JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 23.94.138.45

23.94.138.45 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 0%: ?

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	23-94-138-45-host.colocrossing.com
Domain Name	hostpapa.com
Country	🇺🇸 United States of America
City	Buffalo, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 23.94.138.45

Whois 23.94.138.45

IP Abuse Reports for 23.94.138.45:

This IP address has been reported a total of 16 times from 9 distinct sources. 23.94.138.45 was first reported on July 9th 2024, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇹 Inartis	2026-04-18 05:04:00 (1 month ago)	2026-04-18T07:03:58.243038+02:00 web5 sshd[3185995]: pam_unix(sshd:auth): authentication failure; lo ... show more 2026-04-18T07:03:58.243038+02:00 web5 sshd[3185995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.94.138.45 2026-04-18T07:03:59.385356+02:00 web5 sshd[3185995]: Failed password for invalid user admin from 23.94.138.45 port 42105 ssh2 ... show less	Brute-Force SSH
🇺🇸 TPI-Abuse	2026-01-17 21:22:34 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 23.94.138.45 (23-94-138-45-host.colocrossing.co ... show more (mod_security) mod_security (id:210492) triggered by 23.94.138.45 (23-94-138-45-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 16:22:28.516915 2026] [security2:error] [pid 17239:tid 17239] [client 23.94.138.45:40419] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/.env.backup"] [unique_id "aWv9lFmH98g5s1ARXCA1KgAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 19:15:59 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 23.94.138.45 (23-94-138-45-host.colocrossing.co ... show more (mod_security) mod_security (id:210492) triggered by 23.94.138.45 (23-94-138-45-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 14:15:10.791702 2025] [security2:error] [pid 22842:tid 23022] [client 23.94.138.45:59731] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.kettlehill.com"] [uri "/sample.htaccess"] [unique_id "aVLTPlKoonkfA7MmLZckaAAAARI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-27 00:30:49 (10 months ago)	(mod_security) mod_security (id:221260) triggered by 23.94.138.45 (23-94-138-45-host.colocrossing.co ... show more (mod_security) mod_security (id:221260) triggered by 23.94.138.45 (23-94-138-45-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 20:30:36.321736 2025] [security2:error] [pid 172226:tid 172440] [client 23.94.138.45:37051] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|cpanel.kettlehill.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.kettlehill.net"] [uri "/cgi-bin/test"] [unique_id "aIVzLH6EtJKYjh039GtISQAAAIE"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-29 17:26:04 (1 year ago)	(mod_security) mod_security (id:212750) triggered by 23.94.138.45 (23-94-138-45-host.colocrossing.co ... show more (mod_security) mod_security (id:212750) triggered by 23.94.138.45 (23-94-138-45-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 13:25:53.469983 2025] [security2:error] [pid 3066874:tid 3066874] [client 23.94.138.45:46323] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bon(?:abort\|blur\|change\|click\|dblclick\|dragdrop\|error\|focus\|keydown\|keypress\|keyup\|load\|mouse(?:down\|move\|out\|over\|up)\|move\|readystatechange\|reset\|resize\|select\|submit\|unload)\\\\b[^a-zA-Z0-9_]{0,}?=" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "69"] [id "212750"] [rev "3"] [msg "COMODO WAF: XSS Attack Detected\|\|ftp.farmers123.com\|F\|2"] [data "Matched Data: onload= found within REQUEST_URI: /control/stream?contentid='\\x5c\\x22><svg/onload=alert(/xss/)>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "ftp.farmers123.com"] [uri "/control/stream"] [unique_id "aDiYobYBpySvsn9EL5hB3gAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-02-28 10:20:02 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack
🇷🇴 exxos	2024-11-06 21:56:04 (1 year ago)	Attack with rapid agent changes	DDoS Attack
🇦🇺 MAGIC	2024-10-30 03:00:19 (1 year ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇷🇴 exxos	2024-10-30 01:00:04 (1 year ago)	Attack with rapid agent changes	DDoS Attack
🇷🇴 exxos	2024-10-30 00:10:53 (1 year ago)	Mass create account attempts	Web Spam
🇫🇮 nyuuzyou	2024-10-07 21:12:05 (1 year ago)	Intensive scraping: /web?s=rubber%20waste%20pipe%20seal&scraper=brave. User-Agent: Mozilla/5.0 (X11; ... show more Intensive scraping: /web?s=rubber%20waste%20pipe%20seal&scraper=brave. User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 OPR/89.0.4447.51. show less	Bad Web Bot
Anonymous	2024-08-23 03:46:12 (1 year ago)	Malicious activity detected	Hacking Web App Attack
🇦🇺 oncord	2024-07-13 03:16:17 (1 year ago)	Form spam	Web Spam
🇨🇭 backslash	2024-07-11 22:30:01 (1 year ago)		Web Spam
🇦🇺 oncord	2024-07-11 01:34:57 (1 year ago)	Form spam	Web Spam

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 2409:40e4:5b:a085:49e2:6640:2bd0:1276

🇩🇪 213.209.159.242

🇨🇳 180.76.202.69

🇩🇪 172.71.172.83

🇺🇸 162.216.149.146

🇩🇪 84.32.10.175

🇺🇸 52.180.157.88

🇱🇧 45.129.136.12

🇺🇸 38.148.249.2

🇩🇪 172.71.172.53

🇵🇰 119.73.19.52

🇳🇵 103.191.131.188

🇬🇧 51.195.215.242

🇫🇷 38.242.227.136

🇫🇷 217.76.54.95

🇰🇷 211.223.107.86

🇲🇽 187.141.71.166

🇫🇷 185.188.249.30

🇰🇷 175.126.37.156

🇮🇳 152.59.18.207