3uLSnDwAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇪 RoboSOC	2025-10-16 08:42:21 (7 months ago)	HTTP Directory Traversal Vulnerability , PTR: 23-27-210-29.ips.acedatacenter.com.	Hacking
🇺🇸 TPI-Abuse	2025-07-27 00:56:46 (10 months ago)	(mod_security) mod_security (id:221260) triggered by 23.27.210.29 (23-27-210-29.ips.acedatacenter.co ... show more (mod_security) mod_security (id:221260) triggered by 23.27.210.29 (23-27-210-29.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 20:56:33.422339 2025] [security2:error] [pid 404372:tid 404542] [client 23.27.210.29:44727] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|whm.staging.kettlehill.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whm.staging.kettlehill.com"] [uri "/test.cgi"] [unique_id "aIV5QRTdKN3sxMPXSjT7UQAAAQ8"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-29 15:33:12 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 23.27.210.29 (23-27-210-29.ips.acedatacenter.co ... show more (mod_security) mod_security (id:211190) triggered by 23.27.210.29 (23-27-210-29.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 11:32:14.159010 2025] [security2:error] [pid 2882105:tid 2882105] [client 23.27.210.29:38189] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|autodiscover.farmers123.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php?ajaxAction=getIds&cfg=../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.farmers123.com"] [uri "/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php"] [unique_id "aDh9_rSKlWK6NzgSlFfS2gAAAC0"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 162.216.150.101

🇳🇱 20.224.168.82

🇷🇴 2.57.122.177

🇰🇷 222.239.251.12

🇩🇪 213.209.159.225

🇭🇰 203.23.128.43

🇻🇳 103.179.188.195

🇮🇳 103.86.180.10

🇺🇸 2600:1f18:6418:9603:2829:d41f:15cd:1534

🇸🇬 167.99.77.251

🇺🇸 149.115.149.206

🇨🇳 115.230.124.67

🇵🇰 103.18.14.247

🇺🇸 35.247.52.24

🇬🇧 35.203.211.129

🇫🇷 31.220.81.161

🇧🇷 2804:30c:181e:3200:447b:8fe:818c:e06c

🇫🇷 213.136.70.200

🇦🇷 201.190.168.124

🇺🇸 162.216.150.224