JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 162.158.168.152

162.158.168.152 was found in our database!

This IP was reported 65 times. Confidence of Abuse is 0%: ?

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇦🇺 Australia
City	Sydney, New South Wales

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Important Note: 162.158.168.152 is an IP address from within our whitelist belonging to the subnet 162.158.0.0/15, which we identify as: "Cloudflare Reverse Proxy".

Whitelisted netblocks are typically owned by trusted entities, such as Google or Microsoft who may use them for search engine spiders. However, these same entities sometimes also provide cloud servers and mail services which are easily abused. Pay special attention when trusting or distrusting these IPs.

Report 162.158.168.152

Whois 162.158.168.152

IP Abuse Reports for 162.158.168.152:

This IP address has been reported a total of 65 times from 17 distinct sources. 162.158.168.152 was first reported on November 4th 2024, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 mawan	2026-06-15 05:16:16 (4 days ago)	Suspected of having performed illicit activity on LAX server.	Web App Attack
🇩🇪 www.mammazone.it	2026-05-19 13:40:18 (1 month ago)	[Tue May 19 15:40:18.325567 2026] [proxy_fcgi:error] [pid 175172] [client 162.158.168.152:13897] AH0 ... show more [Tue May 19 15:40:18.325567 2026] [proxy_fcgi:error] [pid 175172] [client 162.158.168.152:13897] AH01071: Got error 'Primary script unknown' ... show less	Hacking Web App Attack
🇩🇪 www.mammazone.it	2026-05-16 07:26:19 (1 month ago)	fabiodirauso.it:443 162.158.168.152 - - [16/May/2026:09:26:04 +0200] "GET /wp-login.php HTTP/1.1" 20 ... show more fabiodirauso.it:443 162.158.168.152 - - [16/May/2026:09:26:04 +0200] "GET /wp-login.php HTTP/1.1" 200 20058 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" fabiodirauso.it:443 162.158.168.152 - - [16/May/2026:09:26:18 +0200] "GET /xmlrpc.php HTTP/1.1" 200 20058 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" ... show less	Hacking
🇩🇪 www.mammazone.it	2026-04-30 03:12:06 (1 month ago)	underdomotic.fabiodirauso.it:443 162.158.168.152 - - [30/Apr/2026:05:12:02 +0200] "GET /.env.test HT ... show more underdomotic.fabiodirauso.it:443 162.158.168.152 - - [30/Apr/2026:05:12:02 +0200] "GET /.env.test HTTP/1.1" 404 418 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" underdomotic.fabiodirauso.it:443 162.158.168.152 - - [30/Apr/2026:05:12:05 +0200] "GET /.env.remote HTTP/1.1" 404 418 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" ... show less	Hacking
🇩🇪 acadeova	2026-04-25 12:38:14 (1 month ago)	🚨 Recon detected (nft drop) SRC=162.158.168.152 Observed=TCP dpt=80 in=enp0s6 ttl=53 Time=recent(jou ... show more 🚨 Recon detected (nft drop) SRC=162.158.168.152 Observed=TCP dpt=80 in=enp0s6 ttl=53 Time=recent(journalctl: 10 minutes ago) Assessment=Generic scanning / reconnaissance (PORT_SCAN) show less	Port Scan
🇩🇪 www.mammazone.it	2026-04-22 10:45:52 (1 month ago)	[Wed Apr 22 12:45:52.461719 2026] [proxy_fcgi:error] [pid 1158382] [client 162.158.168.152:12587] AH ... show more [Wed Apr 22 12:45:52.461719 2026] [proxy_fcgi:error] [pid 1158382] [client 162.158.168.152:12587] AH01071: Got error 'Primary script unknown' [Wed Apr 22 12:45:52.764785 2026] [proxy_fcgi:error] [pid 1158382] [client 162.158.168.152:12587] AH01071: Got error 'Primary script unknown' ... show less	Hacking
🇺🇦 URAN Publishing Service	2026-04-16 20:39:47 (2 months ago)	162.158.168.152 - - [16/Apr/2026:23:39:41 +0300] "GET /admin.php/wp-includes/certificates/about.php ... show more 162.158.168.152 - - [16/Apr/2026:23:39:41 +0300] "GET /admin.php/wp-includes/certificates/about.php HTTP/1.1" 404 783 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 162.158.168.152 - - [16/Apr/2026:23:39:46 +0300] "GET /wp-includes/IXR/about.php HTTP/1.1" 404 783 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" ... show less	Web App Attack
