JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 91.245.204.148

91.245.204.148 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 62%: ?

62%

ISP	AVATEL TELECOM, SA
Usage Type	Fixed Line ISP
ASN	AS200845
Domain Name	avatel.es
Country	🇪🇸 Spain
City	Javea, Valencia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 91.245.204.148

Whois 91.245.204.148

IP Abuse Reports for 91.245.204.148:

This IP address has been reported a total of 17 times from 13 distinct sources. 91.245.204.148 was first reported on November 26th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 Site.eu	2026-06-18 23:51:12 (1 day ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇩🇪 ger-stg-sifi1	2026-06-18 00:27:57 (2 days ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 22:20:11 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 91.245.204.148 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 91.245.204.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 18:20:04.691728 2026] [security2:error] [pid 24308:tid 24308] [client 91.245.204.148:34318] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 91.245.204.148 (+1 hits since last alert)\|thebrotherhoodlounge.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thebrotherhoodlounge.com"] [uri "/xmlrpc.php"] [unique_id "ajMdlIW-Zs7MfRAwDW0ZbwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 00:05:16 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 91.245.204.148 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 91.245.204.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 20:05:08.992586 2026] [security2:error] [pid 31238:tid 31238] [client 91.245.204.148:16658] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 91.245.204.148 (+1 hits since last alert)\|lightningbug.farm\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lightningbug.farm"] [uri "/xmlrpc.php"] [unique_id "ajHktOvKE6QOb_JVmyXyVQAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2026-06-11 23:35:08 (1 week ago)	IM360 WAF: Rate limit exceeded for XMLRPC DoS (fault code)	Web App Attack
Anonymous	2026-06-10 19:34:25 (1 week ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack
Anonymous	2026-06-10 00:30:50 (1 week ago)	(wordpress) Failed wordpress login from 91.245.204.148 (ES/Spain/-): (CF_ENABLE)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-09 22:59:58 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 91.245.204.148 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 91.245.204.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 18:59:53.169672 2026] [security2:error] [pid 11068:tid 11068] [client 91.245.204.148:17088] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 91.245.204.148 (+1 hits since last alert)\|geodogs.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "geodogs.org"] [uri "/xmlrpc.php"] [unique_id "aiia6f09Fa-zDRUlThfilQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-09 20:55:51 (1 week ago)	Blocked by ModSec and CSF	Port Scan
🇦🇺 screwlooseit.com.au	2026-06-09 20:24:39 (1 week ago)	Blocked by CSF 13 firewall - Rule: XMLRPC ES/Spain/-	Web App Attack
🇩🇪 burlacu.org	2026-06-08 23:55:03 (1 week ago)	Nginx multi-log analysis detected: wordpress_scan. Evidence: XMLRPC abuse with 29 requests. Blocked ... show more Nginx multi-log analysis detected: wordpress_scan. Evidence: XMLRPC abuse with 29 requests. Blocked automatically. show less	Web App Attack Bad Web Bot
Anonymous	2026-06-08 22:22:10 (1 week ago)	Attac	Brute-Force
🇺🇸 TPI-Abuse	2026-06-08 19:24:28 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 91.245.204.148 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 91.245.204.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 15:24:23.761758 2026] [security2:error] [pid 21352:tid 21352] [client 91.245.204.148:16494] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 91.245.204.148 (+1 hits since last alert)\|innovacionesnimba.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "innovacionesnimba.com"] [uri "/xmlrpc.php"] [unique_id "aicW52MGT9ONcsUSrdlxswAAACE"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-08 19:23:01 (1 week ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇳🇱 maxxsense	2026-06-08 15:00:04 (1 week ago)	(wordpress) Failed wordpress login from 91.245.204.148 (ES/Spain/-)	Brute-Force

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 185.93.89.167

🇳🇿 121.73.168.56

🇺🇸 47.251.94.48

🇰🇿 2.134.15.12

🇧🇷 177.185.93.67

🇧🇷 138.185.54.95

🇮🇳 103.206.97.174

🇮🇹 93.48.24.181

🇳🇱 91.92.40.11

🇺🇸 65.49.1.96

🇺🇸 65.49.1.54

🇳🇱 45.148.10.141

🇩🇪 2620:171:f8:f0:9999::205

🇺🇸 194.187.179.44

🇷🇴 193.32.162.71

🇹🇷 185.226.93.120

🇭🇰 152.32.254.89

🇹🇼 118.163.132.211

🇺🇸 107.167.34.125

🇳🇱 91.92.40.5