JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 23.95.80.172

23.95.80.172 was found in our database!

This IP was reported 15 times. Confidence of Abuse is 37%: ?

37%

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	23-95-80-172-host.colocrossing.com
Domain Name	hostpapa.com
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 23.95.80.172

Whois 23.95.80.172

IP Abuse Reports for 23.95.80.172:

This IP address has been reported a total of 15 times from 5 distinct sources. 23.95.80.172 was first reported on June 10th 2026, and the most recent report was 9 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 openstrike.co.uk	2026-06-13 05:14:31 (9 minutes ago)	2 attacks on password grabbing URLs: GET /.vscode/sftp.json HTTP/1.1	Hacking
🇺🇸 TPI-Abuse	2026-06-12 20:59:42 (8 hours ago)	(mod_security) mod_security (id:210492) triggered by 23.95.80.172 (23-95-80-172-host.colocrossing.co ... show more (mod_security) mod_security (id:210492) triggered by 23.95.80.172 (23-95-80-172-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 16:59:39.127008 2026] [security2:error] [pid 23547:tid 23547] [client 23.95.80.172:7268] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "costumeshalloweenparty.com"] [uri "/sftp-config.json"] [unique_id "aixzOwEMDOShDhWZaLQDEwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-11 22:52:00 (1 day ago)	Multiple Violations by Bot	Port Scan Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 21:19:16 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 23.95.80.172 (23-95-80-172-host.colocrossing.co ... show more (mod_security) mod_security (id:210492) triggered by 23.95.80.172 (23-95-80-172-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 17:19:10.231395 2026] [security2:error] [pid 2639:tid 2639] [client 23.95.80.172:53660] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "consorciolegal.com"] [uri "/sftp-config.json"] [unique_id "aismTk5fwZ3K_MobYVSpkQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 20:53:06 (1 day ago)	(mod_security) mod_security (id:210580) triggered by 23.95.80.172 (23-95-80-172-host.colocrossing.co ... show more (mod_security) mod_security (id:210580) triggered by 23.95.80.172 (23-95-80-172-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 16:53:01.353675 2026] [security2:error] [pid 1618:tid 1641] [client 23.95.80.172:36980] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "sftp-config.json" at REQUEST_COOKIES:handl_landing_page. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt\|\|conservativelabor.com\|F\|2"] [data "Matched Data: sftp-config.json found within REQUEST_COOKIES:handl_landing_page: http:/conceptionsflorida.com/sftp-config.json"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "conservativelabor.com"] [uri "/.vscode/sftp.json"] [unique_id "aisgLSayRgJcVBrdySzOKwAAAUU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 19:03:53 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 23.95.80.172 (23-95-80-172-host.colocrossing.co ... show more (mod_security) mod_security (id:210492) triggered by 23.95.80.172 (23-95-80-172-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 15:03:49.811145 2026] [security2:error] [pid 29421:tid 29421] [client 23.95.80.172:49328] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "connectigramme.com"] [uri "/sftp-config.json"] [unique_id "aisGleqM3UzasNABQ3JFeQAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 13:37:21 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 23.95.80.172 (23-95-80-172-host.colocrossing.co ... show more (mod_security) mod_security (id:210492) triggered by 23.95.80.172 (23-95-80-172-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 09:37:17.531743 2026] [security2:error] [pid 15570:tid 15570] [client 23.95.80.172:32536] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "compupackinc.com"] [uri "/sftp-config.json"] [unique_id "aiq6Da2TpN4aE53-4Ga7QQAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 08:52:55 (1 day ago)	(mod_security) mod_security (id:210580) triggered by 23.95.80.172 (23-95-80-172-host.colocrossing.co ... show more (mod_security) mod_security (id:210580) triggered by 23.95.80.172 (23-95-80-172-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 04:52:51.097028 2026] [security2:error] [pid 28958:tid 28958] [client 23.95.80.172:7022] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "sftp-config.json" at REQUEST_COOKIES:handl_landing_page. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt\|\|www.proprocessor.com\|F\|2"] [data "Matched Data: sftp-config.json found within REQUEST_COOKIES:handl_landing_page: http:/coloradopolicereport.com/sftp-config.json"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.proprocessor.com"] [uri "/sausage-stuffers.htm"] [unique_id "aip3Y8QhhRPNrM7jhFTkaAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 afleventoffice.com.au	2026-06-11 08:10:53 (1 day ago)	GET /.vscode/sftp.json HTTP/1.1	Web App Attack
