JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 23.94.28.190

23.94.28.190 was found in our database!

This IP was reported 159 times. Confidence of Abuse is 4%: ?

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	23-94-28-190-host.colocrossing.com
Domain Name	colocrossing.com
Country	🇺🇸 United States of America
City	Buffalo, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 23.94.28.190

Whois 23.94.28.190

IP Abuse Reports for 23.94.28.190:

This IP address has been reported a total of 159 times from 51 distinct sources. 23.94.28.190 was first reported on September 3rd 2023, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-17 01:57:37 (3 days ago)	(mod_security) mod_security (id:210730) triggered by 23.94.28.190 (23-94-28-190-host.colocrossing.co ... show more (mod_security) mod_security (id:210730) triggered by 23.94.28.190 (23-94-28-190-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 21:57:30.822838 2026] [security2:error] [pid 20748:tid 20748] [client 23.94.28.190:22662] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.jmms.mx\|F\|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.jmms.mx"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "ajH_CmUwLVzsuBGEduWWSQAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 17:39:37 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 23.94.28.190 (23-94-28-190-host.colocrossing.co ... show more (mod_security) mod_security (id:210730) triggered by 23.94.28.190 (23-94-28-190-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 13:39:33.446694 2026] [security2:error] [pid 31251:tid 31251] [client 23.94.28.190:1078] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.fundaciondamashcc.org.ec\|F\|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.fundaciondamashcc.org.ec"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "aimhVYcoFCbZOq2g70U5vgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-21 12:52:00 (6 months ago)	The following intrusion was observed: Telerik.Web.UI.RadAsyncUpload.Handling.Arbitrary.File.Upload.	Web App Attack IoT Targeted
🇫🇷 H. SOC	2025-11-20 14:07:23 (6 months ago)	The following attack type were detected by our IPS : Telerik.Web.UI.RadAsyncUpload.Handling.Arbitrar ... show more The following attack type were detected by our IPS : Telerik.Web.UI.RadAsyncUpload.Handling.Arbitrary.File.Upload. show less	Web App Attack
🇩🇪 Mr-Money	2025-11-19 18:38:01 (7 months ago)	scenario: crowdsecurity/CVE-2019-18935 - events: 1	Exploited Host
🇩🇪 Mr-Money	2025-11-18 05:47:50 (7 months ago)	scenario: crowdsecurity/CVE-2019-18935 - events: 1	Exploited Host
Anonymous	2025-11-17 23:05:07 (7 months ago)	Failed login attempt detected by Fail2Ban in plesk-modsecurity jail	Exploited Host
Anonymous	2025-11-17 12:43:00 (7 months ago)	The following intrusion was observed: Telerik.Web.UI.RadAsyncUpload.Handling.Arbitrary.File.Upload.	Web App Attack IoT Targeted
🇺🇸 TPI-Abuse	2025-11-17 11:43:33 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 23.94.28.190 (23-94-28-190-host.colocrossing.co ... show more (mod_security) mod_security (id:210730) triggered by 23.94.28.190 (23-94-28-190-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 17 06:43:26.725392 2025] [security2:error] [pid 3755:tid 3755] [client 23.94.28.190:57726] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.queenspridegrapes.nyc\|F\|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.queenspridegrapes.nyc"] [uri "/login/Telerik.Web.UI.WebResource.axd"] [unique_id "aRsKXi4h6DiduOJG1wDKywAAAEE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-01 16:57:36 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 2002:175e:1cbe::175e:1cbe (Unknown): 1 in the l ... show more (mod_security) mod_security (id:210730) triggered by 2002:175e:1cbe::175e:1cbe (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 01 12:57:33.167241 2025] [security2:error] [pid 18477:tid 18477] [client 2002:175e:1cbe::175e:1cbe:57182] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.nysasports.com\|F\|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.nysasports.com"] [uri "/administrator/Telerik.Web.UI.WebResource.axd"] [unique_id "aQY7_WFiR-ai7eAhtOeHJQAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 nzhost.co.nz	2025-10-31 21:46:06 (7 months ago)	$f2bV_matches	Hacking Brute-Force
Anonymous	2025-10-27 11:39:00 (7 months ago)	The following intrusion was observed: Telerik.Web.UI.RadAsyncUpload.Handling.Arbitrary.File.Upload.	IoT Targeted
🇺🇸 TPI-Abuse	2025-10-13 16:01:09 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 23.94.28.190 (23-94-28-190-host.colocrossing.co ... show more (mod_security) mod_security (id:210730) triggered by 23.94.28.190 (23-94-28-190-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 13 12:01:01.292606 2025] [security2:error] [pid 2082:tid 2082] [client 23.94.28.190:55739] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|atimeinhistory.org\|F\|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "atimeinhistory.org"] [uri "/old/Telerik.Web.UI.WebResource.axd"] [unique_id "aO0iPY5Fel4edn5yBRdfKwAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-08 08:18:06 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 2002:175e:1cbe::175e:1cbe (Unknown): 1 in the l ... show more (mod_security) mod_security (id:210730) triggered by 2002:175e:1cbe::175e:1cbe (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 08 04:18:01.981897 2025] [security2:error] [pid 14409:tid 14409] [client 2002:175e:1cbe::175e:1cbe:54502] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.discountphotogifts.com\|F\|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.discountphotogifts.com"] [uri "/old/Telerik.Web.UI.WebResource.axd"] [unique_id "aOYeOS9Pk6PEX5iATrb9qQAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-08 04:44:31 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 23.94.28.190 (23-94-28-190-host.colocrossing.co ... show more (mod_security) mod_security (id:210730) triggered by 23.94.28.190 (23-94-28-190-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 08 00:44:26.662513 2025] [security2:error] [pid 7280:tid 7280] [client 23.94.28.190:63364] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.starfrontiers.com\|F\|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.starfrontiers.com"] [uri "/old/Telerik.Web.UI.WebResource.axd"] [unique_id "aOXsKuHuIIWZp30qxStrYgAAABw"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 159 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.180.246.117

🇨🇴 181.129.41.162

🇳🇱 172.71.95.147

🇺🇸 162.159.119.2

🇮🇳 103.57.184.134

🇦🇷 45.176.89.175

🇨🇳 27.128.170.160

🇧🇷 20.226.32.175

🇺🇸 2607:ff10:c8:594::8

🇨🇳 218.106.33.54

🇨🇳 218.25.89.208

🇸🇬 213.111.158.148

🇺🇸 205.210.31.102

🇳🇱 176.65.139.253

🇫🇷 173.249.10.85

🇰🇪 105.27.148.94

🇫🇷 85.217.140.10

🇷🇴 80.94.92.171

🇳🇱 45.153.34.235

🇬🇧 35.203.210.31