JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 98.159.226.249

98.159.226.249 was found in our database!

This IP was reported 311 times. Confidence of Abuse is 0%: ?

ISP	EXPRESSVPN
Usage Type	Data Center/Web Hosting/Transit
ASN	AS62240
Domain Name	expressvpn.com
Country	🇳🇱 Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 98.159.226.249

Whois 98.159.226.249

IP Abuse Reports for 98.159.226.249:

This IP address has been reported a total of 311 times from 48 distinct sources. 98.159.226.249 was first reported on January 22nd 2023, and the most recent report was 3 months ago.

Old Reports: The most recent abuse report for this IP address is from 3 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 wordpresshosting.solutions	2026-03-15 12:27:06 (3 months ago)	Web app vulnerability scanning detected. Evidence: 98.159.226.249 - - [15/Mar/2026:12:27:02 +0000] " ... show more Web app vulnerability scanning detected. Evidence: 98.159.226.249 - - [15/Mar/2026:12:27:02 +0000] "GET /backups/website.zip HTTP/1.1" 404 44802 "-" "-" 98.159.226.249 - - [15/Mar/2026:12:27:05 +0000] "GET /index.zip HTTP/1.1" 404 44780 "-" "-" show less	Web App Attack
🇺🇸 TPI-Abuse	2026-03-15 03:47:40 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 98.159.226.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 98.159.226.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 14 23:47:32.418970 2026] [security2:error] [pid 25986:tid 25986] [client 98.159.226.249:42799] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|3dsportschannel.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "3dsportschannel.com"] [uri "/old/www.sql"] [unique_id "abYr1MomsA8cWOi-3a6-8wAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 on-com	2026-03-14 20:55:23 (3 months ago)	URL scan	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-03-14 15:19:18 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 98.159.226.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 98.159.226.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 14 11:19:13.545787 2026] [security2:error] [pid 17141:tid 17141] [client 98.159.226.249:20049] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mpaexchangeinc.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mpaexchangeinc.com"] [uri "/old/mysql.sql"] [unique_id "abV8cceq1LmMxkYj_M6_ygAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 mikekarl	2026-03-13 17:21:41 (3 months ago)	Empty or bad user-agent.	Bad Web Bot
🇺🇸 TPI-Abuse	2026-03-08 20:16:10 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 98.159.226.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 98.159.226.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 08 16:16:05.109286 2026] [security2:error] [pid 1994:tid 2012] [client 98.159.226.249:34719] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.fishrapper.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.fishrapper.com"] [uri "/backup/sql.sql"] [unique_id "aa3ZBRksXqID2IVl45_w4AAAAVA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-03 10:33:46 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 98.159.226.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 98.159.226.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 03 05:33:38.405648 2026] [security2:error] [pid 22048:tid 22048] [client 98.159.226.249:58453] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|doubloonswap.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "doubloonswap.com"] [uri "/backup.sql"] [unique_id "aaa5Aj5-fvMAdbNpLQyfswAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇿 Tripwire	2026-03-01 16:28:50 (3 months ago)	Scanning for backup files	Web App Attack
🇯🇵 Valhalla	2026-02-27 05:04:14 (3 months ago)	/jbn.ai.sql	Hacking Web App Attack
🇩🇪 on-com	2026-02-27 01:44:09 (3 months ago)	URL scan	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 07:48:59 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 98.159.226.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 98.159.226.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 02:48:51.956356 2026] [security2:error] [pid 24272:tid 24272] [client 98.159.226.249:36653] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.pcga.golf\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pcga.golf"] [uri "/backup/backup.sql"] [unique_id "aZVu4ycUG5Kk4SV5jmKT7QAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-12 14:24:24 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 98.159.226.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 98.159.226.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 12 09:24:16.289992 2026] [security2:error] [pid 2608:tid 2608] [client 98.159.226.249:58147] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|barnesandbrower.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "barnesandbrower.com"] [uri "/backup/www.sql"] [unique_id "aY3ikDMpf3QK_akwzT_91QAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-10 23:06:26 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 98.159.226.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 98.159.226.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 10 18:06:18.825845 2026] [security2:error] [pid 16171:tid 16171] [client 98.159.226.249:49603] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.spectorworld.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.spectorworld.com"] [uri "/mysql.sql"] [unique_id "aYu56kIMy-sJeehfJS073wAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 pinguin	2026-02-10 23:02:09 (4 months ago)	Triggered Cloudflare WAF (firewallManaged) from NL. Action taken: LOG Protocol: HTTP/2 (HEAD method) ... show more Triggered Cloudflare WAF (firewallManaged) from NL. Action taken: LOG Protocol: HTTP/2 (HEAD method) Endpoint: /old/backup.sql.gz UA: Empty string This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-02-10 03:54:20 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 98.159.226.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 98.159.226.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 09 22:54:12.746713 2026] [security2:error] [pid 10832:tid 10832] [client 98.159.226.249:45109] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|jussetcotradinglimited.co\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "jussetcotradinglimited.co"] [uri "/old/sql.sql"] [unique_id "aYqr5DeZGiE8IMcojVJHcQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 311 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 91.92.40.176

🇳🇱 45.148.10.141

🇺🇸 34.11.74.53

🇺🇸 20.102.98.235

🇺🇸 17.22.253.66

🇧🇷 152.243.111.175

🇮🇳 111.125.240.1

🇧🇬 78.128.114.22

🇺🇸 65.49.1.142

🇳🇬 41.242.115.83

🇺🇸 2602:fa59:10:acd::1

🇧🇷 187.120.73.217

🇨🇱 186.105.232.84

🇨🇳 183.191.225.174

🇺🇸 147.185.132.112

🇳🇱 91.92.40.52

🇧🇷 45.186.158.172

🇸🇬 8.219.111.165

🇮🇩 2406:da19:776:6e00:d09:8087:2062:1876

🇭🇰 199.45.154.129