JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 91.107.149.78

91.107.149.78 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 0%: ?

ISP	Hetzner Online GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS24940
Hostname(s)	static.78.149.107.91.clients.your-server.de
Domain Name	hetzner.com
Country	🇩🇪 Germany
City	Nurnberg, Bavaria

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 91.107.149.78

Whois 91.107.149.78

IP Abuse Reports for 91.107.149.78:

This IP address has been reported a total of 16 times from 9 distinct sources. 91.107.149.78 was first reported on July 17th 2025, and the most recent report was 10 months ago.

Old Reports: The most recent abuse report for this IP address is from 10 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇸🇪 Johan Finn	2025-08-05 15:58:15 (10 months ago)	malicious activity, botnet	Web App Attack
🇺🇸 TPI-Abuse	2025-08-05 08:35:22 (10 months ago)	(mod_security) mod_security (id:217210) triggered by 91.107.149.78 (static.78.149.107.91.clients.you ... show more (mod_security) mod_security (id:217210) triggered by 91.107.149.78 (static.78.149.107.91.clients.your-server.de): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 05 04:35:16.689450 2025] [security2:error] [pid 29739:tid 29739] [client 91.107.149.78:36200] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./](?::\\\\d+)?)?/[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S])?\|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?\|options \\\\)\\\\s+[\\\\w\\\\./]+\|get /[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line\|\|www.architx.com:443\|F\|4"] [data "CONNECT www.architx.com:443 HTTP/1.1"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.architx.com"] [uri "/"] [unique_id "aJHCRLaRActb2qPuU2To2AAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-01 18:10:29 (10 months ago)	(mod_security) mod_security (id:217210) triggered by 91.107.149.78 (static.78.149.107.91.clients.you ... show more (mod_security) mod_security (id:217210) triggered by 91.107.149.78 (static.78.149.107.91.clients.your-server.de): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 14:10:23.421250 2025] [security2:error] [pid 482:tid 482] [client 91.107.149.78:45766] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./](?::\\\\d+)?)?/[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S])?\|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?\|options \\\\)\\\\s+[\\\\w\\\\./]+\|get /[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line\|\|koidivision.com:443\|F\|4"] [data "CONNECT koidivision.com:443 HTTP/1.1"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "koidivision.com"] [uri "/"] [unique_id "aI0DD0fwfSRtoDmwx7ALIwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 noah	2025-07-31 00:00:00 (10 months ago)	"Botnet, Web scraping and Account brute forcing"	DDoS Attack Open Proxy Brute-Force
🇨🇭 SOC [GOLINE SA]	2025-07-30 22:47:29 (10 months ago)	Security Alert: 1 ModSecurity rule violation(s) from 91.107.149.78; Ports: ; Evidence: [Thu Jul 31 ... show more Security Alert: 1 ModSecurity rule violation(s) from 91.107.149.78; Ports: ; Evidence: [Thu Jul 31 00:47:27.329407 2025] [security2:error] [pid 156918:tid 157011] [client 91.107.149.78:40400] [client 91.107.149.78] ModSecurity: Access denied with code 403 (phase 2). Pattern match "wp-login\\\\.php" at REQUEST_URI. [file "/etc/modsecurity/modsecurity.conf"] [line "229"] [id "92010"] [hostname "www.goline.ch"] [uri "/wp-login.php"] [unique_id "aIqg_9IGKwSrrBMqOZr-1gAAAE4"], referer: https://www.goline.ch/services/cpanel-hosting-goline-sa/ show less	Web App Attack
🇩🇪 bescared	2025-07-30 12:55:09 (10 months ago)	F2B - Malicious activity detected. URL Probing.	Hacking Bad Web Bot Web App Attack
🇳🇱 exxos	2025-07-30 01:37:41 (10 months ago)	http-no-verb	Hacking
🇳🇱 exxos	2025-07-29 02:07:59 (10 months ago)	HTTP1.x attacks	DDoS Attack
🇳🇱 exxos	2025-07-29 01:09:48 (10 months ago)	http-no-verb	Hacking
🇳🇱 exxos	2025-07-28 03:56:12 (10 months ago)	http-no-verb	Hacking
🇮🇹 VHosting	2025-07-27 18:40:02 (10 months ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇨🇭 SOC [GOLINE SA]	2025-07-25 10:54:07 (10 months ago)	Security Alert: 1 ModSecurity rule violation(s) from 91.107.149.78; Ports: ; Evidence: [Fri Jul 25 ... show more Security Alert: 1 ModSecurity rule violation(s) from 91.107.149.78; Ports: ; Evidence: [Fri Jul 25 12:54:03.203078 2025] [security2:error] [pid 1580953:tid 1580998] [client 91.107.149.78:37934] [client 91.107.149.78] ModSecurity: Access denied with code 403 (phase 2). Pattern match "wp-login\\\\.php" at REQUEST_URI. [file "/etc/modsecurity/modsecurity.conf"] [line "229"] [id "92010"] [hostname "www.goline.ch"] [uri "/wp-login.php"] [unique_id "aINiS0QLycYR_Ym9xj250wAAAAE"], referer: https://www.goline.ch/wp-login.php?action=register show less	Web App Attack
🇨🇭 SOC [GOLINE SA]	2025-07-25 02:23:50 (10 months ago)	Security Alert: 1 ModSecurity rule violation(s) from 91.107.149.78; Ports: ; Evidence: [Fri Jul 25 ... show more Security Alert: 1 ModSecurity rule violation(s) from 91.107.149.78; Ports: ; Evidence: [Fri Jul 25 04:23:47.176997 2025] [security2:error] [pid 1580954:tid 1581030] [client 91.107.149.78:39220] [client 91.107.149.78] ModSecurity: Access denied with code 403 (phase 2). Pattern match "wp-login\\\\.php" at REQUEST_URI. [file "/etc/modsecurity/modsecurity.conf"] [line "229"] [id "92010"] [hostname "www.goline.ch"] [uri "/wp-login.php"] [unique_id "aILqs5SF8ysc4EpiOML9mgAAAEM"], referer: http://www.goline.ch/opportunities/ show less	Web App Attack
🇩🇪 tvipper.com	2025-07-24 02:51:23 (10 months ago)	Auto reported by IDS	Hacking
🇫🇷 Murazaki	2025-07-20 22:04:27 (10 months ago)	91.107.149.78 - - [20/Jul/2025:19:29:25 +0200] "CONNECT lemmy.balamb.fr:443 HTTP/1.1" 500 170 "-" "- ... show more 91.107.149.78 - - [20/Jul/2025:19:29:25 +0200] "CONNECT lemmy.balamb.fr:443 HTTP/1.1" 500 170 "-" "-" "-" ... show less	Hacking

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 195.201.140.251

🇺🇦 185.66.88.88

🇵🇰 153.117.50.177

🇦🇿 62.217.147.203

🇬🇧 35.203.211.81

🇬🇧 35.203.211.60

🇨🇳 222.241.250.128

🇨🇦 184.68.64.98

🇮🇳 182.95.43.50

🇧🇷 170.80.65.140

🇰🇷 106.251.244.178

🇲🇾 47.250.121.46

🇹🇿 41.59.229.33

🇰🇷 222.108.39.109

🇿🇦 197.79.50.153

🇺🇸 172.253.2.26

🇩🇪 94.134.88.157

🇪🇸 79.117.115.43

🇭🇰 45.196.236.141

🇧🇾 45.128.205.130