JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 91.132.92.150

91.132.92.150 was found in our database!

This IP was reported 51 times. Confidence of Abuse is 23%: ?

23%

ISP	EDIS Infrastructure in Denmark
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Hostname(s)	150.92.132.91.in-addr.arpa
Domain Name	edis.at
Country	🇩🇰 Denmark
City	Copenhagen, Capital Region

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 91.132.92.150

Whois 91.132.92.150

IP Abuse Reports for 91.132.92.150:

This IP address has been reported a total of 51 times from 20 distinct sources. 91.132.92.150 was first reported on July 31st 2025, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Ivan Rezinkin	2026-05-25 12:22:14 (3 weeks ago)	DDoS attack against sub.cocooloco.ru (181.214.231.116) - L7 connection flood, observed sustained SYN ... show more DDoS attack against sub.cocooloco.ru (181.214.231.116) - L7 connection flood, observed sustained SYN traffic causing TCP listen-queue overflow. Auto-banned at 5/sec threshold via iptables hashlimit. Timestamp: 2026-05-25T12:21:02Z show less	DDoS Attack Email Spam
🇺🇸 TPI-Abuse	2026-05-23 16:53:13 (3 weeks ago)	(mod_security) mod_security (id:217210) triggered by 91.132.92.150 (150.92.132.91.in-addr.arpa): 1 i ... show more (mod_security) mod_security (id:217210) triggered by 91.132.92.150 (150.92.132.91.in-addr.arpa): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 23 12:53:06.739111 2026] [security2:error] [pid 8859:tid 8879] [client 91.132.92.150:15178] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./](?::\\\\d+)?)?/[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S])?\|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?\|options \\\\)\\\\s+[\\\\w\\\\./]+\|get /[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line\|\|www.tapdd.com:443\|F\|4"] [data "CONNECT www.tapdd.com:443 HTTP/1.1"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.tapdd.com"] [uri "/"] [unique_id "ahHbcjQGI7p5lLoCFG2LHQAAAM8"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Skyrider	2026-05-20 14:30:27 (3 weeks ago)	crowdsecurity/http-open-proxy	Hacking
🇺🇸 TPI-Abuse	2026-05-15 17:40:07 (1 month ago)	(mod_security) mod_security (id:210740) triggered by 91.132.92.150 (150.92.132.91.in-addr.arpa): 1 i ... show more (mod_security) mod_security (id:210740) triggered by 91.132.92.150 (150.92.132.91.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 13:40:01.391882 2026] [security2:error] [pid 16136:tid 16136] [client 91.132.92.150:29686] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy\|\|sahinozalit.com:443\|F\|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] [hostname "sahinozalit.com"] [uri "/"] [unique_id "agdacUUn-aVIewY9KVmMBgAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-14 09:53:22 (1 month ago)	(mod_security) mod_security (id:210740) triggered by 91.132.92.150 (150.92.132.91.in-addr.arpa): 1 i ... show more (mod_security) mod_security (id:210740) triggered by 91.132.92.150 (150.92.132.91.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 14 05:53:17.853398 2026] [security2:error] [pid 6966:tid 6966] [client 91.132.92.150:55588] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy\|\|stardancertantra.com:443\|F\|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] [hostname "stardancertantra.com"] [uri "/"] [unique_id "agWbjdTU39Mh5klkThcXlwAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-14 09:32:57 (1 month ago)	(mod_security) mod_security (id:210740) triggered by 91.132.92.150 (150.92.132.91.in-addr.arpa): 1 i ... show more (mod_security) mod_security (id:210740) triggered by 91.132.92.150 (150.92.132.91.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 14 05:32:49.665297 2026] [security2:error] [pid 9513:tid 9513] [client 91.132.92.150:52182] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy\|\|filardi.org:443\|F\|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] [hostname "filardi.org"] [uri "/"] [unique_id "agWWwQPAGtfVh2N09ycXXQAAAFg"] show less	Brute-Force Bad Web Bot Web App Attack
🇸🇮 administrator	2026-05-04 16:47:17 (1 month ago)	2026-04-03 07:48:32,113 fail2ban.actions [1192]: NOTICE [apache-badbots] Ban 91.132.92.150 2 ... show more 2026-04-03 07:48:32,113 fail2ban.actions [1192]: NOTICE [apache-badbots] Ban 91.132.92.150 2026-04-03 07:48:32,113 fail2ban.actions [1192]: NOTICE [apache-badbots] Ban 91.132.92.150 2026-04-03 07:48:32,113 fail2ban.actions [1192]: NOTICE [apache-badbots] Ban 91.132.92.150 ... show less	Bad Web Bot Web Spam Email Spam Blog Spam Port Scan Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-01 10:11:49 (1 month ago)	(mod_security) mod_security (id:210740) triggered by 91.132.92.150 (150.92.132.91.in-addr.arpa): 1 i ... show more (mod_security) mod_security (id:210740) triggered by 91.132.92.150 (150.92.132.91.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 01 06:11:41.931199 2026] [security2:error] [pid 10131:tid 10131] [client 91.132.92.150:18566] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/Proxy-Connection/" at TX:header_name. