JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 198.23.158.66

198.23.158.66 was found in our database!

This IP was reported 175 times. Confidence of Abuse is 0%: ?

ISP	HostPapa
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	198-23-158-66-host.colocrossing.com
Domain Name	colocrossing.com
Country	🇺🇸 United States of America
City	Buffalo, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 198.23.158.66

Whois 198.23.158.66

IP Abuse Reports for 198.23.158.66:

This IP address has been reported a total of 175 times from 122 distinct sources. 198.23.158.66 was first reported on February 3rd 2024, and the most recent report was 7 months ago.

Old Reports: The most recent abuse report for this IP address is from 7 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2025-11-09 14:46:14 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 198.23.158.66 (198-23-158-66-host.colocrossing. ... show more (mod_security) mod_security (id:210492) triggered by 198.23.158.66 (198-23-158-66-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 09 09:46:08.368560 2025] [security2:error] [pid 5149:tid 5149] [client 198.23.158.66:51160] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "phlippo.com"] [uri "/.env"] [unique_id "aRCpMB2agSVzd2xBNOMwCQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-09 10:40:02 (7 months ago)	suspicious request in access.log	Web App Attack
🇺🇸 octageeks.com	2025-11-09 05:10:06 (7 months ago)	Wordpress malicious attack:[octablocked]	Web App Attack
🇺🇸 TPI-Abuse	2025-11-09 04:16:16 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 198.23.158.66 (198-23-158-66-host.colocrossing. ... show more (mod_security) mod_security (id:210492) triggered by 198.23.158.66 (198-23-158-66-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 08 23:16:12.072906 2025] [security2:error] [pid 15844:tid 15969] [client 198.23.158.66:61933] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.com"] [uri "/.env"] [unique_id "aRAVjA30xhLRgp-P1zFUdQAAAMo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-08 17:19:56 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 198.23.158.66 (198-23-158-66-host.colocrossing. ... show more (mod_security) mod_security (id:210492) triggered by 198.23.158.66 (198-23-158-66-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 08 12:19:53.420884 2025] [security2:error] [pid 6312:tid 6312] [client 198.23.158.66:53262] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mavikalem.org"] [uri "/.env"] [unique_id "aQ97uSoCWwqt5jynCltd9gAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 voormedia	2025-11-08 16:55:43 (7 months ago)	Accessed trap at '/.env'	Web App Attack
🇬🇧 gtabomber	2025-11-08 05:32:47 (7 months ago)	2025-11-08T05:32:30.288007 espaceonline.co.uk auth[23908]: pam_unix(dovecot:auth): authentication fa ... show more 2025-11-08T05:32:30.288007 espaceonline.co.uk auth[23908]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot [email protected] rhost=198.23.158.66 2025-11-08T05:32:31.815953 espaceonline.co.uk dovecot[29749]: auth-worker(23908): pam([email protected],198.23.158.66,<mmnQnw5D7sTGF55C>): unknown user (given password: panafonic2) 2025-11-08T05:32:37.431142 espaceonline.co.uk auth[23908]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot [email protected] rhost=198.23.158.66 ... show less	Brute-Force SSH
Anonymous	2025-08-19 21:18:00 (10 months ago)	Failed SPF check	Email Spam
🇬🇧 Bytemark	2025-08-19 13:49:18 (10 months ago)	Aug 19 14:49:17 dlcentre3 postfix/smtpd[8072]: NOQUEUE: reject: RCPT from unknown[198.23.158.66]: 55 ... show more Aug 19 14:49:17 dlcentre3 postfix/smtpd[8072]: NOQUEUE: reject: RCPT from unknown[198.23.158.66]: 554 5.7.1 Service unavailable; Client host [198.23.158.66] blocked using cbl.abuseat.org; Listed by XBL, see https://check.spamhaus.org/query/ip/198.23.158.66; from=<> to=<[email protected]> proto=SMTP helo=<mx.distancelearningcentre.com> show less	Email Spam Spoofing Brute-Force Exploited Host
Anonymous	2025-07-21 18:21:09 (11 months ago)	spamd: identified spam	Email Spam
Anonymous	2025-02-22 20:24:02 (1 year ago)	$f2bV_matches	Brute-Force
🇺🇸 TheSurvivingCatalyst	2024-11-04 05:24:51 (1 year ago)	GET /.env HTTP/1.1 \| GET /.env HTTP/1.1	Brute-Force
🇳🇱 rshict	2024-10-30 17:06:35 (1 year ago)	Hacking, Brute-Force, Web App Attack	Hacking Brute-Force Web App Attack
🇫🇷 geot	2024-10-30 12:22:41 (1 year ago)	GET /.env HTTP/1.1	Hacking Web App Attack
Anonymous	2024-10-30 10:31:41 (1 year ago)	[29/Oct/2024:06:35:32 -0400] \"GET /.env HTTP/1.1\" \"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/53 ... show more [29/Oct/2024:06:35:32 -0400] \"GET /.env HTTP/1.1\" \"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36\" [29/Oct/2024:06:42:27 -0400] \"GET /.env HTTP/1.1\" \"Mozilla/5.0 (Linux; Android 9; SM-N950F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36\" show less	Hacking

Showing 1 to 15 of 175 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.73.216.237

🇮🇹 185.124.182.171

🇭🇰 103.218.241.245

🇨🇦 85.217.149.36

🇺🇸 15.204.239.142

🇧🇷 191.185.120.236

🇳🇱 178.16.53.241

🇩🇪 172.217.33.151

🇻🇳 165.99.16.135

🇵🇭 161.49.89.39

🇮🇳 103.204.167.14

🇮🇳 103.152.159.140

🇳🇱 91.92.40.5

🇳🇱 45.148.10.157

🇺🇸 44.72.112.230

🇺🇸 20.118.201.169

🇧🇷 177.223.46.226

🇻🇳 171.231.181.57

🇰🇷 59.17.152.196

🇳🇱 45.148.10.29