JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 94.23.12.112

94.23.12.112 was found in our database!

This IP was reported 47 times. Confidence of Abuse is 100%: ?

100%

ISP	OVH SAS
Usage Type	Data Center/Web Hosting/Transit
ASN	AS16276
Hostname(s)	ns376288.ip-94-23-12.eu
Domain Name	ovh.net
Country	🇫🇷 France
City	Lille, Hauts-de-France

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 94.23.12.112

Whois 94.23.12.112

IP Abuse Reports for 94.23.12.112:

This IP address has been reported a total of 47 times from 31 distinct sources. 94.23.12.112 was first reported on June 12th 2026, and the most recent report was 26 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 VanKoh	2026-06-13 00:07:31 (26 minutes ago)	94.23.12.112 - - [12/Jun/2026:18:06:39 -0600] "GET /wp-json/ldlms/v2/users?per_page=100&_fields=user ... show more 94.23.12.112 - - [12/Jun/2026:18:06:39 -0600] "GET /wp-json/ldlms/v2/users?per_page=100&_fields=user_login HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36, Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" 94.23.12.112 - - [12/Jun/2026:18:07:26 -0600] "GET /?rest_route=/wp/v2/users&_jsonp=callback&per_page=100&_fields=id,slug HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36, Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" 94.23.12.112 - - [12/Jun/2026:18:07:30 -0600] "GET /wp-json/ultimate-member/v1/users HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36, Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/53 ... show less	DDoS Attack Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 23:30:19 (1 hour ago)	(mod_security) mod_security (id:225170) triggered by 94.23.12.112 (ns376288.ip-94-23-12.eu): 1 in th ... show more (mod_security) mod_security (id:225170) triggered by 94.23.12.112 (ns376288.ip-94-23-12.eu): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 19:30:12.412370 2026] [security2:error] [pid 22138:tid 22138] [client 94.23.12.112:58772] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|nextlevelcharge.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "nextlevelcharge.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aiyWhOBequ-W7JPWvlGy3QAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2026-06-12 23:30:14 (1 hour ago)	Repeated 403 errors, blocked by Fail2ban in custom-403 jail	Bad Web Bot
🇩🇪 maxpower	2026-06-12 23:27:28 (1 hour ago)	(wp_fingerprint) REGOLA 6 - WP Exploit Attempt xmlrpc 94.23.12.112 (FR/France/ns376288.ip-94-23-12.e ... show more (wp_fingerprint) REGOLA 6 - WP Exploit Attempt xmlrpc 94.23.12.112 (FR/France/ns376288.ip-94-23-12.eu): 3 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 94.23.12.112 - - [13/Jun/2026:01:00:21 +0200] "GET /?author=5 HTTP/2.0" 403 129 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" "-" host=agrariaabruzzo.it 2026/06/13 01:00:21 [error] 4123441#4123441: 3760162 access forbidden by rule, client: 94.23.12.112, server: agrariaabruzzo.it, request: "GET /?author=5 HTTP/2.0", host: "agrariaabruzzo.it" 94.23.12.112 - - [13/Jun/2026:01:27:24 +0200] "GET /wp-json/wp/v2/users/me HTTP/2.0" 401 92 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" "-" host=spazioitaliaarteinmovimento.it show less	Port Scan
🇩🇪 sverson	2026-06-12 23:00:57 (1 hour ago)	Mutliple unauthorized attempts to access web resources	Web App Attack
🇫🇷 MatStef132	2026-06-12 22:49:16 (1 hour ago)	MatShield L7: blocked on mathost.eu (ua-quarantined)	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-12 22:09:56 (2 hours ago)	(mod_security) mod_security (id:225170) triggered by 94.23.12.112 (ns376288.ip-94-23-12.eu): 1 in th ... show more (mod_security) mod_security (id:225170) triggered by 94.23.12.112 (ns376288.ip-94-23-12.eu): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 18:09:52.856796 2026] [security2:error] [pid 10093:tid 10093] [client 94.23.12.112:54652] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|georgegourmet.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "georgegourmet.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aiyDsCp8dGw840Lt1E_wwwAAAD8"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇿 huginet	2026-06-12 22:07:38 (2 hours ago)	94.23.12.112 - - [13/Jun/2026:00:05:43 +0200] "GET /wp-json/ldlms/v2/users?per_page=100&_fields=user ... show more 94.23.12.112 - - [13/Jun/2026:00:05:43 +0200] "GET /wp-json/ldlms/v2/users?per_page=100&_fields=user_login HTTP/1.1" 404 151 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36, Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" 94.23.12.112 - - [13/Jun/2026:00:07:37 +0200] "GET /?author=3 HTTP/1.1" 404 81212 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36, Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" ... show less	Web Spam Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 21:47:43 (2 hours ago)	(mod_security) mod_security (id:225170) triggered by 94.23.12.112 (ns376288.ip-94-23-12.eu): 1 in th ... show more (mod_security) mod_security (id:225170) triggered by 94.23.12.112 (ns376288.ip-94-23-12.eu): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 17:47:35.731204 2026] [security2:error] [pid 1335:tid 1335] [client 94.23.12.112:53296] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|glassclublake.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "glassclublake.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aix-d-IjhO3vxJvY_bH35gAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 ph	2026-06-12 21:36:37 (2 hours ago)	Bad web bot attempting to run wp-json on non-WP site	Hacking Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-06-12 21:30:59 (3 hours ago)	Web attack/malicious scanning detected	Web App Attack
🇨🇦 polycoda	2026-06-12 21:14:19 (3 hours ago)	📄 Probes for tons of inexistent files and/or PHP scripts	Hacking Web App Attack
🇩🇪 big-cloud.nl	2026-06-12 21:13:48 (3 hours ago)	Try to access /xmlrpc.php	Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 21:03:47 (3 hours ago)	(mod_security) mod_security (id:225170) triggered by 94.23.12.112 (ns376288.ip-94-23-12.eu): 1 in th ... show more (mod_security) mod_security (id:225170) triggered by 94.23.12.112 (ns376288.ip-94-23-12.eu): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 17:03:39.414313 2026] [security2:error] [pid 30099:tid 30099] [client 94.23.12.112:37278] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|equipoperu.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "equipoperu.org"] [uri "/wp-json/wp/v2/users"] [unique_id "aix0K2aKCB60MyVS9_9qUQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 lns.bz	2026-06-12 20:47:45 (3 hours ago)	Web app attack [PL.Lu]	Exploited Host Web App Attack

Showing 1 to 15 of 47 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇷 85.217.140.37

🇱🇻 196.196.53.60

🇻🇳 171.243.150.62

🇦🇷 148.222.222.44

🇧🇷 138.219.32.55

🇮🇩 103.59.161.173

🇫🇷 91.231.89.232

🇨🇦 85.217.149.3

🇳🇱 85.11.167.7

🇺🇸 68.235.46.234

🇫🇷 62.171.147.220

🇳🇱 45.153.34.186

🇺🇦 37.221.136.181

🇰🇷 218.156.93.202

🇺🇸 208.84.100.207

🇹🇼 198.235.24.119

🇬🇧 193.163.125.226

🇨🇳 183.24.173.214

🇫🇮 147.185.133.41

🇺🇸 144.126.139.23