🇨🇭 4server	2026-06-11 06:04:04 (1 day ago)	[ThuJun1108:04:01.1105602026][security2:error][pid1895129:tid1895146][client23.95.80.172:0]ModSecuri ... show more [ThuJun1108:04:01.1105602026][security2:error][pid1895129:tid1895146][client23.95.80.172:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Matchedphrase\"sftp-config.json\"atREQUEST_COOKIES:handl_landing_page.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"135\"][id\"344360\"][rev\"5\"][msg\"Atomicorp.comWAFRules:UnauthorizedOperatingSystemFileAccessAttempt\"][data\"MatchedData:sftp-config.jsonfoundwithinREQUEST_COOKIES:handl_landing_page:http:/coloradopolicereport.com/sftp-config.json\"][severity\"CRITICAL\"][tag\"attack-lfi\"][hostname\"comarcosa.com\"][uri\"/\"][unique_id\"aipP0U1slpywDCToV3j96wAAAU8\"] show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 05:43:16 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 23.95.80.172 (23-95-80-172-host.colocrossing.co ... show more (mod_security) mod_security (id:210492) triggered by 23.95.80.172 (23-95-80-172-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 01:43:08.215258 2026] [security2:error] [pid 16515:tid 16515] [client 23.95.80.172:28718] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "colvani.com"] [uri "/sftp-config.json"] [unique_id "aipK7Cs6wIunyqZ9_IDt-QAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 04:04:11 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 23.95.80.172 (23-95-80-172-host.colocrossing.co ... show more (mod_security) mod_security (id:210492) triggered by 23.95.80.172 (23-95-80-172-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 00:04:07.319441 2026] [security2:error] [pid 19913:tid 19913] [client 23.95.80.172:36880] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "coloradohifi.com"] [uri "/sftp-config.json"] [unique_id "aiozt_prERbfIdS_fVswygAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 02:25:47 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 23.95.80.172 (23-95-80-172-host.colocrossing.co ... show more (mod_security) mod_security (id:210492) triggered by 23.95.80.172 (23-95-80-172-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 22:25:42.536488 2026] [security2:error] [pid 10799:tid 10799] [client 23.95.80.172:63030] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "collectorcarconsultants.com"] [uri "/sftp-config.json"] [unique_id "aiocprRdz-5f0yQzN-X1RAAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 00:50:17 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 23.95.80.172 (23-95-80-172-host.colocrossing.co ... show more (mod_security) mod_security (id:210492) triggered by 23.95.80.172 (23-95-80-172-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 20:50:10.031330 2026] [security2:error] [pid 11310:tid 11310] [client 23.95.80.172:37196] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.oualierealty.com"] [uri "/sftp-config.json"] [unique_id "aioGQsmBnj6VSpdaSNZ6HgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 22:48:34 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 23.95.80.172 (23-95-80-172-host.colocrossing.co ... show more (mod_security) mod_security (id:210492) triggered by 23.95.80.172 (23-95-80-172-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 18:48:28.708807 2026] [security2:error] [pid 13618:tid 13641] [client 23.95.80.172:20256] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "coherencerx.com"] [uri "/sftp-config.json"] [unique_id "ainpvDGkk9OeHpz5vE4m1QAAAVU"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 15 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 211.149.134.60

🇨🇦 15.235.123.247

🇦🇷 190.179.157.131

🇸🇪 171.25.158.70

🇫🇷 151.80.77.244

🇮🇳 143.110.177.177

🇵🇰 103.4.103.158

🇺🇸 65.49.1.87

🇦🇷 45.230.66.100

🇩🇪 34.179.243.105

🇯🇵 20.78.148.25

🇺🇸 216.25.89.86

🇰🇷 210.104.221.252

🇩🇪 209.50.190.28

🇹🇼 111.70.39.214

🇫🇷 82.65.16.176

🇷🇴 80.94.92.184

🇱🇹 45.227.254.170

🇳🇱 45.148.10.151

🇨🇳 43.139.115.189