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "33"] [id "210740"] [rev "2"] [msg "COMODO WAF: HTTP header is restricted by policy\|\|imagineyourphotos.com:443\|F\|4"] [data "/Proxy-Connection/"] [severity "WARNING"] [tag "CWAF"] [tag "HTTP"] [hostname "imagineyourphotos.com"] [uri "/"] [unique_id "afR8XfHtFDS-Cx1qWeUReAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 DrLex0	2026-04-26 06:16:16 (1 month ago)	BnL002: GET with absolute URL, obvious botnet minion; either attempt to find exploitable proxy, or j ... show more BnL002: GET with absolute URL, obvious botnet minion; either attempt to find exploitable proxy, or just plain stupidity from whomever wrote this piece of crap show less	Hacking Bad Web Bot Exploited Host
🇺🇸 TPI-Abuse	2026-04-25 22:20:24 (1 month ago)	(mod_security) mod_security (id:217210) triggered by 91.132.92.150 (150.92.132.91.in-addr.arpa): 1 i ... show more (mod_security) mod_security (id:217210) triggered by 91.132.92.150 (150.92.132.91.in-addr.arpa): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 25 18:20:18.435952 2026] [security2:error] [pid 28829:tid 28829] [client 91.132.92.150:20321] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./](?::\\\\d+)?)?/[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S])?\|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?\|options \\\\)\\\\s+[\\\\w\\\\./]+\|get /[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line\|\|www.mariedjones.com:443\|F\|4"] [data "CONNECT www.mariedjones.com:443 HTTP/1.1"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.mariedjones.com"] [uri "/"] [unique_id "ae0-IjA4iNrT6shbkOWXTAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Skyrider	2026-04-25 00:43:46 (1 month ago)	crowdsecurity/http-open-proxy	Hacking
🇺🇸 TPI-Abuse	2026-04-24 05:25:47 (1 month ago)	(mod_security) mod_security (id:217210) triggered by 91.132.92.150 (150.92.132.91.in-addr.arpa): 1 i ... show more (mod_security) mod_security (id:217210) triggered by 91.132.92.150 (150.92.132.91.in-addr.arpa): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 24 01:25:42.762108 2026] [security2:error] [pid 14104:tid 14104] [client 91.132.92.150:47103] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./](?::\\\\d+)?)?/[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S])?\|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?\|options \\\\)\\\\s+[\\\\w\\\\./]+\|get /[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line\|\|www.perthdps.com:443\|F\|4"] [data "CONNECT www.perthdps.com:443 HTTP/1.1"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.perthdps.com"] [uri "/"] [unique_id "aer-1mOSBw2fB3zKpmkqTAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-23 23:36:04 (1 month ago)	(mod_security) mod_security (id:217210) triggered by 91.132.92.150 (150.92.132.91.in-addr.arpa): 1 i ... show more (mod_security) mod_security (id:217210) triggered by 91.132.92.150 (150.92.132.91.in-addr.arpa): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 23 19:35:57.858313 2026] [security2:error] [pid 13434:tid 13434] [client 91.132.92.150:38243] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./](?::\\\\d+)?)?/[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S])?\|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?\|options \\\\)\\\\s+[\\\\w\\\\./]+\|get /[^?#](?:\\\\?[^#\\\\s])?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line\|\|james.ahlstrom.name:443\|F\|4"] [data "CONNECT james.ahlstrom.name:443 HTTP/1.1"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "james.ahlstrom.name"] [uri "/"] [unique_id "aeqs3TpAs5lVu-9Ejvo1IwAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 antlac1	2026-04-23 07:58:30 (1 month ago)	crowdsecurity/http-open-proxy	Brute-Force Web App Attack
🇵🇱 webadmin	2026-04-19 02:59:05 (1 month ago)	91.132.92.150 - - [19/Apr/2026:04:59:04 +0200] "CONNECT inweo.eu:443 HTTP/1.1" 400 150 "-" "-" 91.13 ... show more 91.132.92.150 - - [19/Apr/2026:04:59:04 +0200] "CONNECT inweo.eu:443 HTTP/1.1" 400 150 "-" "-" 91.132.92.150 - - [19/Apr/2026:04:59:04 +0200] "CONNECT inweo.eu:443 HTTP/1.1" 400 150 "-" "-" 91.132.92.150 - - [19/Apr/2026:04:59:04 +0200] "CONNECT inweo.eu:443 HTTP/1.1" 400 150 "-" "-" 91.132.92.150 - - [19/Apr/2026:04:59:05 +0200] "CONNECT inweo.eu:443 HTTP/1.1" 400 150 "-" "-" 91.132.92.150 - - [19/Apr/2026:04:59:05 +0200] "CONNECT inweo.eu:443 HTTP/1.1" 400 150 "-" "-" ... show less	Web App Attack

Showing 1 to 15 of 51 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 178.95.106.105

🇫🇷 91.231.89.198

🇺🇸 71.6.238.126

🇧🇷 43.157.180.116

🇻🇳 14.191.117.229

🇩🇪 195.230.103.244

🇬🇧 193.163.125.51

🇸🇬 139.99.38.177

🇷🇺 138.124.77.177

🇨🇳 112.44.212.224

🇻🇳 180.93.172.213

🇻🇳 163.223.211.168

🇳🇴 104.250.205.187

🇯🇵 8.209.232.250

🇹🇼 198.235.24.86

🇮🇳 182.95.228.22

🇮🇳 182.95.111.170

🇳🇬 152.32.143.189

🇺🇸 135.237.123.246

🇿🇦 102.22.114.49