JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 98.172.97.238

98.172.97.238 was found in our database!

This IP was reported 598 times. Confidence of Abuse is 100%: ?

100%

ISP	Cox Communications Inc.
Usage Type	Fixed Line ISP
ASN	AS22773
Hostname(s)	wsip-98-172-97-238.ph.ph.cox.net
Domain Name	cox.com
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 98.172.97.238

Whois 98.172.97.238

IP Abuse Reports for 98.172.97.238:

This IP address has been reported a total of 598 times from 308 distinct sources. 98.172.97.238 was first reported on April 25th 2026, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 harrics	2026-05-20 22:18:02 (2 weeks ago)	fail2ban jail: bitdefender \| blocked by Bitdefender/IDS	Port Scan
🇩🇪 GG UNLUCKI	2026-05-12 17:46:41 (3 weeks ago)	Historical Fail2Ban SSH ban observed on this host. Source: fail2ban.log. Categories: SSH brute-force ... show more Historical Fail2Ban SSH ban observed on this host. Source: fail2ban.log. Categories: SSH brute-force. show less	Brute-Force SSH
🇨🇳 ThreatBook.io	2026-05-12 00:46:46 (3 weeks ago)	ThreatBook Intelligence: Zombie,Brute Force more details on https://threatbook.io/ip/98.172.97.238	Brute-Force
🇩🇪 Remedy9156	2026-05-11 17:07:48 (3 weeks ago)	[Mon May 11 19:07:47.411308 2026] [core:error] [pid 3826:tid 3826] [client 98.172.97.238:47980] AH10 ... show more [Mon May 11 19:07:47.411308 2026] [core:error] [pid 3826:tid 3826] [client 98.172.97.238:47980] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh) ... show less	Brute-Force SSH
🇳🇱 paradoxnetworks	2026-05-11 17:03:17 (3 weeks ago)	2026-05-11T16:57:55.370151+00:00 edge-nik-ams01.int.pdx.net.uk sshd-session[1356512]: Invalid user a ... show more 2026-05-11T16:57:55.370151+00:00 edge-nik-ams01.int.pdx.net.uk sshd-session[1356512]: Invalid user admin from 98.172.97.238 port 33918 2026-05-11T16:58:34.737101+00:00 edge-nik-ams01.int.pdx.net.uk sshd-session[1356552]: Invalid user orangepi from 98.172.97.238 port 57202 2026-05-11T17:03:11.404585+00:00 edge-nik-ams01.int.pdx.net.uk sshd-session[1356897]: Invalid user test from 98.172.97.238 port 55642 ... show less	Brute-Force SSH
🇺🇸 bigscoots.com	2026-05-11 16:44:17 (3 weeks ago)	(sshd) Failed SSH login from 98.172.97.238 (US/-/wsip-98-172-97-238.ph.ph.cox.net): 5 in the last 36 ... show more (sshd) Failed SSH login from 98.172.97.238 (US/-/wsip-98-172-97-238.ph.ph.cox.net): 5 in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: May 11 11:42:32 14014 sshd[6466]: Invalid user admin from 98.172.97.238 port 45084 May 11 11:42:34 14014 sshd[6466]: Failed password for invalid user admin from 98.172.97.238 port 45084 ssh2 May 11 11:43:15 14014 sshd[6532]: Invalid user orangepi from 98.172.97.238 port 41186 May 11 11:43:17 14014 sshd[6532]: Failed password for invalid user orangepi from 98.172.97.238 port 41186 ssh2 May 11 11:43:57 14014 sshd[6542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.172.97.238 user=root show less	Brute-Force SSH
🇺🇸 yzfdude1	2026-05-11 15:31:17 (3 weeks ago)	May 11 09:31:14 goofy sshd[1620695]: Invalid user orangepi from 98.172.97.238 port 50962 May 11 09:3 ... show more May 11 09:31:14 goofy sshd[1620695]: Invalid user orangepi from 98.172.97.238 port 50962 May 11 09:31:14 goofy sshd[1620695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.172.97.238 May 11 09:31:15 goofy sshd[1620695]: Failed password for invalid user orangepi from 98.172.97.238 port 50962 ssh2 ... show less	Brute-Force SSH
