JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 23.94.148.16

23.94.148.16 was found in our database!

This IP was reported 55 times. Confidence of Abuse is 100%: ?

100%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	23-94-148-16-host.colocrossing.com
Domain Name	hostpapa.com
Country	🇺🇸 United States of America
City	Buffalo, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 23.94.148.16

Whois 23.94.148.16

IP Abuse Reports for 23.94.148.16:

This IP address has been reported a total of 55 times from 36 distinct sources. 23.94.148.16 was first reported on December 3rd 2024, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇮 danskefilm.dk	2026-06-22 11:00:01 (2 hours ago)	SQL injection	SQL Injection
🇸🇬 securejdprop	2026-06-22 08:46:13 (5 hours ago)	This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET TOR Known Tor E ... show more This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET TOR Known Tor Exit Node Traffic group 97). Ip 23.94.148.16 performed 'crowdsecurity/suricata-major-severity' (1 events over 0s) at 2026-06-22 08:46:11.915644409 +0000 UTC show less	Hacking Web App Attack
🇩🇪 LRob.fr	2026-06-22 08:15:03 (5 hours ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇮🇩 securejdprop	2026-06-22 06:32:24 (7 hours ago)	This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET TOR Known Tor E ... show more This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET TOR Known Tor Exit Node Traffic group 87). Ip 23.94.148.16 performed 'crowdsecurity/suricata-major-severity' (1 events over 0s) at 2026-06-22 06:32:23.430688803 +0000 UTC show less	Hacking Web App Attack
🇮🇩 securejdprop	2026-06-22 02:27:46 (11 hours ago)	This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET TOR Known Tor E ... show more This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET TOR Known Tor Exit Node Traffic group 87). Ip 23.94.148.16 performed 'crowdsecurity/suricata-major-severity' (1 events over 0s) at 2026-06-22 02:27:45.64424913 +0000 UTC show less	Hacking Web App Attack
🇮🇩 securejdprop	2026-06-21 18:17:50 (19 hours ago)	This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET TOR Known Tor R ... show more This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 87). Ip 23.94.148.16 performed 'crowdsecurity/suricata-major-severity' (1 events over 0s) at 2026-06-21 18:17:49.653960997 +0000 UTC show less	Hacking Web App Attack
🇫🇷 Sklurk	2026-06-21 14:53:43 (23 hours ago)	Web App Attack	Web App Attack
🇫🇮 as211431.net	2026-06-20 11:54:13 (2 days ago)	Triggered Cloudflare WAF (firewallCustom) from T1. Action taken: BLOCK Protocol: HTTP/2 (GET method) ... show more Triggered Cloudflare WAF (firewallCustom) from T1. Action taken: BLOCK Protocol: HTTP/2 (GET method) Endpoint: / UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/26.0.1 Safari/605.1.15 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 antlac1	2026-06-19 11:15:09 (3 days ago)	crowdsecurity/http-bf-wordpress_bf	Brute-Force Web App Attack
🇩🇪 tentwentyfour	2026-06-19 06:41:40 (3 days ago)	Blocked for brute-forcing WordPress log-in	Brute-Force Web App Attack
Anonymous	2026-06-18 15:52:34 (3 days ago)	LH-Watcher: FAKE_ID [TOR Exit Node]	Bad Web Bot
🇩🇪 LRob.fr	2026-06-17 09:30:07 (5 days ago)	Repeated attacks detected by Fail2Ban in recidive jail	Hacking
🇩🇪 4server	2026-06-17 05:54:15 (5 days ago)	[WedJun1707:54:12.3447472026][security2:error][pid2757571:tid2757693][client23.94.148.16:0]ModSecuri ... show more [WedJun1707:54:12.3447472026][security2:error][pid2757571:tid2757693][client23.94.148.16:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"immobiliaretrentino.it\"][uri\"/\"][unique_id\"ajI2hA15ft7kdm56qlMoYgAAAAQ\"] show less	Port Scan Brute-Force Web App Attack
🇩🇪 LRob.fr	2026-06-17 02:00:09 (5 days ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-06-16 13:05:16 (6 days ago)	Web attack/malicious scanning detected	Web App Attack

Showing 1 to 15 of 55 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 69.5.169.218

🇮🇳 168.144.92.125

🇹🇼 123.58.205.100

🇨🇳 117.187.127.135

🇫🇷 85.217.140.26

🇺🇸 2607:f8b0:4001:c58::123

🇫🇷 217.71.127.125

🇧🇷 190.109.65.129

🇳🇱 91.92.42.243

🇳🇱 91.92.42.7

🇩🇪 51.75.64.35

🇷🇺 193.242.105.14

🇺🇦 154.6.41.253

🇭🇰 121.202.206.119

🇻🇳 103.200.24.17

🇺🇸 71.206.190.209

🇺🇸 65.49.1.164

🇺🇸 59.152.127.167

🇹🇼 211.22.166.107

🇺🇸 195.184.76.20