JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 91.212.45.214

91.212.45.214 was found in our database!

This IP was reported 105 times. Confidence of Abuse is 79%: ?

79%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	RoyaleHosting BV
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212477
Hostname(s)	tor-exit-ams.bronk-ict.nl
Domain Name	royalehosting.net
Country	🇳🇱 Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 91.212.45.214

Whois 91.212.45.214

IP Abuse Reports for 91.212.45.214:

This IP address has been reported a total of 105 times from 50 distinct sources. 91.212.45.214 was first reported on January 20th 2026, and the most recent report was 12 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 netclix.gr	2026-06-06 14:54:06 (12 hours ago)	(bot_qv) Bot Scraping QuickView 91.212.45.214 (tor-exit-ams.bronk-ict.nl): 1 in the last 4600 secs; ... show more (bot_qv) Bot Scraping QuickView 91.212.45.214 (tor-exit-ams.bronk-ict.nl): 1 in the last 4600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 91.212.45.214 - - [06/Jun/2026:17:54:01 +0300] "GET /index.php?dispatch=products.quick_view&product_id=17712&prev_url=index.php%3Ffeatures_hash%3D23-69-52-84-55%26dispatch%3Dcategories.view%26category_id%3D1276&n_items=17712%2C17400%2C16691%2C16690%2C16689%2C16687%2C15841%2C14488%2C14487%2C14486%2C12518%2C11066 HTTP/1.1" 302 5 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com)" show less	Port Scan
Anonymous	2026-06-04 18:15:21 (2 days ago)	Aggressive web scan	Web App Attack
Anonymous	2026-06-04 12:00:13 (2 days ago)	LH-Watcher: SQL_INJECTION [TOR Exit Node]	SQL Injection Web App Attack
🇮🇩 securejdprop	2026-06-04 10:25:49 (2 days ago)	This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET TOR Known Tor E ... show more This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET TOR Known Tor Exit Node Traffic group 122). Ip 91.212.45.214 performed 'crowdsecurity/suricata-major-severity' (1 events over 0s) at 2026-06-04 10:25:48.281343998 +0000 UTC show less	Hacking Web App Attack
🇩🇪 sverson	2026-06-01 18:15:17 (5 days ago)	Contact form spam	Web Spam
Anonymous	2026-06-01 14:34:48 (5 days ago)	Aggressive web scan	Web App Attack
Anonymous	2026-06-01 11:43:54 (5 days ago)	LH-Watcher: SQL_INJECTION [TOR Exit Node]	SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2026-06-01 01:45:46 (6 days ago)	(mod_security) mod_security (id:210730) triggered by 91.212.45.214 (tor-exit-ams.bronk-ict.nl): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 91.212.45.214 (tor-exit-ams.bronk-ict.nl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 21:45:40.646367 2026] [security2:error] [pid 19659:tid 19659] [client 91.212.45.214:29268] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|wildimaginings.org\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "wildimaginings.org"] [uri "/dump.sql"] [unique_id "ahzkRAUBZoYEZzthayie-QAAAAY"], referer: wildimaginings.org/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 06:18:21 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 91.212.45.214 (tor-exit-ams.bronk-ict.nl): 1 in ... show more (mod_security) mod_security (id:210492) triggered by 91.212.45.214 (tor-exit-ams.bronk-ict.nl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 02:18:17.182204 2026] [security2:error] [pid 22874:tid 22874] [client 91.212.45.214:47315] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.microscopedia.com"] [uri "/.git/config"] [unique_id "ahvSqcH_Z930lNDqZV7FZAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-30 23:44:43 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 91.212.45.214 (tor-exit-ams.bronk-ict.nl): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 91.212.45.214 (tor-exit-ams.bronk-ict.nl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 30 19:44:34.469222 2026] [security2:error] [pid 12209:tid 12209] [client 91.212.45.214:49712] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|realdesigninterior.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "realdesigninterior.com"] [uri "/dump.sql"] [unique_id "aht2Yq1-LOg77sRw-t0TYgAAAAM"], referer: realdesigninterior.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 nowyouknow	2026-05-30 03:27:41 (1 week ago)	Malicious Traffic/Form Submission	Phishing Web Spam
🇺🇸 TPI-Abuse	2026-05-29 16:58:51 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 91.212.45.214 (tor-exit-ams.bronk-ict.nl): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 91.212.45.214 (tor-exit-ams.bronk-ict.nl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 12:58:47.081377 2026] [security2:error] [pid 29115:tid 29115] [client 91.212.45.214:12126] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|smid.tv\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "smid.tv"] [uri "/dump.sql"] [unique_id "ahnFx3ERjNQ4Q7Gp8fQQlAAAABQ"], referer: smid.tv/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-29 04:07:49 (1 week ago)	LH-Watcher: SQL_INJECTION [TOR Exit Node]	SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 12:16:06 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 91.212.45.214 (tor-exit-ams.bronk-ict.nl): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 91.212.45.214 (tor-exit-ams.bronk-ict.nl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 08:16:00.791364 2026] [security2:error] [pid 16221:tid 16221] [client 91.212.45.214:39084] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ibiocat.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ibiocat.com"] [uri "/dump.sql"] [unique_id "ahbggB6beJASVvyw_wRYhgAAAAQ"], referer: ibiocat.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 01:06:48 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 91.212.45.214 (tor-exit-ams.bronk-ict.nl): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 91.212.45.214 (tor-exit-ams.bronk-ict.nl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 21:06:41.797154 2026] [security2:error] [pid 2556:tid 2556] [client 91.212.45.214:33087] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|getlawforms.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "getlawforms.com"] [uri "/dump.sql"] [unique_id "ahZDoZD0xwQqryyyyLnMrAAAAAk"], referer: getlawforms.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 105 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 134.209.230.13

🇻🇳 103.77.242.62

🇰🇪 102.0.13.126

🇺🇸 40.90.234.147

🇺🇸 162.216.149.163

🇩🇪 138.68.65.59

🇬🇧 138.2.249.113

🇨🇳 120.193.9.169

🇨🇳 106.12.76.61

🇺🇸 64.62.156.66

🇺🇸 24.144.116.101

🇺🇸 20.163.2.151

🇩🇪 5.231.242.167

🇨🇳 180.184.182.87

🇻🇳 118.70.182.193

🇫🇮 77.83.24.79

🇩🇪 64.89.163.51

🇨🇳 54.223.254.138

🇩🇪 54.37.74.179

🇺🇸 192.241.141.178