JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 198.54.114.16

198.54.114.16 was found in our database!

This IP was reported 383 times. Confidence of Abuse is 0%: ?

ISP	Namecheap, Inc.
Usage Type	Content Delivery Network
ASN	AS22612
Hostname(s)	server200.web-hosting.com
Domain Name	namecheap.com
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 198.54.114.16

Whois 198.54.114.16

IP Abuse Reports for 198.54.114.16:

This IP address has been reported a total of 383 times from 105 distinct sources. 198.54.114.16 was first reported on August 10th 2021, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇪 cmbplf	2026-02-19 01:32:10 (4 months ago)	109 requests with url.path *phpinfo.php	Brute-Force Bad Web Bot
🇭🇺 NyaljBe	2025-09-20 06:33:00 (9 months ago)	198.54.114.16 - - [17/Sep/2025:18:54:49 +0200] "GET /dev_backup.zip HTTP/1.1" 404 555 "-" "Mozilla/5 ... show more 198.54.114.16 - - [17/Sep/2025:18:54:49 +0200] "GET /dev_backup.zip HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" 198.54.114.16 - - [17/Sep/2025:18:54:49 +0200] "GET /creds_backup.zip HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" 198.54.114.16 - - [17/Sep/2025:18:54:49 +0200] "GET /backup_1.zip HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" 198.54.114.16 - - [17/Sep/2025:18:54:49 +0200] "GET /package.zip HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" 198.54.114.16 - - [17/Sep/2025:18:54:49 +0200] "GET /settings_backup.zip HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari show less	Web App Attack
🇭🇺 DumaNet	2025-09-20 01:20:00 (9 months ago)	Web app attack attempts, scanning for vulnerability. Date: 2025 Sep 17. 14:35:28 Source IP: 198.54 ... show more Web app attack attempts, scanning for vulnerability. Date: 2025 Sep 17. 14:35:28 Source IP: 198.54.114.16 Portion of the log(s): 198.54.114.16 - [17/Sep/2025:18:35:28 +0200] "GET /mysql.zip HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" 198.54.114.16 - [17/Sep/2025:18:35:28 +0200] "GET /init_backup.zip HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" 198.54.114.16 - [17/Sep/2025:18:35:28 +0200] "GET /log.zip HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" 198.54.114.16 - [17/Sep/2025:18:35:28 +0200] "GET /core.zip HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" 198.54.114.16 - [17/Sep/2025:18:35:28 +0200] "GET /sqlite.zip HTTP/1.1" 404 555 "-" "Mozilla show less	Web App Attack
🇭🇺 DumaNet	2025-09-20 01:05:00 (9 months ago)	Web app attack attempts, scanning for vulnerability. Date: 2025 Sep 17. 14:47:50 Source IP: 198.54 ... show more Web app attack attempts, scanning for vulnerability. Date: 2025 Sep 17. 14:47:50 Source IP: 198.54.114.16 Portion of the log(s): 198.54.114.16 - [17/Sep/2025:18:47:49 +0200] "GET /frontend.zip HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" 198.54.114.16 - [17/Sep/2025:18:47:49 +0200] "GET /project.zip HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" 198.54.114.16 - [17/Sep/2025:18:47:49 +0200] "GET /client.zip HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" 198.54.114.16 - [17/Sep/2025:18:47:49 +0200] "GET /code.zip HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" 198.54.114.16 - [17/Sep/2025:18:47:49 +0200] "GET /symfony.zip HTTP/1.1" 404 555 show less	Web App Attack
🇭🇺 DumaNet	2025-09-20 00:46:00 (9 months ago)	Web app attack attempts, scanning for vulnerability. Date: 2025 Sep 17. 14:38:32 Source IP: 198.54 ... show more Web app attack attempts, scanning for vulnerability. Date: 2025 Sep 17. 14:38:32 Source IP: 198.54.114.16 Portion of the log(s): 198.54.114.16 - [17/Sep/2025:18:54:49 +0200] "GET /frontend.zip HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" 198.54.114.16 - [17/Sep/2025:18:54:49 +0200] "GET /project.zip HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" 198.54.114.16 - [17/Sep/2025:18:54:49 +0200] "GET /client.zip HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" 198.54.114.16 - [17/Sep/2025:18:54:49 +0200] "GET /code.zip HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" 198.54.114.16 - [17/Sep/2025:18:54:49 +0200] "GET /symfony.zip HTTP/1.1" 404 555 "-" show less	Web App Attack
🇺🇸 TPI-Abuse	2025-09-17 16:38:26 (9 months ago)	(mod_security) mod_security (id:210492) triggered by 198.54.114.16 (server200.web-hosting.com): 1 in ... show more (mod_security) mod_security (id:210492) triggered by 198.54.114.16 (server200.web-hosting.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 17 12:38:18.613630 2025] [security2:error] [pid 5613:tid 5613] [client 198.54.114.16:58384] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rddeckerphotography.com"] [uri "/.env"] [unique_id "aMrj-rojcwnsNAxOT1nqUAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-17 13:50:21 (9 months ago)	(mod_security) mod_security (id:210492) triggered by 198.54.114.16 (server200.web-hosting.com): 1 in ... show more (mod_security) mod_security (id:210492) triggered by 198.54.114.16 (server200.web-hosting.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 17 09:50:13.684419 2025] [security2:error] [pid 1554:tid 1554] [client 198.54.114.16:44766] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/composer.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "raysolemfund.org"] [uri "/composer.json.zip"] [unique_id "aMq8lcPct0GuHAu_QYuIvgAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-17 13:07:45 (9 months ago)	(mod_security) mod_security (id:210492) triggered by 198.54.114.16 (server200.web-hosting.com): 1 in ... show more (mod_security) mod_security (id:210492) triggered by 198.54.114.16 (server200.web-hosting.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 17 09:07:41.121132 2025] [security2:error] [pid 2207:tid 2227] [client 198.54.114.16:45646] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "raxelon.com"] [uri "/.env"] [unique_id "aMqynV9XfC0dzPuMpObMSQAAAFE"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2025-09-13 08:47:18 (9 months ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
Anonymous	2025-09-12 09:10:04 (9 months ago)	IP banned by Fail2Ban in jail nginx-abusive-ips	Brute-Force Bad Web Bot Web App Attack
🇫🇮 stinpriza	2025-09-11 05:08:14 (9 months ago)	Web App Attack	Web App Attack
🇦🇺 afleventoffice.com.au	2025-09-07 11:48:57 (9 months ago)	GET /cms.zip HTTP/1.1	Web App Attack
Anonymous	2025-09-01 06:30:17 (9 months ago)	Failed Wordpress Logins	Web App Attack
🇦🇺 2000cn.com.au	2025-08-28 18:44:46 (9 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-probing	Hacking Web App Attack
🇩🇪 LRob.fr	2025-08-28 03:15:45 (9 months ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack

Showing 1 to 15 of 383 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇦🇷 201.220.22.253

🇲🇽 187.190.35.163

🇳🇱 80.82.77.33

🇨🇳 220.181.172.244

🇩🇪 212.132.120.41

🇪🇬 197.44.15.210

🇫🇷 147.135.212.239

🇺🇸 107.174.88.160

🇺🇸 74.7.228.18

🇺🇸 73.221.200.148

🇮🇳 45.130.67.234

🇧🇪 34.79.73.189

🇨🇳 1.13.158.23

🇺🇸 2001:470:1:fb5::2b9

🇨🇳 180.76.119.95

🇺🇸 162.216.150.123

🇨🇦 158.69.227.40

🇧🇷 152.32.200.243

🇮🇳 150.129.102.44

🇺🇸 144.225.187.181