JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 23.94.138.161

23.94.138.161 was found in our database!

This IP was reported 8 times. Confidence of Abuse is 0%: ?

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	23-94-138-161-host.colocrossing.com
Domain Name	hostpapa.com
Country	🇺🇸 United States of America
City	Buffalo, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 23.94.138.161

Whois 23.94.138.161

IP Abuse Reports for 23.94.138.161:

This IP address has been reported a total of 8 times from 4 distinct sources. 23.94.138.161 was first reported on November 17th 2023, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 el-brujo	2026-04-12 12:53:32 (1 month ago)	Cloudflare WAF: Request Path: /noticias/desarticulan_una_banda_que_usaba_whatsapp_para_marcar_a_que_ ... show more Cloudflare WAF: Request Path: /noticias/desarticulan_una_banda_que_usaba_whatsapp_para_marcar_a_que_cliente_bancario-t477833.0.html Request Query: Host: foro.elhacker.net userAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36 Action: managed_challenge Source: firewallCustom ASN Description: AS-COLOCROSSING - HostPapa Country: US Method: GET Timestamp: 2026-04-12T12:53:32Z ruleId: 561d6e73a48e41d18a1a014356a284e1. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2026-02-07 10:14:59 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 23.94.138.161 (23-94-138-161-host.colocrossing. ... show more (mod_security) mod_security (id:210730) triggered by 23.94.138.161 (23-94-138-161-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 07 05:14:52.451007 2026] [security2:error] [pid 15807:tid 15807] [client 23.94.138.161:53595] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.nbcnewsradio.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.nbcnewsradio.com"] [uri "/settings.php.bak"] [unique_id "aYcQnGiRvRD4VrKMYIzcnAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-12 14:35:26 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 23.94.138.161 (23-94-138-161-host.colocrossing. ... show more (mod_security) mod_security (id:210492) triggered by 23.94.138.161 (23-94-138-161-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 12 09:35:20.704834 2025] [security2:error] [pid 14039:tid 14039] [client 23.94.138.161:45739] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.nbcnewsradio.com"] [uri "/.env.nbcnewsradio"] [unique_id "aRSbKMOoIm8Fr4eJa976nwAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-09-02 04:40:04 (9 months ago)	\| Common web attack.	Hacking SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2025-07-01 06:28:38 (11 months ago)	(mod_security) mod_security (id:210492) triggered by 23.94.138.161 (23-94-138-161-host.colocrossing. ... show more (mod_security) mod_security (id:210492) triggered by 23.94.138.161 (23-94-138-161-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 01 02:28:29.599118 2025] [security2:error] [pid 15241:tid 15301] [client 23.94.138.161:33287] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "staging.kettlehill.com"] [uri "/wp-config.php"] [unique_id "aGOADXYF3eGjRiRZ58ZSFwAAAFc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-30 16:33:22 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 23.94.138.161 (23-94-138-161-host.colocrossing. ... show more (mod_security) mod_security (id:211190) triggered by 23.94.138.161 (23-94-138-161-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 30 12:33:15.316218 2025] [security2:error] [pid 363006:tid 363006] [client 23.94.138.161:51779] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|www.nbcnewsradio.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /solr/solrdefault/debug/dump?param=ContentStreams&stream.url=file:///etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.nbcnewsradio.com"] [uri "/solr/solrdefault/debug/dump"] [unique_id "aDndy9-zwowbpIxVxuKgRwAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-01 03:18:12 (1 year ago)	(mod_security) mod_security (id:212620) triggered by 23.94.138.161 (23-94-138-161-host.colocrossing. ... show more (mod_security) mod_security (id:212620) triggered by 23.94.138.161 (23-94-138-161-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 30 23:17:00.060348 2025] [security2:error] [pid 10927:tid 11144] [client 23.94.138.161:55613] [client 23.94.138.161] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|kettlehill.com\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /?author=1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "kettlehill.com"] [uri "/"] [unique_id "aBLnrO3SfaloMDswqsxXTgAAAFQ"], referer: http://kettlehill.com/?author=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 oncord	2023-11-17 21:03:30 (2 years ago)	Form spam	Web Spam

Showing 1 to 8 of 8 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 222.108.147.76

🇻🇳 221.132.21.185

🇺🇸 216.180.246.20

🇳🇱 188.166.57.217

🇭🇰 150.5.133.185

🇷🇴 92.118.39.236

🇪🇸 92.112.134.54

🇺🇸 50.255.62.89

🇬🇧 35.203.211.101

🇫🇷 146.70.194.238

🇨🇳 117.69.234.46

🇮🇩 113.212.164.107

🇩🇪 82.115.24.222

🇷🇴 80.94.95.211

🇺🇸 77.37.63.68

🇺🇸 64.62.156.11

🇫🇷 51.178.114.78

🇮🇳 34.93.128.179

🇸🇬 4.194.4.255

🇬🇧 194.50.235.154