JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 23.94.138.148

23.94.138.148 was found in our database!

This IP was reported 13 times. Confidence of Abuse is 0%: ?

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	23-94-138-148-host.colocrossing.com
Domain Name	hostpapa.com
Country	🇺🇸 United States of America
City	Buffalo, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 23.94.138.148

Whois 23.94.138.148

IP Abuse Reports for 23.94.138.148:

This IP address has been reported a total of 13 times from 6 distinct sources. 23.94.138.148 was first reported on August 30th 2023, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-01-17 04:45:38 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 23.94.138.148 (23-94-138-148-host.colocrossing. ... show more (mod_security) mod_security (id:210492) triggered by 23.94.138.148 (23-94-138-148-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 23:45:28.610831 2026] [security2:error] [pid 6493:tid 6493] [client 23.94.138.148:43111] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/.env.dev.local"] [unique_id "aWsT6ID-ZLECo38YL_P2_wAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 backslash	2026-01-12 03:35:04 (4 months ago)	block ruleset CC531825F9395F9A07FB06C1247C46770A2690F8	Bad Web Bot
🇺🇸 TPI-Abuse	2025-12-29 19:00:31 (5 months ago)	(mod_security) mod_security (id:210381) triggered by 23.94.138.148 (23-94-138-148-host.colocrossing. ... show more (mod_security) mod_security (id:210381) triggered by 23.94.138.148 (23-94-138-148-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 14:00:25.677280 2025] [security2:error] [pid 31734:tid 31749] [client 23.94.138.148:45211] ModSecurity: Access denied with code 403 (phase 2). Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "82"] [id "210381"] [rev "6"] [msg "COMODO WAF: URL Encoding Abuse Attack Attempt\|\|www.kettlehill.com\|F\|4"] [data "REQUEST_URI=/account/?user=1&tab=groups&group-name=p%27+or+%27%%27=%27%%27+union+all+select+1,2,3,4,5,6,7,8,9,10,11,concat(%22Database:%22,md5(999999999),0x7c,%20%22Version:%22,version()),13--+-"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.kettlehill.com"] [uri "/account/"] [unique_id "aVLPyWCDVM70TD0LIjvJyQAAAUg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-12 04:36:25 (6 months ago)	(mod_security) mod_security (id:211190) triggered by 23.94.138.148 (23-94-138-148-host.colocrossing. ... show more (mod_security) mod_security (id:211190) triggered by 23.94.138.148 (23-94-138-148-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 11 23:36:02.035668 2025] [security2:error] [pid 2149:tid 2149] [client 23.94.138.148:45867] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|mail.nbcnewsradio.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /horde/util/barcode.php?type=../../../../../../../../../../../etc/./passwd%00"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.nbcnewsradio.com"] [uri "/horde/util/barcode.php"] [unique_id "aRQOskYuucNasFeYS0tU8QAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-27 01:38:56 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 23.94.138.148 (23-94-138-148-host.colocrossing. ... show more (mod_security) mod_security (id:210492) triggered by 23.94.138.148 (23-94-138-148-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 21:38:50.181812 2025] [security2:error] [pid 729657:tid 729701] [client 23.94.138.148:34729] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.kettlehill.com"] [uri "/.env.development.local"] [unique_id "aIWDKhUVDjlJfvQpjEJSaAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-29 15:32:52 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 23.94.138.148 (23-94-138-148-host.colocrossing. ... show more (mod_security) mod_security (id:211190) triggered by 23.94.138.148 (23-94-138-148-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 11:32:08.236932 2025] [security2:error] [pid 2881569:tid 2881569] [client 23.94.138.148:42269] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|autodiscover.farmers123.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /badging/badge_print_v0.php?tpl=../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.farmers123.com"] [uri "/badging/badge_print_v0.php"] [unique_id "aDh9-HA1p5fvH8A4iHF7LQAAACs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-02-17 23:06:32 (1 year ago)	botnet	DDoS Attack
Anonymous	2025-01-17 08:10:12 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack
🇨🇭 backslash	2024-07-12 09:20:02 (1 year ago)		Web Spam
🇦🇺 oncord	2024-07-12 03:48:11 (1 year ago)	Form spam	Web Spam
🇦🇺 oncord	2024-07-10 14:40:57 (1 year ago)	Form spam	Web Spam
🇺🇸 nowyouknow	2023-08-31 02:56:33 (2 years ago)	Malicious Traffic/Form Submission	Phishing Web Spam
🇺🇸 nowyouknow	2023-08-30 22:36:50 (2 years ago)	(From [email protected]) JP Corsi with Exit Node Corp. I hope that you are having a good day. I a ... show more (From [email protected]) JP Corsi with Exit Node Corp. I hope that you are having a good day. I am doing a bit of outreach to owner of companies similar to yours as we are seeing increased sales with a number of our clients in the past few months. We have a core focus in helping companies increase online inbound and outreach sales and sell out capacity with incredibly effective and economical strategies. Let me know if increasing online sales is a priority right now and if I can get on your calendar for a short introduction in the next week or two? --- JP Corsi +1 954-833-5563 https://exitnode.co 2339 Glades Pkwy, Weston FL show less	Phishing Web Spam

Showing 1 to 13 of 13 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇹 158.173.77.209

🇲🇦 154.144.243.93

🇱🇾 154.127.68.64

🇻🇳 27.71.230.31

🇳🇱 5.255.110.118

🇬🇧 185.216.145.185

🇮🇹 158.173.77.37

🇺🇸 130.131.220.95

🇫🇷 85.204.70.106

🇧🇷 179.108.54.77

🇺🇸 172.234.218.87

🇦🇪 165.154.12.108

🇮🇹 158.173.77.236

🇷🇺 82.202.141.164

🇪🇬 41.232.131.42

🇳🇱 213.177.179.123

🇧🇷 177.222.221.115

🇨🇳 175.178.132.165

🇰🇷 118.37.214.187

🇨🇳 116.207.114.153