Anonymous	2026-05-11 14:23:17 (3 weeks ago)	[Mon May 11 16:23:17.437665 2026] [:error] [pid 48663:tid 48663] [client 98.172.97.238:49884] ModSec ... show more [Mon May 11 16:23:17.437665 2026] [:error] [pid 48663:tid 48663] [client 98.172.97.238:49884] ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i)\\b(?:a(?:llow_url_(?:fopen\|include)\|pc.(?:coredump_unmap\|en(?:able(?:_cli\|d)\|tries_hint)\|(?:gc_)?ttl\|mmap_file_mask\|preload_path\|s(?:erializer\|hm_s(?:egments\|ize)\|lam_defense)\|use_request_time)\|rg (7590 characters omitted)' against variable `ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input' (Value: `\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input' ) [file "/usr/local/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "125"] [id "933120"] [rev ""] [msg "PHP Injection Attack: Configuration Directive Found"] [data "Matched Data: allow_url_include=1 found within ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php:/input"] [severity "2"] [ver "OWASP_CRS/4.27.0-dev"] [maturity "0"] [accuracy "0"] ... show less	Web App Attack
🇪🇸 mescribano	2026-05-11 14:10:02 (3 weeks ago)		Bad Web Bot Web App Attack
Anonymous	2026-05-11 13:11:20 (3 weeks ago)	Unauthorized connection attempt on Port 23	Port Scan Hacking Exploited Host
🇺🇸 bigscoots.com	2026-05-11 12:50:32 (3 weeks ago)	(sshd) Failed SSH login from 98.172.97.238 (US/United States/wsip-98-172-97-238.ph.ph.cox.net): 5 in ... show more (sshd) Failed SSH login from 98.172.97.238 (US/United States/wsip-98-172-97-238.ph.ph.cox.net): 5 in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: May 11 07:49:02 14411 sshd[10198]: Invalid user admin from 98.172.97.238 port 57008 May 11 07:49:04 14411 sshd[10198]: Failed password for invalid user admin from 98.172.97.238 port 57008 ssh2 May 11 07:49:40 14411 sshd[10265]: Invalid user orangepi from 98.172.97.238 port 33398 May 11 07:49:42 14411 sshd[10265]: Failed password for invalid user orangepi from 98.172.97.238 port 33398 ssh2 May 11 07:50:20 14411 sshd[10342]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.172.97.238 user=root show less	Brute-Force SSH
🇺🇸 RAP	2026-05-11 12:45:20 (3 weeks ago)	2026-05-11 12:45:20 UTC Unauthorized activity to TCP port 23. Telnet	Port Scan
🇳🇱 Marius	2026-05-11 11:46:35 (3 weeks ago)	Detected by Fail2Ban	SSH Brute-Force
🇨🇦 polycoda	2026-05-11 11:37:33 (3 weeks ago)	📡 Port scan	Hacking Web App Attack
🇵🇱 pshost.pl	2026-05-11 10:28:37 (3 weeks ago)	2026-05-11T10:28:37.274Z, an unauthorized access attempt was detected on port 22 (SSH) from source I ... show more 2026-05-11T10:28:37.274Z, an unauthorized access attempt was detected on port 22 (SSH) from source IP address 98.172.97.238. show less	Port Scan Brute-Force SSH

Showing 1 to 15 of 598 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 129.121.87.60

🇨🇳 123.189.9.199

🇨🇳 117.132.5.139

🇮🇳 103.190.7.203

🇷🇺 91.211.236.106

🇰🇷 59.21.37.60

🇲🇾 47.254.214.146

🇯🇵 45.83.22.14

🇺🇸 45.79.115.117

🇩🇪 213.209.159.228

🇰🇷 152.32.243.245

🇮🇳 122.185.101.50

🇻🇳 110.172.29.157

🇺🇸 104.168.4.138

🇲🇾 49.124.148.197

🇳🇱 45.148.10.152

🇯🇵 43.165.190.208

🇺🇸 40.77.167.45

🇺🇸 20.64.106.75

🇭🇰 8.217.232.214