JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 23.95.244.237

23.95.244.237 was found in our database!

This IP was reported 11 times. Confidence of Abuse is 0%: ?

ISP	123Systems
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	23-95-244-237-host.colocrossing.com
Domain Name	123systems.net
Country	🇺🇸 United States of America
City	Buffalo, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 23.95.244.237

Whois 23.95.244.237

IP Abuse Reports for 23.95.244.237:

This IP address has been reported a total of 11 times from 3 distinct sources. 23.95.244.237 was first reported on May 15th 2025, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-02-01 11:42:10 (4 months ago)	(mod_security) mod_security (id:240950) triggered by 23.95.244.237 (23-95-244-237-host.colocrossing. ... show more (mod_security) mod_security (id:240950) triggered by 23.95.244.237 (23-95-244-237-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 01 06:35:26.538720 2026] [security2:error] [pid 483:tid 650] [client 23.95.244.237:47171] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)\|\|cpcalendars.kettlehill.kettlehill.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cpcalendars.kettlehill.kettlehill.com"] [uri "/secure/QueryComponentRendererValue!Default.jspa"] [unique_id "aX86fgMxl-cQ0UzvOvR-ywAAAEQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-16 10:23:41 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 23.95.244.237 (23-95-244-237-host.colocrossing. ... show more (mod_security) mod_security (id:210492) triggered by 23.95.244.237 (23-95-244-237-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 05:23:35.260825 2026] [security2:error] [pid 1489:tid 1489] [client 23.95.244.237:44795] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.nbcnewsradio.com"] [uri "/.env.old"] [unique_id "aWoRpzEr15A2FAAd3mPH6AAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 22:14:06 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 23.95.244.237 (23-95-244-237-host.colocrossing. ... show more (mod_security) mod_security (id:210492) triggered by 23.95.244.237 (23-95-244-237-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 17:14:01.791563 2025] [security2:error] [pid 19943:tid 19943] [client 23.95.244.237:57847] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autoconfig.farmers123.com"] [uri "/.htaccess"] [unique_id "aS9kqRDi4QixuGWXB-EN9QAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-01 05:55:27 (6 months ago)	(mod_security) mod_security (id:212620) triggered by 23.95.244.237 (23-95-244-237-host.colocrossing. ... show more (mod_security) mod_security (id:212620) triggered by 23.95.244.237 (23-95-244-237-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 00:53:24.685402 2025] [security2:error] [pid 31256:tid 31274] [client 23.95.244.237:53135] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|ftp.kettlehill.net\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /?s=</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "ftp.kettlehill.net"] [uri "/"] [unique_id "aS0tVG28JkE_f6YcP87urAAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-28 21:57:33 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 23.95.244.237 (23-95-244-237-host.colocrossing. ... show more (mod_security) mod_security (id:210730) triggered by 23.95.244.237 (23-95-244-237-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 17:57:23.594882 2025] [security2:error] [pid 11013:tid 11013] [client 23.95.244.237:50031] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.nbcnewsradio.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.nbcnewsradio.com"] [uri "/default.php.bak"] [unique_id "aQE8QxrN-sMqBB4Pj3ZegQAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-01 14:41:17 (8 months ago)	(mod_security) mod_security (id:211190) triggered by 23.95.244.237 (23-95-244-237-host.colocrossing. ... show more (mod_security) mod_security (id:211190) triggered by 23.95.244.237 (23-95-244-237-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 10:41:02.540889 2025] [security2:error] [pid 12475:tid 12490] [client 23.95.244.237:50267] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|mail.kettlehill.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/usc-e-shop/functions/progress-check.php?progressfile=../../../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.kettlehill.com"] [uri "/wp-content/plugins/usc-e-shop/functions/progress-check.php"] [unique_id "aN09fmCKjmgjI9kURFJ-WAAAAUs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-08-22 08:44:03 (9 months ago)	Malicious activity detected	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-08-01 06:43:36 (10 months ago)	(mod_security) mod_security (id:210730) triggered by 23.95.244.237 (23-95-244-237-host.colocrossing. ... show more (mod_security) mod_security (id:210730) triggered by 23.95.244.237 (23-95-244-237-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 02:43:29.430429 2025] [security2:error] [pid 3331447:tid 3331468] [client 23.95.244.237:51601] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kettlehill.net\|F\|2"] [data ".old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.net"] [uri "/.ssh/known_hosts.old"] [unique_id "aIxiEVSZjg6lcpTf51ZdRAAAAZE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-06-01 06:54:14 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 23.95.244.237 (23-95-244-237-host.colocrossing. ... show more (mod_security) mod_security (id:210730) triggered by 23.95.244.237 (23-95-244-237-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 02:54:06.899247 2025] [security2:error] [pid 2762044:tid 2762070] [client 23.95.244.237:54105] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.kettlehill.net\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.kettlehill.net"] [uri "/.../.../.../.../.../.../.../.../.../windows/win.ini"] [unique_id "aDv5DglM7g4oxUkvwMwDdQAAANg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-30 21:59:33 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 23.95.244.237 (23-95-244-237-host.colocrossing. ... show more (mod_security) mod_security (id:210730) triggered by 23.95.244.237 (23-95-244-237-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 30 17:59:23.720661 2025] [security2:error] [pid 737732:tid 737732] [client 23.95.244.237:55381] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|autodiscover.nbcnewsradio.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "autodiscover.nbcnewsradio.com"] [uri "/.../.../.../.../.../.../.../.../.../windows/win.ini"] [unique_id "aDoqO0gih08YYSyaTMnQgQAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-05-15 13:20:12 (1 year ago)	\| Shellshock attack detected	Hacking SQL Injection Web App Attack

Showing 1 to 11 of 11 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇪 198.235.24.229

🇧🇪 198.235.24.226

🇧🇪 198.235.24.224

🇪🇹 196.188.116.41

🇮🇷 193.151.135.3

🇧🇷 186.239.41.102

🇲🇽 186.96.145.241

🇫🇷 141.11.1.134

🇨🇳 118.145.144.95

🇺🇸 205.210.31.69

🇧🇪 198.235.24.223

🇧🇪 198.235.24.219

🇻🇳 171.244.142.205

🇺🇸 98.61.216.173

🇳🇱 91.92.42.227

🇷🇺 81.211.72.167

🇱🇹 81.30.98.142

🇨🇳 36.104.147.6

🇮🇩 36.83.226.90

🇻🇳 27.79.1.154