JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 91.137.49.200

91.137.49.200 was found in our database!

This IP was reported 88 times. Confidence of Abuse is 78%: ?

78%

ISP	Thueringer Netkom GmbH
Usage Type	Fixed Line ISP
ASN	AS199284
Hostname(s)	vdsl-91-137-51-200.net.encoline.de
Domain Name	netkom.de
Country	🇩🇪 Germany
City	Weimar, Thuringia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 91.137.49.200

Whois 91.137.49.200

IP Abuse Reports for 91.137.49.200:

This IP address has been reported a total of 88 times from 48 distinct sources. 91.137.49.200 was first reported on February 25th 2026, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 rh24	2026-06-16 18:35:44 (2 hours ago)	(xmlrpc_405) XMLRPC-Bot 405 91.137.49.200 (DE/Germany/vdsl-91-137-51-200.net.encoline.de)	Hacking
🇩🇪 konseptit	2026-06-16 17:37:58 (3 hours ago)	(wordpress) Failed wordpress login from 91.137.49.200 (DE/Germany/vdsl-91-137-51-200.net.encoline.de ... show more (wordpress) Failed wordpress login from 91.137.49.200 (DE/Germany/vdsl-91-137-51-200.net.encoline.de) show less	Brute-Force
Anonymous	2026-06-13 20:57:10 (3 days ago)	Attac	Brute-Force
🇺🇸 TPI-Abuse	2026-06-13 12:15:00 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 91.137.49.200 (vdsl-91-137-51-200.net.encoline. ... show more (mod_security) mod_security (id:240335) triggered by 91.137.49.200 (vdsl-91-137-51-200.net.encoline.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 08:14:55.278660 2026] [security2:error] [pid 19768:tid 19768] [client 91.137.49.200:62122] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 91.137.49.200 (+1 hits since last alert)\|iuriscorpabc.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "iuriscorpabc.com"] [uri "/xmlrpc.php"] [unique_id "ai1Jv6R22lRXUnHU5s7dUQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-13 10:42:30 (3 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇦🇺 screwlooseit.com.au	2026-06-13 07:07:37 (3 days ago)	Blocked by CSF 13 firewall - Rule: XMLRPC DE/Germany/vdsl-91-137-51-200.net.encoline.de	Web App Attack
🇫🇷 Kenshin869	2026-06-13 07:07:03 (3 days ago)	Wordpress unauthorized access attempt	Brute-Force
🇫🇷 dynamix	2026-06-13 06:44:40 (3 days ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇳🇱 debestelapp	2026-06-12 23:10:07 (3 days ago)		Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 20:41:08 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 91.137.49.200 (vdsl-91-137-51-200.net.encoline. ... show more (mod_security) mod_security (id:240335) triggered by 91.137.49.200 (vdsl-91-137-51-200.net.encoline.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 16:41:02.838745 2026] [security2:error] [pid 10603:tid 10603] [client 91.137.49.200:63891] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 91.137.49.200 (+1 hits since last alert)\|themadwriter.us\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "themadwriter.us"] [uri "/xmlrpc.php"] [unique_id "aisdXqYhoujbnSJCj9_YKQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 19:58:59 (6 days ago)	(mod_security) mod_security (id:240335) triggered by 91.137.49.200 (vdsl-91-137-51-200.net.encoline. ... show more (mod_security) mod_security (id:240335) triggered by 91.137.49.200 (vdsl-91-137-51-200.net.encoline.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 15:58:54.055695 2026] [security2:error] [pid 8864:tid 8864] [client 91.137.49.200:60166] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 91.137.49.200 (+1 hits since last alert)\|rotentendales.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rotentendales.com"] [uri "/xmlrpc.php"] [unique_id "ainB_ntqenNSpZaUoXB4KwAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-01 23:07:11 (2 weeks ago)	Blocked: Reason='Vulnerability probing — PHP scan detected (123/60 min)'; Requests=123	Port Scan
Anonymous	2026-05-29 17:33:11 (2 weeks ago)	Attac	Brute-Force
🇲🇾 Rizzy	2026-05-27 14:15:46 (2 weeks ago)	Multiple WAF Violations	Brute-Force Web App Attack
Anonymous	2026-05-26 19:49:02 (3 weeks ago)	91.137.49.200 - - [26/May/2026:21:48:42 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "WordPress.co ... show more 91.137.49.200 - - [26/May/2026:21:48:42 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "WordPress.com; https://wordpress.com" 91.137.49.200 - - [26/May/2026:21:48:39 +0200] "POST /xmlrpc.php HTTP/1.0" 200 593 "-" "WordPress.com; https://wordpress.com" 91.137.49.200 - - [26/May/2026:21:48:51 +0200] "POST /xmlrpc.php HTTP/1.0" 200 593 "-" "WordPress.com; https://wordpress.com" 91.137.49.200 - - [26/May/2026:21:48:53 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "WordPress.com; https://wordpress.com" 91.137.49.200 - - [26/May/2026:21:49:00 +0200] "POST /xmlrpc.php HTTP/1.0" 200 593 "-" "Jetpack/13.0; WordPress/6.2; http://site59289844.com" ... show less	Brute-Force Web App Attack

Showing 1 to 15 of 88 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.56

🇧🇷 191.9.113.131

🇭🇰 172.81.100.237

🇨🇦 162.219.178.250

🇮🇳 134.209.144.138

🇨🇳 101.96.214.98

🇹🇭 83.118.107.37

🇺🇸 45.56.79.53

🇬🇧 193.163.125.77

🇺🇸 172.212.187.180

🇷🇴 141.98.83.240

🇨🇳 124.167.20.80

🇮🇩 116.90.176.193

🇷🇴 80.94.92.109

🇫🇮 80.66.83.43

🇧🇷 56.125.145.154

🇵🇱 46.77.69.201

🇰🇷 221.151.84.6

🇮🇹 217.26.178.167

🇧🇷 186.247.230.141