JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 91.98.158.245

91.98.158.245 was found in our database!

This IP was reported 74 times. Confidence of Abuse is 62%: ?

62%

ISP	Hetzner Online GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS24940
Hostname(s)	static.245.158.98.91.clients.your-server.de
Domain Name	hetzner.com
Country	🇩🇪 Germany
City	Falkenstein, Saxony

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 91.98.158.245

Whois 91.98.158.245

IP Abuse Reports for 91.98.158.245:

This IP address has been reported a total of 74 times from 40 distinct sources. 91.98.158.245 was first reported on May 1st 2026, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-21 18:51:05 (1 hour ago)	(mod_security) mod_security (id:225170) triggered by 91.98.158.245 (static.245.158.98.91.clients.you ... show more (mod_security) mod_security (id:225170) triggered by 91.98.158.245 (static.245.158.98.91.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 14:51:02.239305 2026] [security2:error] [pid 19066:tid 19066] [client 91.98.158.245:38134] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.nomorenicenice.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.nomorenicenice.net"] [uri "/wp-json/wp/v2/users"] [unique_id "ajgylpognTh5-gi65JbzJQAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 18:28:40 (2 hours ago)	(mod_security) mod_security (id:225170) triggered by 91.98.158.245 (static.245.158.98.91.clients.you ... show more (mod_security) mod_security (id:225170) triggered by 91.98.158.245 (static.245.158.98.91.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 14:28:35.634289 2026] [security2:error] [pid 26779:tid 26779] [client 91.98.158.245:58656] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.tttns.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.tttns.com"] [uri "/about-jason/wp-json/wp/v2/users"] [unique_id "ajgtU7Deob8gY5TgW1QrTwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 17:42:18 (3 hours ago)	(mod_security) mod_security (id:225170) triggered by 91.98.158.245 (static.245.158.98.91.clients.you ... show more (mod_security) mod_security (id:225170) triggered by 91.98.158.245 (static.245.158.98.91.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 13:42:13.618686 2026] [security2:error] [pid 25763:tid 25763] [client 91.98.158.245:43006] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.odinathletes.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.odinathletes.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajgidUrG8-_HjXnccNVTvgAAADA"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 Origon	2026-06-21 14:18:09 (6 hours ago)	http-bf-wordpress_bf - IP: 91.98.158.245 - time="2026-06-21T16:18:09+02:00" level=info msg="(555f66 ... show more http-bf-wordpress_bf - IP: 91.98.158.245 - time="2026-06-21T16:18:09+02:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-bf-wordpress_bf by ip 91.98.158.245 (DE/24940) : 4h ban on Ip 91.98.158.245" module=db show less	Web App Attack
Anonymous	2026-06-21 14:04:13 (6 hours ago)	Attac	Brute-Force
🇺🇸 TPI-Abuse	2026-06-21 13:48:47 (6 hours ago)	(mod_security) mod_security (id:225170) triggered by 91.98.158.245 (static.245.158.98.91.clients.you ... show more (mod_security) mod_security (id:225170) triggered by 91.98.158.245 (static.245.158.98.91.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 09:48:40.631620 2026] [security2:error] [pid 9900:tid 9900] [client 91.98.158.245:50452] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.rohanbyles.com.au\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.rohanbyles.com.au"] [uri "/wp-json/wp/v2/users"] [unique_id "ajfruJk4UmlC4HTMsGB_mgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-18 22:46:26 (2 days ago)	Failed Wordpress Logins	Web App Attack
Anonymous	2026-05-28 13:46:38 (3 weeks ago)	Failed Wordpress Logins	Web App Attack
Anonymous	2026-05-17 20:46:15 (1 month ago)	Failed Wordpress Logins	Web App Attack
Anonymous	2026-05-12 11:46:10 (1 month ago)	Failed Wordpress Logins	Web App Attack
Anonymous	2026-05-09 18:46:16 (1 month ago)	Failed Wordpress Logins	Web App Attack
Anonymous	2026-05-08 09:46:28 (1 month ago)	Failed Wordpress Logins	Web App Attack
🇩🇪 EGP Abuse Dept	2026-05-07 05:14:27 (1 month ago)	Scanning for port/service exploits on utopia.aipotu.nl	Port Scan Hacking
🇩🇪 juutis	2026-05-07 01:21:01 (1 month ago)	91.98.158.245 - - [05/May/2026:15:31:28 +0200] "POST /hallinta/wp-login.php HTTP/1.0" 200 8348 "-" " ... show more 91.98.158.245 - - [05/May/2026:15:31:28 +0200] "POST /hallinta/wp-login.php HTTP/1.0" 200 8348 "-" "Mozilla/5.0 (Windows NT 10.0; rv:142.0) Gecko/20100101 Firefox/142.0" 91.98.158.245 - - [06/May/2026:19:27:50 +0200] "POST /wp-login.php HTTP/1.0" 200 7812 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36" 91.98.158.245 - - [07/May/2026:03:20:59 +0200] "POST /wp-login.php HTTP/1.0" 200 7813 "-" "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.43 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36 OPR/121.0.0.0" show less	Web App Attack
🇬🇧 andypiper	2026-05-07 01:03:02 (1 month ago)	CrowdSec ban for AbuseIPDB Top List	Brute-Force Web App Attack

Showing 1 to 15 of 74 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇿 154.242.96.114

🇨🇳 120.48.123.76

🇨🇳 111.127.254.225

🇷🇺 109.61.135.149

🇺🇸 107.150.103.88

🇺🇸 66.132.195.41

🇺🇸 66.132.195.39

🇬🇧 2a06:4880:8000::a2

🇪🇸 2a01:7e02::f03c:95ff:fe51:2252

🇭🇰 2404:6800:4005:c02::12e

🇹🇼 218.167.25.110

🇸🇬 194.5.82.141

🇳🇱 176.65.139.253

🇺🇸 170.106.152.69

🇨🇳 120.230.19.237

🇲🇾 115.133.240.167

🇨🇳 110.245.186.23

🇺🇸 100.34.65.244

🇺🇸 66.132.195.37

🇺🇸 66.132.195.36