JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 198.23.221.52

198.23.221.52 was found in our database!

This IP was reported 31 times. Confidence of Abuse is 91%: ?

91%

ISP	WindowsVPS.Host
Usage Type	Data Center/Web Hosting/Transit
ASN	AS36352
Hostname(s)	hydlcx.com
Domain Name	windowsvps.host
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 198.23.221.52

Whois 198.23.221.52

IP Abuse Reports for 198.23.221.52:

This IP address has been reported a total of 31 times from 25 distinct sources. 198.23.221.52 was first reported on March 21st 2025, and the most recent report was 15 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Catalin Negru	2026-06-07 23:04:48 (15 hours ago)	2026-05-31 11:59:30,844 fail2ban.actions [5552]: NOTICE [web-scanner] Ban 198.23.221.52 2026 ... show more 2026-05-31 11:59:30,844 fail2ban.actions [5552]: NOTICE [web-scanner] Ban 198.23.221.52 2026-05-31 11:59:30,974 fail2ban.actions [5552]: NOTICE [apache-404] Ban 198.23.221.52 2026-05-31 11:59:31,216 fail2ban.actions [5552]: NOTICE [laravel-env] Ban 198.23.221.52 2026-05-31 11:59:31,217 fail2ban.actions [5552]: NOTICE [laravel-auth] Ban 198.23.221.52 2026-05-31 11:59:31,244 fail2ban.actions [5552]: NOTICE [apache-dirscan] Ban 198.23.221.52 ... show less	Brute-Force Web App Attack
🇫🇷 Catalin Negru	2026-06-05 06:47:10 (3 days ago)	2026-05-31 11:59:30,844 fail2ban.actions [5552]: NOTICE [web-scanner] Ban 198.23.221.52 2026 ... show more 2026-05-31 11:59:30,844 fail2ban.actions [5552]: NOTICE [web-scanner] Ban 198.23.221.52 2026-05-31 11:59:30,974 fail2ban.actions [5552]: NOTICE [apache-404] Ban 198.23.221.52 2026-05-31 11:59:31,216 fail2ban.actions [5552]: NOTICE [laravel-env] Ban 198.23.221.52 2026-05-31 11:59:31,217 fail2ban.actions [5552]: NOTICE [laravel-auth] Ban 198.23.221.52 2026-05-31 11:59:31,244 fail2ban.actions [5552]: NOTICE [apache-dirscan] Ban 198.23.221.52 ... show less	Brute-Force Web App Attack
🇧🇪 sid3windr	2026-06-02 07:43:30 (6 days ago)	GET /.env (Tarpitted for 1d15h8m30s, wasted 8.06MB)	Web App Attack
🇮🇩 Burayot	2026-06-02 04:31:06 (6 days ago)	LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 198.23.221.52 (US/United States/hydl ... show more LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 198.23.221.52 (US/United States/hydlcx.com): 1 in the last 3600 secs show less	Web App Attack
Anonymous	2026-06-02 03:14:03 (6 days ago)	Bot / scanning and/or hacking attempts: GET /api/.env HTTP/1.1, POST / HTTP/1.1, GET /.env HTTP/1.1, ... show more Bot / scanning and/or hacking attempts: GET /api/.env HTTP/1.1, POST / HTTP/1.1, GET /.env HTTP/1.1, GET /php_info HTTP/1.1, GET /core/.env HTTP/1.1, GET /app/.env HTTP/1.1, GET /phpinfo.php HTTP/1.1, GET /phpinfo HTTP/1.1, GET /i.php HTTP/1.1, GET /app_dev.php/_profiler/phpinfo HTTP/1.1, GET /.env.save HTTP/1.1, GET /current/.env HTTP/1.1, GET /info.php HTTP/1.1, GET /info HTTP/1.1, GET /apis/.env HTTP/1.1, GET /_profiler/phpinfo HTTP/1.1, GET /laravel/.env HTTP/1.1, GET /backend/.env HTTP/1.1 show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 02:09:27 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 198.23.221.52 (hydlcx.com): 1 in the last 300 s ... show more (mod_security) mod_security (id:210492) triggered by 198.23.221.52 (hydlcx.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 22:09:19.585460 2026] [security2:error] [pid 24804:tid 24804] [client 198.23.221.52:37936] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "humans2humans.org"] [uri "/.env"] [unique_id "ah47T5dysh6qCoTwDaTCaQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 simsung	2026-06-01 23:36:58 (6 days ago)	198.23.221.52 - - [01/Jun/2026:23:36:57 +0000] "GET /i.php HTTP/1.1" 404 47 "-" "Mozilla/5.0 (Window ... show more 198.23.221.52 - - [01/Jun/2026:23:36:57 +0000] "GET /i.php HTTP/1.1" 404 47 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36" ... show less	Bad Web Bot