🇬🇧 pinguin	2026-04-16 09:52:44 (2 months ago)	Triggered Cloudflare WAF (firewallManaged) from AU. Action taken: LOG Protocol: HTTP/2 (GET method) ... show more Triggered Cloudflare WAF (firewallManaged) from AU. Action taken: LOG Protocol: HTTP/2 (GET method) Endpoint: /wp-login.php UA: Mozilla/5.0 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇬🇧 openstrike.co.uk	2026-03-21 06:13:49 (2 months ago)	5 attacks on ACME URLs, PHP URLs: GET /.well-known/acme-challenge/new.php HTTP/1.1 GET /.well-known/ ... show more 5 attacks on ACME URLs, PHP URLs: GET /.well-known/acme-challenge/new.php HTTP/1.1 GET /.well-known/autoload_classmap.php HTTP/1.1 show less	Web App Attack
🇩🇪 acadeova	2026-02-18 13:17:47 (4 months ago)	🚨 Recon detected (nft drop) SRC=162.158.168.152 Observed=TCP dpt=80 in=enp0s6 ttl=53 Time=recent(jou ... show more 🚨 Recon detected (nft drop) SRC=162.158.168.152 Observed=TCP dpt=80 in=enp0s6 ttl=53 Time=recent(journalctl: 10 minutes ago) Assessment=Generic scanning / reconnaissance (PORT_SCAN) show less	Port Scan
Anonymous	2026-01-16 08:50:57 (5 months ago)	2026-01-16T09:48:54.985995+01:00 nimbus sshd[2178]: Failed password for invalid user kafka from 162. ... show more 2026-01-16T09:48:54.985995+01:00 nimbus sshd[2178]: Failed password for invalid user kafka from 162.158.168.152 port 62536 ssh2 2026-01-16T09:50:54.698699+01:00 nimbus sshd[2290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.158.168.152 user=root 2026-01-16T09:50:56.617357+01:00 nimbus sshd[2290]: Failed password for root from 162.158.168.152 port 38852 ssh2 ... show less	Brute-Force SSH
🇦🇺 oncord	2025-09-02 00:34:42 (9 months ago)	Form spam	Web Spam
Anonymous	2025-08-24 01:19:56 (9 months ago)	[Sun Aug 24 03:19:54.762454 2025] [authz_core:error] [pid 28513] [client 162.158.168.152:10882] AH01 ... show more [Sun Aug 24 03:19:54.762454 2025] [authz_core:error] [pid 28513] [client 162.158.168.152:10882] AH01630: client denied by server configuration: /etc/httpd/htdocs [Sun Aug 24 03:19:55.046766 2025] [authz_core:error] [pid 28513] [client 162.158.168.152:10882] AH01630: client denied by server configuration: /etc/httpd/htdocs [Sun Aug 24 03:19:55.330382 2025] [authz_core:error] [pid 28513] [client 162.158.168.152:10882] AH01630: client denied by server configuration: /etc/httpd/htdocs ... show less	Web App Attack
Anonymous	2025-08-19 18:56:51 (9 months ago)	[Tue Aug 19 20:56:49.652337 2025] [authz_core:error] [pid 3437] [client 162.158.168.152:9322] AH0163 ... show more [Tue Aug 19 20:56:49.652337 2025] [authz_core:error] [pid 3437] [client 162.158.168.152:9322] AH01630: client denied by server configuration: /etc/httpd/htdocs [Tue Aug 19 20:56:49.938545 2025] [authz_core:error] [pid 3437] [client 162.158.168.152:9322] AH01630: client denied by server configuration: /etc/httpd/htdocs [Tue Aug 19 20:56:50.224927 2025] [authz_core:error] [pid 3437] [client 162.158.168.152:9322] AH01630: client denied by server configuration: /etc/httpd/htdocs ... show less	Web App Attack
Anonymous	2025-08-19 08:12:10 (10 months ago)	[Tue Aug 19 10:12:09.294685 2025] [authz_core:error] [pid 30917] [client 162.158.168.152:38684] AH01 ... show more [Tue Aug 19 10:12:09.294685 2025] [authz_core:error] [pid 30917] [client 162.158.168.152:38684] AH01630: client denied by server configuration: /etc/httpd/htdocs [Tue Aug 19 10:12:09.578716 2025] [authz_core:error] [pid 30917] [client 162.158.168.152:38684] AH01630: client denied by server configuration: /etc/httpd/htdocs [Tue Aug 19 10:12:09.865081 2025] [authz_core:error] [pid 30917] [client 162.158.168.152:38684] AH01630: client denied by server configuration: /etc/httpd/htdocs ... show less	Web App Attack

Showing 1 to 15 of 65 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 195.184.76.163

🇬🇧 193.163.125.85

🇺🇸 147.185.132.151

🇧🇩 103.213.238.91

🇷🇸 87.116.177.74

🇩🇪 69.5.169.116

🇮🇳 49.204.142.60

🇺🇸 47.254.89.149

🇳🇱 45.148.10.152

🇨🇳 14.103.117.77

🇳🇱 5.61.209.92

🇺🇸 2600:1900:0:4005::400

🇬🇧 213.166.84.59

🇺🇸 209.173.247.210

🇲🇽 201.166.170.9

🇧🇷 187.84.154.150

🇪🇨 186.68.83.105

🇺🇸 141.148.161.227

🇵🇭 139.135.192.70

🇨🇳 123.191.143.210