JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 23.95.250.135

23.95.250.135 was found in our database!

This IP was reported 9 times. Confidence of Abuse is 0%: ?

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	23-95-250-135-host.colocrossing.com
Domain Name	colocrossing.com
Country	🇺🇸 United States of America
City	Buffalo, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 23.95.250.135

Whois 23.95.250.135

IP Abuse Reports for 23.95.250.135:

This IP address has been reported a total of 9 times from 2 distinct sources. 23.95.250.135 was first reported on May 27th 2025, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-02-01 11:24:57 (4 months ago)	(mod_security) mod_security (id:212750) triggered by 23.95.250.135 (23-95-250-135-host.colocrossing. ... show more (mod_security) mod_security (id:212750) triggered by 23.95.250.135 (23-95-250-135-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 01 06:24:45.642401 2026] [security2:error] [pid 16721:tid 16878] [client 23.95.250.135:40749] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bon(?:abort\|blur\|change\|click\|dblclick\|dragdrop\|error\|focus\|keydown\|keypress\|keyup\|load\|mouse(?:down\|move\|out\|over\|up)\|move\|readystatechange\|reset\|resize\|select\|submit\|unload)\\\\b[^a-zA-Z0-9_]{0,}?=" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "69"] [id "212750"] [rev "3"] [msg "COMODO WAF: XSS Attack Detected\|\|ftp.kettlehill.net\|F\|2"] [data "Matched Data: onerror= found within REQUEST_URI: /?spai_vjs=</script><img src=1 onerror=alert(document.domain)>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "ftp.kettlehill.net"] [uri "/"] [unique_id "aX83_bZSDMB2xJcUTnRWRQAAAo8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-16 10:01:23 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 23.95.250.135 (23-95-250-135-host.colocrossing. ... show more (mod_security) mod_security (id:210492) triggered by 23.95.250.135 (23-95-250-135-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 05:01:15.362550 2026] [security2:error] [pid 11892:tid 11892] [client 23.95.250.135:35767] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.nbcnewsradio.com"] [uri "/.env.prod.local"] [unique_id "aWoMa8JdFlHf5NV329NGFAAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-01 07:20:14 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 23.95.250.135 (23-95-250-135-host.colocrossing. ... show more (mod_security) mod_security (id:210730) triggered by 23.95.250.135 (23-95-250-135-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 02:20:09.686389 2025] [security2:error] [pid 27471:tid 27512] [client 23.95.250.135:38087] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.kettlehill.net\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.net"] [uri "/admin/log/error.log"] [unique_id "aS1BqXLXOKC0tXS7y0k_awAAAJg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-29 02:58:23 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 23.95.250.135 (23-95-250-135-host.colocrossing. ... show more (mod_security) mod_security (id:210492) triggered by 23.95.250.135 (23-95-250-135-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 22:58:17.504164 2025] [security2:error] [pid 2691:tid 2691] [client 23.95.250.135:37361] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/.env.dev"] [unique_id "aQGCyYzVD0NPs5iKVyl1rAAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-01 15:48:14 (8 months ago)	(mod_security) mod_security (id:210580) triggered by 23.95.250.135 (23-95-250-135-host.colocrossing. ... show more (mod_security) mod_security (id:210580) triggered by 23.95.250.135 (23-95-250-135-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 11:48:08.930466 2025] [security2:error] [pid 30036:tid 30077] [client 23.95.250.135:32773] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/passwd" at ARGS:field. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt\|\|ftp.kettlehill.net\|F\|2"] [data "Matched Data: etc/passwd found within ARGS:field: field:exec:head -1 /etc/passwd:null:null"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "ftp.kettlehill.net"] [uri "/wp-admin/admin-ajax.php"] [unique_id "aN1NOJ4Gg6n9TdaAp9hyoAAAAIo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-05 18:16:04 (10 months ago)	(mod_security) mod_security (id:210730) triggered by 23.95.250.135 (23-95-250-135-host.colocrossing. ... show more (mod_security) mod_security (id:210730) triggered by 23.95.250.135 (23-95-250-135-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 05 14:15:58.499908 2025] [security2:error] [pid 8806:tid 8806] [client 23.95.250.135:49473] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.nbcnewsradio.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.nbcnewsradio.com"] [uri "/\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\windows\\\\win.ini"] [unique_id "aJJKXjpt0wJduSgW865GVgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-01 06:43:39 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 23.95.250.135 (23-95-250-135-host.colocrossing. ... show more (mod_security) mod_security (id:210492) triggered by 23.95.250.135 (23-95-250-135-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 02:43:32.449692 2025] [security2:error] [pid 3331489:tid 3331593] [client 23.95.250.135:43869] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.kettlehill.net"] [uri "/wp-config.php.html"] [unique_id "aIxiFDqSEPOvsBY_LS5XTAAAANU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-06-01 08:13:31 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 23.95.250.135 (23-95-250-135-host.colocrossing. ... show more (mod_security) mod_security (id:210730) triggered by 23.95.250.135 (23-95-250-135-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 04:13:24.640586 2025] [security2:error] [pid 2863389:tid 2863500] [client 23.95.250.135:35705] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kettlehill.kettlehill.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.kettlehill.com"] [uri "/errors.log"] [unique_id "aDwLpB8IXHoSGgIBxJgTugAAAJc"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-05-27 07:30:03 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack

Showing 1 to 9 of 9 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 207.46.13.6

🇺🇸 35.245.134.51

🇫🇷 144.91.87.42

🇩🇪 116.203.204.171

🇲🇩 89.149.111.118

🇷🇴 80.94.92.182

🇺🇸 71.6.233.161

🇳🇱 45.81.23.14

🇫🇷 161.97.125.94

🇸🇬 156.245.144.121

🇺🇸 151.240.62.118

🇷🇴 80.94.92.184

🇹🇷 78.181.218.241

🇳🇱 45.148.10.141

🇻🇳 45.117.177.47

🇺🇸 43.166.164.158

🇭🇰 43.161.217.205

🇺🇸 2604:a880:400:d1:0:4:8c09:4001

🇩🇪 212.132.120.41

🇩🇪 193.142.43.122