JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 198.23.142.70

198.23.142.70 was found in our database!

This IP was reported 32 times. Confidence of Abuse is 20%: ?

20%

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	delta.hostseba.com
Domain Name	hostpapa.com
Country	🇺🇸 United States of America
City	Buffalo, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 198.23.142.70

Whois 198.23.142.70

IP Abuse Reports for 198.23.142.70:

This IP address has been reported a total of 32 times from 22 distinct sources. 198.23.142.70 was first reported on January 7th 2026, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 technash	2026-05-01 18:13:00 (1 month ago)	HTTP scanning, attempted post on root detected [ModSecurity/Sentinel]. IP was automatically added to ... show more HTTP scanning, attempted post on root detected [ModSecurity/Sentinel]. IP was automatically added to blocklist via Sentinel automation. show less	Web App Attack
🇨🇭 4server	2026-04-29 20:46:28 (1 month ago)	[WedApr2922:46:22.5519742026][security2:error][pid3205332:tid3205548][client198.23.142.70:0]ModSecur ... show more [WedApr2922:46:22.5519742026][security2:error][pid3205332:tid3205548][client198.23.142.70:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\\$\(\?:\\\\\\\\\(\(\?:\\\\\\\\\(.\\\\\\\\\$\\|.\\)\\\\\\\\\)\\|\\\\\\\\{.\\\\\\\\\}\)\\|[\<\>]\\\\\\\\$.\\\\\\\\\$\)\"atARGS:0.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"396\"][id\"393655\"][rev\"17\"][msg\"Atomicorp.comWAFRules:PossibleRemoteCommandExecution:UnixShellExpressionFound\"][data\"MatchedData:\${res}307\`}\)_chunks:\$q2_formdata:{get:\$1:constructor:constructor}}}foundwithinARGS:0:{then:\$1:__proto__:thenstatus:resolved_modelreason:-1value:{then:\$b1337}_response:{_prefix:varres=process.mainmodule.require$child_process$.execsync$id$.tostring.trimthrowobject.assign$newerror\(next_redirect${digest:\`next_redirectpush/login\?a=\${res}307\`}\)_chunks:\$q2_formdata:{get:\$1:constructor:constructor}}}\"][tag\"attack-rce\"][hostname\"4host.biz\"][uri\"/\"][unique_id\"afJuHjrieRg8pawXpxob9wAAAMQ\"] show less	Hacking Web App Attack
🇳🇱 DrLex0	2026-04-29 18:58:32 (1 month ago)	Trying POST on root path 198.23.142.70 443 - [29/Apr/2026:18:58:32 +0000] "POST / HTTP/1.1" 400 390 ... show more Trying POST on root path 198.23.142.70 443 - [29/Apr/2026:18:58:32 +0000] "POST / HTTP/1.1" 400 3905 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 Assetnote/1.0.0" show less	Brute-Force Bad Web Bot Web App Attack
🇯🇵 Valhalla	2026-04-29 10:16:15 (1 month ago)	~ suspicious post ~	Hacking Web App Attack
🇱🇻 garmtech.com	2026-04-29 09:56:26 (1 month ago)	IM360 WAF: RCE via prototype pollution in React Server Components < 19.0.1/19.1.2/19.2.1 or Next.js ... show more IM360 WAF: RCE via prototype pollution in React Server Components < 19.0.1/19.1.2/19.2.1 or Next.js < 15.0.5/16.0.7 (CVE-2025-55182, CVE-2025-66478) show less	Hacking
🇳🇱 homeshowdomain.nl	2026-04-27 22:03:12 (1 month ago)	Auto-ban: 14 malicious requests on 2026-04-26 (e.g., env/backup probes, brute-force, or error bursts ... show more Auto-ban: 14 malicious requests on 2026-04-26 (e.g., env/backup probes, brute-force, or error bursts). show less	Web App Attack SSH Hacking
🇳🇱 homeshowdomain.nl	2026-04-26 22:03:24 (1 month ago)	Auto-ban: >3000 req/min op 2026-04-26	Web App Attack SSH Hacking
🇩🇪 4server	2026-04-26 04:25:48 (1 month ago)	[SunApr2606:25:46.6020322026][security2:error][pid1617683:tid1617908][client198.23.142.70:0]ModSecur ... show more [SunApr2606:25:46.6020322026][security2:error][pid1617683:tid1617908][client198.23.142.70:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\\$\(\?:\\\\\\\\\(\(\?:\\\\\\\\\(.\\\\\\\\\$\\|.\\)\\\\\\\\\)\\|\\\\\\\\{.\\\\\\\\\}\)\\|[\<\>]\\\\\\\\$.\\\\\\\\\$\)\"atARGS:0.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"396\"][id\"393655\"][rev\"17\"][msg\"Atomicorp.comWAFRules:PossibleRemoteCommandExecution:UnixShellExpressionFound\"][data\"MatchedData:\${res}307\`}\)_chunks:\$q2_formdata:{get:\$1:constructor:constructor}}}foundwithinARGS:0:{then:\$1:__proto__:thenstatus:resolved_modelreason:-1value:{then:\$b1337}_response:{_prefix:varres=process.mainmodule.require$child_process$.execsync$id$.tostring.trimthrowobject.assign$newerror\(next_redirect${digest:\`next_redirectpush/login\?a=\${res}307\`}\)_chunks:\$q2_formdata:{get:\$1:constructor:constructor}}}\"][tag\"attack-rce\"][hostname\"fondazionepetronillapontirone.ch\"][uri\"/\"][unique_id\"ae2TyuSanzD show less	Port Scan Brute-Force Web App Attack
🇺🇸 xmission.com	2026-04-07 06:35:25 (2 months ago)	Blocked by UFW (TCP on 43882) Source port: 443 TTL: 50 Packet length: 40 TOS: 0x08 This report (for ... show more Blocked by UFW (TCP on 43882) Source port: 443 TTL: 50 Packet length: 40 TOS: 0x08 This report (for 198.23.142.70) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
Anonymous	2026-01-23 20:30:07 (4 months ago)	Failed Wordpress Logins	Web App Attack
Anonymous	2026-01-18 12:00:10 (4 months ago)	Failed Wordpress Logins	Web App Attack
🇳🇱 Site.eu	2026-01-15 00:34:22 (4 months ago)	Excessive multi-domain requests	Brute-Force
🇫🇷 tecnicorioja	2026-01-14 23:00:19 (4 months ago)	POST /xmlrpc.php [14/Jan/2026:03:17:07	Brute-Force Web App Attack
🇺🇸 myagent.site	2026-01-14 22:10:31 (4 months ago)	Blocking for trying to access an exploit file: /xmlrpc.php	Hacking
🇩🇪 LRob.fr	2026-01-14 15:21:39 (4 months ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack

Showing 1 to 15 of 32 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 162.216.150.4

🇭🇰 103.149.26.43

🇺🇸 64.62.197.44

🇳🇱 45.148.10.151

🇮🇳 202.9.123.34

🇷🇺 188.247.54.50

🇦🇪 165.154.12.108

🇨🇳 117.33.185.57

🇵🇰 110.36.30.112

🇩🇪 87.106.42.210

🇺🇸 73.194.107.45

🇩🇪 69.5.169.194

🇺🇸 35.185.62.54

🇳🇱 5.187.35.142

🇺🇸 216.25.89.116

🇺🇸 205.210.31.88

🇮🇳 202.141.3.87

🇩🇪 172.217.33.151

🇮🇩 147.139.136.75

🇺🇸 98.101.34.22