JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 198.54.114.25

198.54.114.25 was found in our database!

This IP was reported 793 times. Confidence of Abuse is 0%: ?

ISP	Namecheap, Inc.
Usage Type	Content Delivery Network
ASN	AS22612
Hostname(s)	server87.web-hosting.com
Domain Name	namecheap.com
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 198.54.114.25

Whois 198.54.114.25

IP Abuse Reports for 198.54.114.25:

This IP address has been reported a total of 793 times from 143 distinct sources. 198.54.114.25 was first reported on August 9th 2023, and the most recent report was 6 months ago.

Old Reports: The most recent abuse report for this IP address is from 6 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2025-12-08 19:39:29 (6 months ago)	(mod_security) mod_security (id:225170) triggered by 198.54.114.25 (server87.web-hosting.com): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 198.54.114.25 (server87.web-hosting.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 08 14:39:22.445087 2025] [security2:error] [pid 8803:tid 8803] [client 198.54.114.25:35454] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.tttns.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.tttns.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "aTcpamO8tsGBQgO6R0y7XwAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-08 17:25:33 (6 months ago)	(mod_security) mod_security (id:225170) triggered by 198.54.114.25 (server87.web-hosting.com): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 198.54.114.25 (server87.web-hosting.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 08 12:25:27.266428 2025] [security2:error] [pid 12057:tid 12057] [client 198.54.114.25:51992] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|riccardiagency.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "riccardiagency.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "aTcKB2e287b3BE6QmGxh8gAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mind5t0rm	2025-11-21 13:59:29 (7 months ago)	(WPLOGIN,XMLRPC) Login failure/trigger from 198.54.114.25 (US/United States/server87.web-hosting.com ... show more (WPLOGIN,XMLRPC) Login failure/trigger from 198.54.114.25 (US/United States/server87.web-hosting.com): 3 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 198.54.114.25 - - [21/Nov/2025:20:30:47 +0700] "GET /wp-login.php HTTP/2.0" 200 2578 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; MDDCJS; rv:11.0) like Gecko" 198.54.114.25 - - [21/Nov/2025:20:30:51 +0700] "POST /wp-login.php HTTP/2.0" 200 2743 "https://elgrecothailand.com/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; MDDCJS; rv:11.0) like Gecko" 198.54.114.25 - - [21/Nov/2025:20:59:27 +0700] "POST /xmlrpc.php HTTP/1.1" 403 162 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 OPR/52.0.2871.40" show less	Port Scan
🇩🇪 todix	2025-11-21 05:21:59 (7 months ago)	Wordpress brute force attempt from 198.54.114.25	Brute-Force
🇩🇪 LRob.fr	2025-11-20 18:00:37 (7 months ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇺🇸 Starburst SysOp Team	2025-11-20 17:52:01 (7 months ago)	Malware host detected by rbl.malware.expert. RBL lookup of 25.114.54.198.rbl.malware.expert succeede ... show more Malware host detected by rbl.malware.expert. RBL lookup of 25.114.54.198.rbl.malware.expert succeeded at REMOTE_ADDR. (400010-mnz6-3) show less	Hacking
Anonymous	2025-11-20 14:36:12 (7 months ago)	(XMLRPC) WP XMLPRC Attack 198.54.114.25 (US/United States/server87.web-hosting.com): 5 in the last 3 ... show more (XMLRPC) WP XMLPRC Attack 198.54.114.25 (US/United States/server87.web-hosting.com): 5 in the last 3600 secs; Ports: *; Direction: 1 show less	Brute-Force SSH
🇬🇧 thetomtaylor.co.uk	2025-11-20 01:05:53 (7 months ago)	Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [wa02]	Bad Web Bot Web App Attack
🇭🇳 unph	2025-11-19 22:16:21 (7 months ago)	Intento de acceso sospechoso en el login de WordPress	Brute-Force
Anonymous	2025-11-18 16:40:12 (7 months ago)	IP banned by Fail2Ban in jail nginx-abusive-ips	Brute-Force Bad Web Bot Web App Attack
🇺🇸 factor1	2025-11-18 16:33:44 (7 months ago)	Fail2ban at saturn Reports Abuse.	Brute-Force Web App Attack
🇬🇧 thetomtaylor.co.uk	2025-11-18 16:19:44 (7 months ago)	Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [wa02]	Bad Web Bot Web App Attack
🇬🇧 thetomtaylor.co.uk	2025-11-18 07:20:19 (7 months ago)	Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [wa01]	Bad Web Bot Web App Attack
🇬🇧 thetomtaylor.co.uk	2025-11-17 14:37:10 (7 months ago)	Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [wa02]	Bad Web Bot Web App Attack
🇲🇹 Malta	2025-11-16 06:52:34 (7 months ago)	198.54.114.25 - - [16/Nov/2025:07:52:34 +0100] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows N ... show more 198.54.114.25 - - [16/Nov/2025:07:52:34 +0100] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36" show less	Hacking Web App Attack

Showing 1 to 15 of 793 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 2001:19f0:6c01:d9c:5400:6ff:fe0c:390a

🇪🇸 217.160.226.51

🇺🇸 143.42.0.20

🇲🇩 95.65.98.52

🇳🇱 91.92.40.4

🇨🇳 61.141.177.69

🇳🇱 45.8.17.72

🇷🇺 2a01:620:f006::7:802

🇧🇷 187.5.215.103

🇺🇸 146.75.136.214

🇮🇳 122.187.250.250

🇵🇭 119.94.66.129

🇩🇪 93.127.236.87

🇫🇷 91.231.89.191

🇫🇷 91.231.89.56

🇺🇸 64.251.149.81

🇻🇳 42.115.147.226

🇳🇱 2a02:a47f:e000:115::184

🇬🇧 217.154.42.110

🇫🇷 91.231.89.188