JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 160.153.189.18

160.153.189.18 was found in our database!

This IP was reported 578 times. Confidence of Abuse is 60%: ?

60%

ISP	GoDaddy.com, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS398101
Hostname(s)	18.189.153.160.host.secureserver.net
Domain Name	godaddy.com
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 160.153.189.18

Whois 160.153.189.18

IP Abuse Reports for 160.153.189.18:

This IP address has been reported a total of 578 times from 239 distinct sources. 160.153.189.18 was first reported on January 26th 2026, and the most recent report was 7 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 nyt	2026-06-21 10:06:24 (7 hours ago)	Sensitive File Probe	Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 18:38:41 (22 hours ago)	(mod_security) mod_security (id:210492) triggered by 160.153.189.18 (18.189.153.160.host.secureserve ... show more (mod_security) mod_security (id:210492) triggered by 160.153.189.18 (18.189.153.160.host.secureserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 14:38:36.694456 2026] [security2:error] [pid 17286:tid 17286] [client 160.153.189.18:53918] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "magesquo.com"] [uri "/.env.bak"] [unique_id "ajbeLCviIgYpW0Sy-paHagAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 nyt	2026-06-20 07:28:58 (1 day ago)	Sensitive File Probe	Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 05:38:20 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 160.153.189.18 (18.189.153.160.host.secureserve ... show more (mod_security) mod_security (id:210492) triggered by 160.153.189.18 (18.189.153.160.host.secureserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 01:38:12.682362 2026] [security2:error] [pid 19838:tid 19838] [client 160.153.189.18:65438] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.jisu-huya.com"] [uri "/.env.local"] [unique_id "ajYnRJAOGg5w8DSP-dTE8QAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 nyt	2026-06-18 20:07:25 (2 days ago)	Sensitive File Probe	Web App Attack
🇫🇷 Octopuce	2026-06-18 13:38:29 (3 days ago)	Aggressive web search of vulnerable pages: /.env.local /.env.local /.env.local /.env.local /.env.loc ... show more Aggressive web search of vulnerable pages: /.env.local /.env.local /.env.local /.env.local /.env.local /.env.local /.env /.env ... show less	Web App Attack
🇫🇷 masterguru	2026-06-08 02:44:30 (1 week ago)	URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .b ... show more URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .backup/ .bak/ .bck/ .bk/ .bkp/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .cnf/ .com/ .compositefont/ .config/ .conf/ .copy/ .crt/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dist/ .dll/ .dos/ .dpkg-dist/ .drv/ .gadget/ .hta/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .inf/ .ini/ .jks/ .jse/ .key/ .licx/ .lnk/ .log/ .mdb/ .msc/ .ocx/ .old/ .pass/ .pdb/ .pfx/ .pif/ .pem/ .pol/ .prf/ .printer/ .pwd/ .rdb/ .rdp/ .reg/ .resources/ .resx/ .sav/ .save/ .scr/ .sct/ .sh/ .shs/ .sql/ .sqlite/ .sqlite3/ .swap/ .swo/ .swp/ .sys/ .temp/ .tfstate/ .tlb/ .tmp/ .vb/ .vbe/ .vbs/ .vbproj/ .vsdisco/ .vxd/ .webinfo/ .ws/ .wsc/ .wsf/ .wsh/ .xsd/ .xsx/" at TX:extension. (920440-201) show less	Hacking
🇬🇧 djboddington	2026-06-07 04:39:50 (2 weeks ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
🇺🇸 TPI-Abuse	2026-06-05 17:18:53 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 160.153.189.18 (18.189.153.160.host.secureserve ... show more (mod_security) mod_security (id:210492) triggered by 160.153.189.18 (18.189.153.160.host.secureserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 13:18:48.224809 2026] [security2:error] [pid 4457:tid 4457] [client 160.153.189.18:58535] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cdalakefrontcabin.com"] [uri "/.env.production"] [unique_id "aiME-D4ADAtV8j4qiKjwDwAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 bazter.pro	2026-06-04 18:05:24 (2 weeks ago)	Auto-Ban [2026-06-04 21:05:24]: CRITICAL: .env attack; DC: GoDaddy.com, LLC [Paths: 8] \| Details: Ex ... show more Auto-Ban [2026-06-04 21:05:24]: CRITICAL: .env attack; DC: GoDaddy.com, LLC [Paths: 8] \| Details: Exploit trap paths: /.env.production, /.env, /.env.save, /.env.example, /info.php \| Sensitive files/paths: /.env.production, /.env, /.env.save, /.env.example \| Other paths: /i.php, /.env.production, /.env, /config.json, /.env.save, /.config.json, /info.php, /.env.example show less	Web App Attack Hacking
🇫🇷 dynamix	2026-06-03 19:16:17 (2 weeks ago)	Multiple WAF Violations	Web App Attack
🇩🇪 Skyrider	2026-06-03 02:43:02 (2 weeks ago)	160.153.189.18 - - [03/Jun/2026:04:43:00 +0200] "GET /.env HTTP/2.0" 404 548 "-" "Mozilla/5.0 (Windo ... show more 160.153.189.18 - - [03/Jun/2026:04:43:00 +0200] "GET /.env HTTP/2.0" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" 160.153.189.18 - - [03/Jun/2026:04:43:00 +0200] "GET /.env.old HTTP/2.0" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" 160.153.189.18 - - [03/Jun/2026:04:43:01 +0200] "GET /phpinfo.php HTTP/2.0" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" 160.153.189.18 - - [03/Jun/2026:04:43:01 +0200] "GET /.env.example HTTP/2.0" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" 160.153.189.18 - - [03/Jun/2026:04:43:01 +0200] "GET /.env.save HTTP/2.0" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" show less	Bad Web Bot Web App Attack
Anonymous	2026-06-01 07:37:47 (2 weeks ago)	Blocked: Reason='Suspicious traffic score=60 (review-based detection)'; Requests=19	Hacking
🇩🇪 LRob.fr	2026-06-01 00:30:13 (2 weeks ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-31 10:14:41 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 160.153.189.18 (18.189.153.160.host.secureserve ... show more (mod_security) mod_security (id:210492) triggered by 160.153.189.18 (18.189.153.160.host.secureserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 06:14:35.303430 2026] [security2:error] [pid 8976:tid 8976] [client 160.153.189.18:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "antitribu.com"] [uri "/.env.local"] [unique_id "ahwKC70yhf0wFTmMl5-WqQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 578 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 117.14.172.240

🇺🇸 34.138.177.92

🇺🇸 2600:4040:2459:5b00:f86a:a808:5981:21ff

🇵🇰 175.107.224.25

🇹🇭 171.100.121.127

🇺🇸 165.154.172.72

🇭🇰 152.32.189.59

🇲🇾 149.118.135.252

🇸🇬 139.59.230.238

🇺🇸 74.249.185.108

🇮🇩 69.5.0.120

🇩🇪 216.26.249.150

🇩🇪 213.209.159.175

🇩🇪 209.50.186.224

🇲🇴 182.93.7.194

🇨🇷 179.48.248.245

🇺🇸 152.32.206.74

🇧🇷 129.121.47.136

🇷🇺 92.255.170.48

🇺🇸 66.132.195.39