🇮🇩 penjaga BRIN	2026-06-01 22:21:48 (6 days ago)	Suspicious malicious activity	Hacking
🇨🇱 Denis Chavez	2026-06-01 21:52:26 (6 days ago)	Fail2Ban detected malicious activity on Nginx	Brute-Force SSH Web App Attack
🇩🇪 london2038.com	2026-06-01 18:14:02 (6 days ago)	Probing for exploits 198.23.221.52 - - [01/Jun/2026:20:14:00 +0200] "GET /.env HTTP/1.1" 422 0 "-" " ... show more Probing for exploits 198.23.221.52 - - [01/Jun/2026:20:14:00 +0200] "GET /.env HTTP/1.1" 422 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36" 198.23.221.52 - - [01/Jun/2026:20:14:00 +0200] "GET /.env.save HTTP/1.1" 422 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36" show less	Hacking Web App Attack
🇫🇷 aldene.info	2026-06-01 15:23:40 (6 days ago)	[librenms] Banned by Fail2ban (Jail: syswarden-secretshunter)	Bad Web Bot Web App Attack Port Scan Hacking
🇫🇮 kumiko	2026-06-01 15:13:37 (6 days ago)	[2026-06-01 18:13:37] Probing for dotfiles "GET /.env HTTP/1.1" 403	Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2026-05-31 21:59:49 (1 week ago)	Auto-ban: >3000 req/min op 2026-05-31	Web App Attack SSH Hacking
🇵🇹 HackingAttackReporter	2026-05-31 17:50:47 (1 week ago)	[Security Alert] Unauthorized malicious activity detected; IP address has been automatically blocked ... show more [Security Alert] Unauthorized malicious activity detected; IP address has been automatically blocked and banned. [Method]: GET. [Request]: => /i.php [User-Agent]: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36. [OS]: Windows. [IP Address]: 198.23.221.52. [RPS] High overshoot requests per second (RPS). [Date]: 2026-05-31 17:46:47 UTC. show less	Hacking Web App Attack
🇺🇸 Shouddy Tarano	2026-05-31 17:16:51 (1 week ago)	[Sun May 31 11:16:49.340218 2026] [authz_core:error] [pid 1946711:tid 139792540141312] [client 198.2 ... show more [Sun May 31 11:16:49.340218 2026] [authz_core:error] [pid 1946711:tid 139792540141312] [client 198.23.221.52:55972] AH01630: client denied by server configuration: /var/www/erpcampestremty/public/.env [Sun May 31 11:16:49.427590 2026] [authz_core:error] [pid 1946711:tid 139792444544768] [client 198.23.221.52:55972] AH01630: client denied by server configuration: /var/www/erpcampestremty/public/.env.save [Sun May 31 11:16:50.114428 2026] [authz_core:error] [pid 1946711:tid 139791370802944] [client 198.23.221.52:55972] AH01630: client denied by server configuration: /var/www/erpcampestremty/public/api [Sun May 31 11:16:50.334832 2026] [authz_core:error] [pid 1946711:tid 139792461330176] [client 198.23.221.52:55972] AH01630: client denied by server configuration: /var/www/erpcampestremty/public/apis [Sun May 31 11:16:50.441354 2026] [authz_core:error] [pid 1946711:tid 139792419366656] [client 198.23.221.52:55972] AH01630: client denied by server configuration: /var/www/erpcampestremty/pub ... show less	DDoS Attack Web Spam Brute-Force Web App Attack

Showing 1 to 15 of 31 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇩 210.79.142.221

🇬🇧 193.163.125.55

🇮🇶 169.224.114.15

🇷🇺 138.16.177.140

🇭🇰 123.58.212.28

🇮🇪 108.131.229.111

🇸🇪 82.41.148.249

🇨🇦 82.25.173.193

🇱🇹 81.30.98.142

🇺🇸 65.49.1.105

🇺🇸 64.62.197.2

🇺🇸 64.62.156.209

🇹🇼 61.221.52.10

🇺🇸 52.44.229.124

🇺🇸 47.251.174.237

🇳🇱 45.148.10.240

🇪🇬 41.128.181.199

🇧🇪 34.78.243.250

🇰🇷 1.212.225.99

🇬🇧 178.62.21.6