JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 45.91.20.11

45.91.20.11 was found in our database!

This IP was reported 135 times. Confidence of Abuse is 60%: ?

60%

ISP	VPN Consumer Milan, Italy
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	vpnconsumer.com
Country	🇮🇹 Italy
City	Milan, Lombardy

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 45.91.20.11

Whois 45.91.20.11

IP Abuse Reports for 45.91.20.11:

This IP address has been reported a total of 135 times from 60 distinct sources. 45.91.20.11 was first reported on July 21st 2022, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 consul.to	2026-06-13 09:59:32 (4 hours ago)	Web attack/malicious scanning detected	Web App Attack
Anonymous	2026-06-12 23:02:52 (15 hours ago)	45.91.20.11 - - [12/Jun/2026:23:02:51 +0000] "GET /wp-includes/speculative8.php HTTP/1.1" 404 49914 ... show more 45.91.20.11 - - [12/Jun/2026:23:02:51 +0000] "GET /wp-includes/speculative8.php HTTP/1.1" 404 49914 "http://owlbee.be/wp-includes/speculative8.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3" ... show less	Bad Web Bot Web App Attack
🇩🇪 Viveronese	2026-06-11 20:11:38 (1 day ago)	HTTP vulnerability scanning	Web App Attack
🇧🇪 cmbplf	2026-06-11 18:46:36 (1 day ago)	635 requests with url.path *config.php	Brute-Force Bad Web Bot
🇩🇪 paissangroup	2026-06-11 16:34:22 (1 day ago)	Multiple WAF Violations	Web App Attack
🇬🇧 consul.to	2026-06-11 13:44:00 (2 days ago)	Web attack/malicious scanning detected	Web App Attack
Anonymous	2026-06-11 12:05:51 (2 days ago)	Blocked: Reason='Suspicious traffic score=60 (review-based detection)'; Requests=26	Hacking
🇺🇸 TPI-Abuse	2026-05-24 10:38:15 (2 weeks ago)	(mod_security) mod_security (id:234930) triggered by 45.91.20.11 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:234930) triggered by 45.91.20.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 24 06:38:08.740104 2026] [security2:error] [pid 31377:tid 31377] [client 45.91.20.11:45343] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)\|\|anthonyjoseph.us\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "anthonyjoseph.us"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "ahLVEME7S9G8HseIgDSxngAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-21 18:44:34 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 45.91.20.11 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 45.91.20.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 14:44:30.632550 2026] [security2:error] [pid 762:tid 762] [client 45.91.20.11:43897] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "learningbyshipping.com"] [uri "/.git/config"] [unique_id "ag9Sjra1-fwtcCwbBVN24AAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-21 16:52:48 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 45.91.20.11 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 45.91.20.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 12:52:45.446204 2026] [security2:error] [pid 8551:tid 8551] [client 45.91.20.11:32005] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cruisingforsex.com"] [uri "/.git/config"] [unique_id "ag84XXlYwqdum3izqVjXpwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 nate naten	2026-05-21 16:37:47 (3 weeks ago)	HoneyTrap: unknown_probe attempt on /.git/HEAD from Italy	Bad Web Bot Web App Attack
🇺🇦 URAN Publishing Service	2026-05-13 10:28:59 (1 month ago)	45.91.20.11 - - [13/May/2026:13:28:59 +0300] "GET /wp-includes/js/tinymce/skins/lightgray/img/index. ... show more 45.91.20.11 - - [13/May/2026:13:28:59 +0300] "GET /wp-includes/js/tinymce/skins/lightgray/img/index.php HTTP/1.1" 404 707 "-" "Go-http-client/1.1" ... show less	Web App Attack
🇺🇦 URAN Publishing Service	2026-05-13 06:42:56 (1 month ago)	45.91.20.11 - - [13/May/2026:09:42:55 +0300] "GET /wp-content/themes/twentytwentyfour/patterns/templ ... show more 45.91.20.11 - - [13/May/2026:09:42:55 +0300] "GET /wp-content/themes/twentytwentyfour/patterns/template-singl-portfolio.php HTTP/1.1" 404 711 "-" "Go-http-client/1.1" ... show less	Web App Attack
🇺🇦 URAN Publishing Service	2026-05-12 22:58:24 (1 month ago)	45.91.20.11 - - [13/May/2026:01:58:23 +0300] "GET /wp-content/plugins/all-in-one-wp-security-and-fir ... show more 45.91.20.11 - - [13/May/2026:01:58:23 +0300] "GET /wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/security.php HTTP/1.1" 404 708 "-" "Go-http-client/1.1" 45.91.20.11 - - [13/May/2026:01:58:23 +0300] "GET /wp-content/plugins/contact-form-7/rstsgd.php HTTP/1.1" 404 708 "-" "Go-http-client/1.1" ... show less	Web App Attack
🇯🇵 demonsword	2026-05-12 08:19:56 (1 month ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: ipleak.net:443 show less	Open Proxy Port Scan

Showing 1 to 15 of 135 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇴 181.188.176.242

🇩🇪 46.101.216.224

🇰🇿 5.35.107.110

🇭🇰 199.45.154.188

🇭🇰 199.45.154.176

🇫🇷 194.163.135.65

🇨🇳 180.112.43.17

🇨🇳 114.217.53.40

🇫🇷 85.217.140.44

🇫🇷 82.102.18.118

🇲🇹 69.6.45.74

🇺🇸 8.231.41.99

🇺🇸 205.210.31.76

🇵🇭 136.158.60.163

🇨🇳 121.235.176.169

🇮🇳 103.195.27.195

🇷🇺 77.95.203.182

🇨🇳 59.36.75.227

🇸🇬 35.198.244.106

🇺🇸 2602:fb54:1400::4a