JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 198.37.98.14

198.37.98.14 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 0%: ?

ISP	Tier.Net Technologies LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS397423
Domain Name	tier.net
Country	🇺🇸 United States of America
City	Charlotte, North Carolina

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 198.37.98.14

Whois 198.37.98.14

IP Abuse Reports for 198.37.98.14:

This IP address has been reported a total of 12 times from 7 distinct sources. 198.37.98.14 was first reported on January 25th 2025, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇸🇪 KIDOS	2026-05-11 12:27:01 (1 month ago)	CrowdSec detected malicious activity	DDoS Attack
🇺🇸 TPI-Abuse	2026-01-17 06:36:42 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 198.37.98.14 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 198.37.98.14 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 01:34:51.484323 2026] [security2:error] [pid 29966:tid 29966] [client 198.37.98.14:56113] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/.env.example"] [unique_id "aWsti0tFVzpZyBBcJDQtcwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-12-31 09:10:48 (5 months ago)	[Wed Dec 31 10:10:47.889600 2025] [:error] [pid 3947403:tid 3947403] [client 198.37.98.14:55933] Mod ... show more [Wed Dec 31 10:10:47.889600 2025] [:error] [pid 3947403:tid 3947403] [client 198.37.98.14:55933] ModSecurity: Warning. Matched "Operator `PmFromFile' with parameter `restricted-files.data' against variable `REQUEST_FILENAME' (Value: `/linusadmin-phpinfo.php' ) [file "/usr/local/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "126"] [id "930130"] [rev ""] [msg "Restricted File Access Attempt"] [data "Matched Data: phpinfo.php found within REQUEST_FILENAME: /linusadmin-phpinfo.php"] [severity "2"] [ver "OWASP_CRS/4.22.0-dev"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [uri "/linusadmin-phpinfo.php"] [unique_id "176717224747.240363"] [ref "o12,11v4,23t:utf8toUnicode,t:urlDecodeUni,t:normalizePathWin"] [Wed Dec 31 10:10:47.891410 2025] [:error] [pid 3947403:tid 394740 ... show less	Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 19:09:46 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 198.37.98.14 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 198.37.98.14 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 14:09:28.434348 2025] [security2:error] [pid 22842:tid 23007] [client 198.37.98.14:47111] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.kettlehill.net\|F\|2"] [data ".kettlehill.net_db.sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.kettlehill.net"] [uri "/ftp.kettlehill.net_db.sql"] [unique_id "aVLR6FKoonkfA7MmLZcWaAAAAQo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-13 08:50:20 (7 months ago)	(mod_security) mod_security (id:212620) triggered by 198.37.98.14 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:212620) triggered by 198.37.98.14 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 03:50:12.848533 2025] [security2:error] [pid 22625:tid 22625] [client 198.37.98.14:36797] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|ftp.nbcnewsradio.com\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /?s=</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "ftp.nbcnewsradio.com"] [uri "/"] [unique_id "aRWbxECBY03a_D2WMXW2zwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 sailor	2025-10-18 18:10:00 (8 months ago)	WordPress login attack	Hacking Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-10-01 15:55:21 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 198.37.98.14 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 198.37.98.14 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 11:55:13.390269 2025] [security2:error] [pid 30110:tid 30157] [client 198.37.98.14:46773] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kettlehill.kettlehill.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.kettlehill.com"] [uri "/..../..../..../..../..../..../..../..../..../windows/win.ini"] [unique_id "aN1O4ckWrLLgoGKIU58pFwAAAcw"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 backslash	2025-09-17 19:30:15 (9 months ago)	block ruleset CC531825F9395F9A07FB06C1247C46770A2690F8	Bad Web Bot
🇮🇹 VHosting	2025-07-27 14:45:52 (10 months ago)	Detected attack by Imunify360	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-07-27 00:14:22 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 198.37.98.14 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 198.37.98.14 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 20:13:31.088571 2025] [security2:error] [pid 172229:tid 172477] [client 198.37.98.14:51677] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autoconfig.staging.kettlehill.com"] [uri "/wp-content/plugins/adaptive-images/adaptive-images-script.php"] [unique_id "aIVvK-Zd-uShJ73phjvXawAAAQw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-29 17:26:22 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 198.37.98.14 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 198.37.98.14 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 13:26:12.217390 2025] [security2:error] [pid 3062688:tid 3062688] [client 198.37.98.14:59927] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.farmers123.com"] [uri "/.env.save"] [unique_id "aDiYtFEqn4wGHjLdG6yHPQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-01-25 09:00:11 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.241

🇷🇺 172.69.50.223

🇵🇹 81.193.216.17

🇱🇹 45.227.254.170

🇳🇱 45.148.10.157

🇬🇧 35.203.210.171

🇧🇪 34.79.243.69

🇺🇸 3.238.9.7

🇺🇸 3.236.192.64

🇹🇼 2402:7500:579:5299:39d8:b734:8cb:852f

🇺🇸 156.239.253.250

🇵🇰 153.117.14.23

🇹🇭 147.50.231.135

🇮🇳 103.30.80.230

🇺🇸 100.53.48.166

🇺🇸 44.199.203.160

🇮🇳 2401:4900:af27:929b:40a0:d90d:857c:628b

🇷🇴 193.46.255.86

🇮🇳 159.65.153.10

🇺🇸 104.250.236.84