JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 23.94.138.79

23.94.138.79 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 0%: ?

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	23-94-138-79-host.colocrossing.com
Domain Name	hostpapa.com
Country	🇺🇸 United States of America
City	Buffalo, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 23.94.138.79

Whois 23.94.138.79

IP Abuse Reports for 23.94.138.79:

This IP address has been reported a total of 16 times from 6 distinct sources. 23.94.138.79 was first reported on November 27th 2023, and the most recent report was 10 months ago.

Old Reports: The most recent abuse report for this IP address is from 10 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇭 backslash	2025-08-06 12:20:14 (10 months ago)	block ruleset CC531825F9395F9A07FB06C1247C46770A2690F8	Bad Web Bot
🇩🇪 dayda.net	2024-12-04 02:51:49 (1 year ago)	cffaction=get_data_from_database&query=SELECT%20*%20from%20wp_users	Bad Web Bot
🇺🇸 TPI-Abuse	2024-11-26 23:26:55 (1 year ago)	(mod_security) mod_security (id:212620) triggered by 23.94.138.79 (23-94-138-79-host.colocrossing.co ... show more (mod_security) mod_security (id:212620) triggered by 23.94.138.79 (23-94-138-79-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 26 18:26:19.204773 2024] [security2:error] [pid 14716:tid 14987] [client 23.94.138.79:41169] [client 23.94.138.79] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|staging.kettlehill.com\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /natemail.php?recipient=</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "staging.kettlehill.com"] [uri "/NateMail.php"] [unique_id "Z0ZZGwhXN1-tm_FGp0dhswAAANI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-09-03 18:45:15 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 23.94.138.79 (23-94-138-79-host.colocrossing.co ... show more (mod_security) mod_security (id:210730) triggered by 23.94.138.79 (23-94-138-79-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 03 14:45:00.770590 2024] [security2:error] [pid 19357:tid 19357] [client 23.94.138.79:49941] [client 23.94.138.79] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.stdavids-media.com\|F\|2"] [data ".inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.stdavids-media.com"] [uri "/wp-config.inc"] [unique_id "ZtdZLBfB_t7Eb3PL87GOlwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-08-26 23:05:56 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 23.94.138.79 (23-94-138-79-host.colocrossing.co ... show more (mod_security) mod_security (id:210492) triggered by 23.94.138.79 (23-94-138-79-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 26 19:03:49.175671 2024] [security2:error] [pid 532018:tid 532377] [client 23.94.138.79:48959] [client 23.94.138.79] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.kettlehill.net"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "Zs0J1S_p85EHRlaaQPgdZQAAAEA"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 10dencehispahard SL	2024-06-27 22:04:51 (1 year ago)	Unauthorized login attempts [ accesslogs]	Brute-Force
🇺🇸 TPI-Abuse	2024-05-21 23:21:55 (2 years ago)	(mod_security) mod_security (id:210492) triggered by 23.94.138.79 (23-94-138-79-host.colocrossing.co ... show more (mod_security) mod_security (id:210492) triggered by 23.94.138.79 (23-94-138-79-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 21 19:20:31.146799 2024] [security2:error] [pid 5134:tid 47525641340672] [client 23.94.138.79:42437] [client 23.94.138.79] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.kettlehill.net"] [uri "/.env.save"] [unique_id "Zk0sP-5wABVJ2cMnYaTGmAAAAEQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 10dencehispahard SL	2024-05-08 07:00:43 (2 years ago)	Unauthorized login attempts []	Brute-Force
🇪🇸 10dencehispahard SL	2024-05-08 06:46:41 (2 years ago)	Web Attack	DDoS Attack Brute-Force Web App Attack
Anonymous	2024-05-06 01:06:53 (2 years ago)	Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
🇪🇸 10dencehispahard SL	2024-03-27 07:00:25 (2 years ago)	Unauthorized login attempts [ BI-16635]	Brute-Force
🇪🇸 10dencehispahard SL	2024-03-27 06:46:51 (2 years ago)	WP scan	Web App Attack
🇺🇸 TPI-Abuse	2024-02-27 23:17:29 (2 years ago)	(mod_security) mod_security (id:210492) triggered by 23.94.138.79 (23-94-138-79-host.colocrossing.co ... show more (mod_security) mod_security (id:210492) triggered by 23.94.138.79 (23-94-138-79-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 27 18:16:49.871317 2024] [security2:error] [pid 5379:tid 47108591052544] [client 23.94.138.79:56855] [client 23.94.138.79] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.kettlehill.com"] [uri "/web.config._inc"] [unique_id "Zd5tYXpeprykeOeYz0Xa_AAAAU8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-01-25 21:25:20 (2 years ago)	(mod_security) mod_security (id:210730) triggered by 23.94.138.79 (23-94-138-79-host.colocrossing.co ... show more (mod_security) mod_security (id:210730) triggered by 23.94.138.79 (23-94-138-79-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 25 16:24:31.436749 2024] [security2:error] [pid 20644] [client 23.94.138.79:48599] [client 23.94.138.79] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|stdavids-media.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "stdavids-media.com"] [uri "/errors.log"] [unique_id "ZbLRj26yzZDR3D8aqWHhFgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2023-12-05 17:20:11 (2 years ago)	(mod_security) mod_security (id:211190) triggered by 23.94.138.79 (23-94-138-79-host.colocrossing.co ... show more (mod_security) mod_security (id:211190) triggered by 23.94.138.79 (23-94-138-79-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 05 12:18:59.491118 2023] [security2:error] [pid 7340:tid 47036152325888] [client 23.94.138.79:39499] [client 23.94.138.79] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|staging.kettlehill.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /catalog.php?filename=../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "staging.kettlehill.com"] [uri "/catalog.php"] [unique_id "ZW9bg5X89eHdwxy0pPjU5QAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇷 212.64.216.142

🇰🇿 95.58.255.251

🇩🇪 34.179.239.248

🇷🇴 2.57.122.238

🇳🇱 213.177.179.12

🇧🇷 205.210.31.220

🇬🇧 193.32.209.232

🇧🇷 187.62.87.27

🇳🇱 185.226.197.42

🇺🇸 129.153.115.59

🇰🇷 112.219.151.50

🇭🇰 101.32.1.25

🇺🇸 34.125.99.196

🇺🇸 20.163.4.176

🇳🇱 212.192.240.10

🇻🇪 206.0.166.184

🇬🇧 195.96.139.60

🇳🇱 176.65.148.228

🇵🇱 172.253.206.58

🇺🇸 157.254.174.96