JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 98.159.38.49

98.159.38.49 was found in our database!

This IP was reported 20 times. Confidence of Abuse is 39%: ?

39%

ISP	LogicWeb Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS64286
Domain Name	logicweb.com
Country	🇺🇸 United States of America
City	Newark, New Jersey

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 98.159.38.49

Whois 98.159.38.49

IP Abuse Reports for 98.159.38.49:

This IP address has been reported a total of 20 times from 7 distinct sources. 98.159.38.49 was first reported on January 26th 2025, and the most recent report was 6 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 mnsf	2026-05-29 12:05:53 (6 days ago)	Abuse Detected (1)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-29 11:41:24 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 98.159.38.49 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 98.159.38.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 07:41:06.723048 2026] [security2:error] [pid 17292:tid 17309] [client 98.159.38.49:59563] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.priyom.us"] [uri "/.env.backup"] [unique_id "ahl7Umh57-Mngulgnb1rtAAAAM8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-29 10:35:45 (6 days ago)	(mod_security) mod_security (id:210730) triggered by 98.159.38.49 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 98.159.38.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 06:35:29.863971 2026] [security2:error] [pid 23441:tid 23441] [client 98.159.38.49:43947] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|dinsbach.net\|F\|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "dinsbach.net"] [uri "/config/master.key"] [unique_id "ahlr8ReN_6bl4qpJWxDf-AAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2026-05-28 22:01:41 (1 week ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-27. show less	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-05-27 23:39:18 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 98.159.38.49 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 98.159.38.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 19:39:03.180578 2026] [security2:error] [pid 31128:tid 31128] [client 98.159.38.49:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.pixacast.com"] [uri "/.env.dev"] [unique_id "aheAl7M-AUKBI0jcjNuZjwAAAAo"], referer: https://www.google.com/search?q=webdisk.pixacast.com show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2026-05-27 21:59:29 (1 week ago)	Auto-ban: >3000 req/min op 2026-05-27	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-05-27 17:44:24 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 98.159.38.49 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 98.159.38.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 13:44:06.683703 2026] [security2:error] [pid 32625:tid 32625] [client 98.159.38.49:53213] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.westsacneighborsfair.webserviceswest.com"] [uri "/.env"] [unique_id "ahctZtcfG--MPXBfrPBQOAAAABE"], referer: https://www.google.com/search?q=www.westsacneighborsfair.webserviceswest.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 16:39:24 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 98.159.38.49 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 98.159.38.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 12:39:04.673537 2026] [security2:error] [pid 18942:tid 18942] [client 98.159.38.49:53795] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.academicesl.com.nilestree.com"] [uri "/.env.production"] [unique_id "ahceKEVBPKo5IVRCPgkRmAAAAHE"], referer: https://www.google.com/search?q=www.academicesl.com.nilestree.com show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 backslash	2026-05-27 15:03:02 (1 week ago)	block ruleset 3D3AFA921A373ECE19B6BA285C2D722163304638	Bad Web Bot
🇩🇪 todix	2026-05-27 03:13:59 (1 week ago)	Web App Attack Exploid from 98.159.38.49	Web App Attack
🇨🇭 4server	2026-05-27 00:58:18 (1 week ago)	[WedMay2702:58:09.4949872026][security2:error][pid366231:tid366419][client98.159.38.49:0]ModSecurity ... show more [WedMay2702:58:09.4949872026][security2:error][pid366231:tid366419][client98.159.38.49:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"364\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"www.carolin-mizio.ch.81-17-25-250.cpanel.site\"][uri\"/.env.local\"][unique_id\"ahZBoXnH08FBH6UBi3zT1gAAAMU\"]\,referer:https://www.google.com/search\?q=www.carolin-mizio.ch.81-17-25-250.cpanel.site show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 00:21:38 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 98.159.38.49 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 98.159.38.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 20:21:22.057310 2026] [security2:error] [pid 10835:tid 10835] [client 98.159.38.49:46729] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "trendingnowsales.com.wholesalelivelobsters.com"] [uri "/.env.save"] [unique_id "ahY5ArrP3J37nFxRKJw_TQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 23:50:17 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 98.159.38.49 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 98.159.38.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 19:50:02.458875 2026] [security2:error] [pid 27986:tid 27986] [client 98.159.38.49:33533] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|autodiscover.asfmglobal.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "autodiscover.asfmglobal.com"] [uri "/backup.sql"] [unique_id "ahYxqj0RtMcYawkGFue2IAAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 18:08:23 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 98.159.38.49 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 98.159.38.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 14:08:05.232832 2026] [security2:error] [pid 6283:tid 6283] [client 98.159.38.49:35997] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.santaclausphonecall.com.evannine.com"] [uri "/.env.vercel"] [unique_id "ahXhhV1PsLeAC_3UlZjopAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-27 02:36:52 (4 months ago)	(mod_security) mod_security (id:240950) triggered by 98.159.38.49 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240950) triggered by 98.159.38.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 26 21:34:42.524690 2026] [security2:error] [pid 16656:tid 16681] [client 98.159.38.49:51607] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)\|\|webdisk.kettlehill.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "webdisk.kettlehill.com"] [uri "/_users/org.couchdb.user:poc"] [unique_id "aXgkQj4D1upuVdMC6K7vowAAAFY"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 20 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇦🇫 180.94.74.122

🇺🇸 99.92.204.98

🇩🇪 167.94.146.47

🇻🇳 160.250.5.104

🇮🇱 130.185.96.113

🇩🇿 129.45.84.119

🇰🇷 121.1.80.17

🇨🇳 112.47.106.167

🇺🇸 108.181.22.199

🇺🇬 102.218.89.110

🇲🇷 102.216.219.66

🇿🇦 102.206.214.176

🇬🇧 86.133.199.211

🇦🇪 86.97.213.139

🇺🇸 85.239.241.16

🇺🇸 74.82.47.55

🇬🇧 35.203.210.56

🇮🇪 2a05:d018:10df:d402:703d:3aec:7c4:5cff

🇭🇰 199.45.154.181

🇲🇽 186.96.145.241