JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 91.217.249.2

91.217.249.2 was found in our database!

This IP was reported 200 times. Confidence of Abuse is 54%: ?

54%

ISP	VPN Consumer Frankfurt, Germany
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	vpnconsumer.com
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 91.217.249.2

Whois 91.217.249.2

IP Abuse Reports for 91.217.249.2:

This IP address has been reported a total of 200 times from 82 distinct sources. 91.217.249.2 was first reported on March 18th 2024, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 bazter.pro	2026-06-10 04:15:43 (4 days ago)	91.217.249.2 - - [10/Jun/2026:04:15:42 +0000] "GET /.env HTTP/1.1" 404 414 "-" "Mozilla/5.0 (Windows ... show more 91.217.249.2 - - [10/Jun/2026:04:15:42 +0000] "GET /.env HTTP/1.1" 404 414 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0" ... show less	Port Scan Brute-Force Bad Web Bot Web App Attack SSH
🇫🇮 oh.mg	2026-06-08 00:53:17 (6 days ago)	[Mon Jun 08 02:53:16.518611 2026] [security2:error] [pid 1839653:tid 1839660] [client 91.217.249.2:2 ... show more [Mon Jun 08 02:53:16.518611 2026] [security2:error] [pid 1839653:tid 1839660] [client 91.217.249.2:28125] [client 91.217.249.2] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [ver "OWASP_CRS/4.10.0-dev"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "95.216.72.247"] [uri "/..;/env.dev.js"] [unique_id "aiYSfFgkTjsQ2HD5fYiJMwAAAEU"] [Mon Jun 08 02:53:16.665329 2026] [security2:error] [pid 1839653:tid 1839665] [client 91.217.249.2:28125] [client 91.217.249.2] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [ver "OWASP_CRS/4.10.0-dev" ... show less	Web App Attack Bad Web Bot
🇫🇷 Octopuce	2026-06-07 01:56:24 (1 week ago)	Aggressive web search of vulnerable pages: /wp-includes/theme-compat/ /wp-includes/Requests/ /wp-inc ... show more Aggressive web search of vulnerable pages: /wp-includes/theme-compat/ /wp-includes/Requests/ /wp-includes/ID3/ /wp-content/x/ /wp-includes/asse ... show less	Web App Attack
🇫🇷 dynamix	2026-06-07 01:25:34 (1 week ago)	Multiple WAF Violations	Web App Attack
🇩🇪 Viveronese	2026-06-05 23:17:40 (1 week ago)	HTTP vulnerability scanning	Web App Attack
🇳🇱 Site.eu	2026-05-26 16:20:09 (2 weeks ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇫🇷 masterguru	2026-05-12 08:55:40 (1 month ago)	Too much 404 requests in 1 minute. Operator GE matched 10 at IP:block_script. (46020-197)	Hacking
🇳🇱 Site.eu	2026-05-11 19:22:14 (1 month ago)	Excessive multi-domain requests	Brute-Force
🇫🇷 masterguru	2026-05-10 11:05:45 (1 month ago)	Too much 404 requests in 1 minute. Operator GE matched 10 at IP:block_script. (46020-196)	Hacking
🇫🇷 masterguru	2026-05-09 22:22:14 (1 month ago)	Too much 404 requests in 1 minute. Operator GE matched 10 at IP:block_script. (46020-193)	Hacking
🇫🇷 masterguru	2026-05-09 17:44:43 (1 month ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 91.217.249.2 (DE/Germany/-): 1 in the ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 91.217.249.2 (DE/Germany/-): 1 in the last 3600 secs (0-195) show less	Hacking
🇳🇱 Site.eu	2026-05-09 14:49:27 (1 month ago)	Excessive multi-domain requests	Brute-Force
🇺🇸 TPI-Abuse	2026-05-08 22:58:31 (1 month ago)	(mod_security) mod_security (id:234930) triggered by 91.217.249.2 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:234930) triggered by 91.217.249.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 08 18:58:27.011522 2026] [security2:error] [pid 6175:tid 6203] [client 91.217.249.2:30889] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)\|\|tomithai.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "tomithai.com"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "af5qkx8iJbpmoG2u5h23RAAAANg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇦 URAN Publishing Service	2026-05-08 21:07:10 (1 month ago)	91.217.249.2 - - [09/May/2026:00:07:09 +0300] "GET /wp-admin/dropdown.php HTTP/1.1" 404 702 "-" "Go- ... show more 91.217.249.2 - - [09/May/2026:00:07:09 +0300] "GET /wp-admin/dropdown.php HTTP/1.1" 404 702 "-" "Go-http-client/1.1" ... show less	Web App Attack
🇺🇦 URAN Publishing Service	2026-05-08 07:05:35 (1 month ago)	91.217.249.2 - - [08/May/2026:10:05:32 +0300] "GET /wp-includes/js/index.php HTTP/1.1" 404 707 "-" " ... show more 91.217.249.2 - - [08/May/2026:10:05:32 +0300] "GET /wp-includes/js/index.php HTTP/1.1" 404 707 "-" "Go-http-client/1.1" 91.217.249.2 - - [08/May/2026:10:05:34 +0300] "GET /wp-admin/maint/about.php HTTP/1.1" 404 707 "-" "Go-http-client/1.1" ... show less	Web App Attack

Showing 1 to 15 of 200 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 177.130.170.79

🇮🇩 103.41.247.76

🇷🇺 37.110.233.205

🇮🇷 5.160.197.195

🇳🇱 176.65.148.132

🇳🇱 91.92.40.13

🇸🇬 47.82.14.97

🇺🇸 20.51.57.115

🇺🇸 192.3.16.60

🇺🇸 165.154.36.71

🇷🇺 157.22.102.92

🇨🇴 69.6.234.27

🇧🇷 45.205.1.42

🇺🇸 40.121.200.75

🇰🇷 221.162.3.119

🇺🇸 172.233.221.115

🇳🇱 172.217.96.27

🇺🇸 147.182.183.153

🇮🇩 113.192.12.100

🇮🇳 103.155.140.219