JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 198.23.130.197

198.23.130.197 was found in our database!

This IP was reported 325 times. Confidence of Abuse is 100%: ?

100%

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	198-23-130-197-host.colocrossing.com
Domain Name	hostpapa.com
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 198.23.130.197

Whois 198.23.130.197

IP Abuse Reports for 198.23.130.197:

This IP address has been reported a total of 325 times from 162 distinct sources. 198.23.130.197 was first reported on May 13th 2026, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇲🇽 octageeks.com	2026-06-02 04:09:54 (2 days ago)	Wordpress malicious attack:[octablocked]	Web App Attack
🇩🇪 itsolon	2026-06-01 06:09:30 (3 days ago)	[01/Jun/2026:08:09:29 +0200] 178029416994.676731 198.23.130.197 60906 217.154.7.177 443 [01/Jun/2026 ... show more [01/Jun/2026:08:09:29 +0200] 178029416994.676731 198.23.130.197 60906 217.154.7.177 443 [01/Jun/2026:08:09:29 +0200] 178029416945.827877 198.23.130.197 60888 217.154.7.177 443 [01/Jun/2026:08:09:29 +0200] 178029416912.180449 198.23.130.197 60916 217.154.7.177 443 [01/Jun/2026:08:09:29 +0200] 178029416989.776945 198.23.130.197 43744 217.154.7.177 443 [01/Jun/2026:08:09:30 +0200] 178029417072.739128 198.23.130.197 60868 217.154.7.177 443 ... show less	Port Scan Hacking Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-01 03:38:39 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 198.23.130.197 (198-23-130-197-host.colocrossin ... show more (mod_security) mod_security (id:210492) triggered by 198.23.130.197 (198-23-130-197-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 23:38:34.115028 2026] [security2:error] [pid 25420:tid 25420] [client 198.23.130.197:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hvacs-aircon.com"] [uri "/.git/HEAD"] [unique_id "ahz-unBZOkJv-pCk9w7nqQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Baking333	2026-06-01 03:38:17 (3 days ago)	[redacted] 198.23.130.197 - - [01/Jun/2026:04:38:13 +0100] "GET /.git/HEAD HTTP/1.1" 302 1544 0/3039 ... show more [redacted] 198.23.130.197 - - [01/Jun/2026:04:38:13 +0100] "GET /.git/HEAD HTTP/1.1" 302 1544 0/303993 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 15_7_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/26.0 Safari/605.1.15" [redacted] 198.23.130.197 - - [01/Jun/2026:04:38:15 +0100] "GET /.aws/credentials HTTP/1.1" 302 5273 0/119089 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 15_7_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/26.0 Safari/605.1.15" show less	Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-05-31 19:14:52 (3 days ago)	Web attack/malicious scanning detected	Web App Attack
🇫🇷 masterguru	2026-05-31 17:29:57 (3 days ago)	Restricted File Access Attempt. Matched phrase ".git/" at REQUEST_FILENAME. (930130-195)	Hacking Web App Attack
🇫🇷 masterguru	2026-05-31 16:59:45 (3 days ago)	Restricted File Access Attempt. Matched phrase ".git/" at REQUEST_FILENAME. (930130-201)	Hacking Web App Attack
🇫🇷 masterguru	2026-05-31 15:32:06 (3 days ago)	Restricted File Access Attempt. Matched phrase ".git/" at REQUEST_FILENAME. (930130-196)	Hacking Web App Attack
Anonymous	2026-05-31 13:21:25 (4 days ago)	PSCSERV WPSCAN 198.23.130.197	Bad Web Bot Web App Attack
🇮🇩 soc-yk	2026-05-31 08:18:10 (4 days ago)	Type: suspicious_network_activity Threat: unknown Risk: 92 Events: 67 Evidence: - Persistent suspic ... show more Type: suspicious_network_activity Threat: unknown Risk: 92 Events: 67 Evidence: - Persistent suspicious network activity detected - Repeated hostile operational behavior observed - Multi-event operational persistence identified - Threat escalation behavior observed show less	Port Scan Hacking
🇳🇱 i-turnradio.nl	2026-05-31 05:57:44 (4 days ago)	2026-05-31 @ 07:57:43 (CET) ~ Blocked for trying to access: /.env.local	Web App Attack
🇩🇪 gadix	2026-05-31 05:21:32 (4 days ago)	[31/May/2026:07:21:31.203856 +0200] ahvFWy9jgsUlxv_zzrjNYwAAAEk 198.23.130.197 58106 127.0.0.1 7081 ... show more [31/May/2026:07:21:31.203856 +0200] ahvFWy9jgsUlxv_zzrjNYwAAAEk 198.23.130.197 58106 127.0.0.1 7081 [31/May/2026:07:21:31.219030 +0200] ahvFW793bQnXYEK6gC56ZgAAAA8 198.23.130.197 58110 127.0.0.1 7081 [31/May/2026:07:21:31.683025 +0200] ahvFWy9jgsUlxv_zzrjNZAAAAEM 198.23.130.197 58114 127.0.0.1 7081 ... show less	Web App Attack
🇳🇱 Site.eu	2026-05-31 04:34:13 (4 days ago)	Excessive multi-domain requests	Brute-Force
🇩🇪 raph	2026-05-31 03:23:43 (4 days ago)	[DOT FILES] crawler .env, .git, .config, etc.	Bad Web Bot Web App Attack
🇺🇸 agenciahypelab.com.br	2026-05-31 03:14:54 (4 days ago)	WordPress login brute-force detectado e bloqueado pelo CSF/LFD. Trigger: LF_TRIGGER	Brute-Force SSH

Showing 1 to 15 of 325 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 195.184.76.16

🇺🇸 192.3.218.12

🇧🇴 181.177.184.96

🇭🇰 152.32.129.236

🇹🇼 101.13.5.39

🇺🇸 99.90.209.109

🇦🇷 45.230.206.60

🇬🇧 35.203.211.26

🇮🇳 27.59.76.191

🇺🇸 216.172.190.116

🇿🇼 102.213.42.86

🇮🇹 93.92.76.23

🇬🇧 35.203.211.35

🇩🇪 213.209.159.56

🇵🇹 176.79.103.149

🇳🇱 176.65.139.103

🇺🇸 154.92.23.249

🇭🇰 150.5.154.160

🇩🇪 138.226.236.44

🇺🇸 136.28.52.81