JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 198.12.153.168

198.12.153.168 was found in our database!

This IP was reported 27 times. Confidence of Abuse is 100%: ?

100%

ISP	GoDaddy.com, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS398101
Hostname(s)	168.153.12.198.host.secureserver.net
Domain Name	godaddy.com
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 198.12.153.168

Whois 198.12.153.168

IP Abuse Reports for 198.12.153.168:

This IP address has been reported a total of 27 times from 25 distinct sources. 198.12.153.168 was first reported on June 4th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇭 TheCoon	2026-06-07 05:00:02 (1 week ago)	Automated: Credential theft attempt - JSON bomb served	Web App Attack Hacking
🇦🇹 urnilxfgbez	2026-06-06 22:45:00 (1 week ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇺🇸 xmission.com	2026-06-06 15:42:34 (1 week ago)	Blocked by UFW (TCP on 2087) Source port: 52542 TTL: 50 Packet length: 60 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 2087) Source port: 52542 TTL: 50 Packet length: 60 TOS: 0x00 This report (for 198.12.153.168) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇫🇷 dynamix	2026-06-06 14:28:43 (1 week ago)	Multiple WAF Violations	Web App Attack
🇺🇸 antlac1	2026-06-06 09:08:59 (1 week ago)	crowdsecurity/http-sensitive-files	Brute-Force Web App Attack
🇩🇪 maxpower	2026-06-06 07:53:32 (1 week ago)	(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 198.12.153.168 (US/United States/168.153 ... show more (exploit_critical) REGOLA 2 - Critical File Exploit Attempt 198.12.153.168 (US/United States/168.153.12.198.host.secureserver.net): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 198.12.153.168 - - [06/Jun/2026:09:53:24 +0200] "GET /wp-config.php.bak HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Linux; Android 14; Pixel 8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Mobile Safari/537.36" "-" host=51.89.20.64 198.12.153.168 - - [06/Jun/2026:09:53:24 +0200] "GET /.aws/credentials HTTP/1.1" 404 10390 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" "-" host=51.89.20.64 show less	Port Scan
🇬🇧 djboddington	2026-06-06 05:50:53 (1 week ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
🇺🇸 jfz-abuse	2026-06-06 05:01:26 (1 week ago)	fail2ban: apache-filepath-recon ...	Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 04:52:51 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 198.12.153.168 (168.153.12.198.host.secureserve ... show more (mod_security) mod_security (id:210492) triggered by 198.12.153.168 (168.153.12.198.host.secureserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 00:52:43.047143 2026] [security2:error] [pid 3239:tid 3239] [client 198.12.153.168:33592] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.114"] [uri "/.git/HEAD"] [unique_id "aiOnm5rUZH4TI7EQcRqaFgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Mangelot Hosting	2026-06-06 02:32:42 (1 week ago)	(modsecurity) srv104 ModSecurity 198.12.153.168 (US/United States/168.153.12.198.host.secureserver.n ... show more (modsecurity) srv104 ModSecurity 198.12.153.168 (US/United States/168.153.12.198.host.secureserver.net): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
🇦🇹 urnilxfgbez	2026-06-05 22:45:00 (1 week ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇺🇸 NXTwoThou	2026-06-05 21:12:32 (1 week ago)	/___proxy_subdomain_whm/login/%3Flogin_only=1	Web App Attack
🇺🇸 doll.gl	2026-06-05 19:43:36 (1 week ago)	198.12.153.168 - - [05/Jun/2026:19:43:34 +0000] "GET /wp-config.php HTTP/1.1" 404 197 "-" "Mozilla/5 ... show more 198.12.153.168 - - [05/Jun/2026:19:43:34 +0000] "GET /wp-config.php HTTP/1.1" 404 197 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" ... show less	Bad Web Bot Web App Attack
Anonymous	2026-06-05 19:14:01 (1 week ago)	Jun 5 15:14:00 localhost kernel: [109032151.042846] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:9 ... show more Jun 5 15:14:00 localhost kernel: [109032151.042846] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:00:00:0c:9f:f0:1e:08:00 SRC=198.12.153.168 DST=[mungedIP2] LEN=60 TOS=0x00 PREC=0x40 TTL=39 ID=49562 DF PROTO=TCP SPT=33928 DPT=8443 WINDOW=14600 RES=0x00 SYN URGP=0 Jun 5 15:14:00 localhost kernel: [109032151.042866] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:00:00:0c:9f:f0:1e:08:00 SRC=198.12.153.168 DST=[mungedIP2] LEN=60 TOS=0x00 PREC=0x40 TTL=39 ID=49562 DF PROTO=TCP SPT=33928 DPT=8443 SEQ=2296764982 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080AF6F51BAC0000000001030307) Jun 5 15:14:00 localhost kernel: [109032151.043074] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:00:00:0c:9f:f0:1e:08:00 SRC=198.12.153.168 DST=[mungedIP2] LEN=60 TOS=0x00 PREC=0x40 TTL=39 ID=24820 DF PROTO=TCP SPT=53526 DPT=2086 WINDOW=14600 RES=0x00 SYN URGP=0 Jun 5 15:14:00 localhost kernel: [109032151.049463] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:00:00:0c:9f show less	Port Scan
🇨🇦 Roper123	2026-06-05 18:31:30 (1 week ago)	Web exploits	Hacking Web App Attack

Showing 1 to 15 of 27 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇻🇳 103.61.44.43

🇸🇬 34.142.214.14

🇷🇴 2.57.122.238

🇩🇪 213.209.159.242

🇧🇷 186.219.184.142

🇨🇳 101.26.28.159

🇩🇪 69.5.169.100

🇳🇱 45.148.10.121

🇲🇽 187.191.48.4

🇱🇰 124.43.80.221

🇮🇳 122.165.124.15

🇲🇲 103.59.163.134

🇳🇴 85.19.195.12

🇳🇱 81.19.216.85

🇸🇪 78.66.44.23

🇸🇬 45.82.78.106

🇸🇬 45.78.204.254

🇺🇸 34.22.45.52

🇮🇳 8.231.84.60

🇬🇪 188.92.214.134