JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 91.217.249.213

91.217.249.213 was found in our database!

This IP was reported 331 times. Confidence of Abuse is 90%: ?

90%

ISP	VPN Consumer Frankfurt, Germany
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	vpnconsumer.com
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 91.217.249.213

Whois 91.217.249.213

IP Abuse Reports for 91.217.249.213:

This IP address has been reported a total of 331 times from 131 distinct sources. 91.217.249.213 was first reported on March 19th 2024, and the most recent report was 11 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 SpaceHost-Server	2026-06-15 22:33:20 (11 hours ago)		Brute-Force Web App Attack
🇬🇧 consul.to	2026-06-15 14:56:00 (19 hours ago)	Web attack/malicious scanning detected	Web App Attack
🇩🇪 macrob	2026-06-15 01:13:07 (1 day ago)	2026/06/15 01:13:05 [error] 2494095#2494095: 305997588 access forbidden by rule, client: 91.217.249 ... show more 2026/06/15 01:13:05 [error] 2494095#2494095: 305997588 access forbidden by rule, client: 91.217.249.213, server: bin-spin.com, request: "GET /.trash7206/index.php HTTP/1.1", host: "bin-spin.com" 2026/06/15 01:13:05 [error] 2494095#2494095: 305997590 access forbidden by rule, client: 91.217.249.213, server: bin-spin.com, request: "GET /wp-content/plugins/filester/assets/css/404.php HTTP/1.1", host: "bin-spin.com" 2026/06/15 01:13:05 [error] 2494095#2494095: 305997588 access forbidden by rule, client: 91.217.249.213, server: bin-spin.com, request: "GET /wp-content/plugins/so-pinyin-slugs/inc/main_json.php HTTP/1.1", host: "bin-spin.com" ... show less	Web App Attack
🇩🇪 Ba-Yu	2026-06-14 14:05:32 (1 day ago)	General hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack
🇬🇧 consul.to	2026-06-13 22:23:47 (2 days ago)	Web attack/malicious scanning detected	Web App Attack
🇫🇮 oh.mg	2026-06-13 18:30:51 (2 days ago)	[Sat Jun 13 20:30:46.247459 2026] [security2:error] [pid 2935324:tid 2935328] [client 91.217.249.213 ... show more [Sat Jun 13 20:30:46.247459 2026] [security2:error] [pid 2935324:tid 2935328] [client 91.217.249.213:20567] [client 91.217.249.213] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [ver "OWASP_CRS/4.10.0-dev"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "95.216.72.247"] [uri "/app_dev.php/_profiler/phpinfo"] [unique_id "ai2h1sAM4KT4Fsr2z8FJtQAAAEI"] [Sat Jun 13 20:30:50.250182 2026] [security2:error] [pid 2935324:tid 2935347] [client 91.217.249.213:20567] [client 91.217.249.213] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [ver " ... show less	Web App Attack Bad Web Bot
🇩🇪 Herrminator	2026-06-13 11:35:45 (2 days ago)	85.215.157.225 91.217.249.213 - - [13/Jun/2026:13:35:31 +0200] "POST /.env HTTP/1.1" 503 592 "-" "Mo ... show more 85.215.157.225 91.217.249.213 - - [13/Jun/2026:13:35:31 +0200] "POST /.env HTTP/1.1" 503 592 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" "-" 85.215.157.225 91.217.249.213 - - [13/Jun/2026:13:35:32 +0200] "GET /.env HTTP/1.1" 503 592 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" "-" 85.215.157.225 91.217.249.213 - - [13/Jun/2026:13:35:33 +0200] "GET /.env.prod HTTP/1.1" 503 592 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" "-" 85.215.157.225 91.217.249.213 - - [13/Jun/2026:13:35:33 +0200] "GET /.env.production HTTP/1.1" 503 592 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" "-" 85.215.157.225 91.217.249.213 - - [13/Jun/2026:13:35:34 +0200] "GET /redmine/.env HTTP/1.1" 503 592 "-" "Mozilla/5.0 (Windows N ... show less	Brute-Force Web App Attack
🇩🇪 McClay	2026-06-13 11:04:19 (2 days ago)	HTTP-404 spam:91.217.249.213 - - [13/Jun/2026:13:04:06 +0200] "POST /.env HTTP/1.1" 404 1051 "-" "Mo ... show more HTTP-404 spam:91.217.249.213 - - [13/Jun/2026:13:04:06 +0200] "POST /.env HTTP/1.1" 404 1051 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" 91.217.249.213 - - [13/Jun/2026:13:04:07 +0200] "GET /.env HTTP/1.1" 404 1050 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" 91.217.249.213 - - [13/Jun/2026:13:04:09 +0200] "GET /.env.prod HTTP/1.1" 404 1050 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" 91.217.249.213 - - [13/Jun/2026:13:04:09 +0200] "GET /.env.production HTTP/1.1" 404 1050 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" 91.217.249.213 - - [13/Jun/2026:13:04:10 +0200] "GET /redmine/.env HTTP/1.1" 404 1050 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537 ... show less	Web App Attack
🇩🇪 Enno	2026-06-13 10:05:26 (2 days ago)	P04::Fail2Ban: automated bot scanning / credential probing detected.	Web App Attack Bad Web Bot
🇫🇷 masterguru	2026-06-13 04:07:08 (3 days ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-193)	Hacking Bad Web Bot
🇩🇪 Blexyel	2026-06-12 08:28:18 (4 days ago)	91.217.249.213 - - [12/Jun/2026:10:28:18 +0200] "GET /.git/config HTTP/1.1" 200 264 "-" "Mozilla/5.0 ... show more 91.217.249.213 - - [12/Jun/2026:10:28:18 +0200] "GET /.git/config HTTP/1.1" 200 264 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0" ... show less	Brute-Force Web App Attack
🇩🇪 bescared	2026-06-09 20:48:39 (6 days ago)	F2B - Malicious activity detected. URL Probing. -8ff06ede-	Hacking Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-05-27 19:27:55 (2 weeks ago)	Excessive multi-domain requests	Brute-Force
Anonymous	2026-05-25 00:50:53 (3 weeks ago)	(wordpress) Failed wordpress login from 91.217.249.213 (DE/Germany/-)	Brute-Force
🇩🇪 Vegascosmetics	2026-05-23 21:51:16 (3 weeks ago)	Kingcopy(AI-IDS):IP is Probing for Wordpress vulnerabilities WTF:Banned	Hacking Bad Web Bot Web App Attack

Showing 1 to 15 of 331 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇵🇰 202.163.101.243

🇰🇷 175.214.123.177

🇻🇳 103.68.68.121

🇷🇺 95.188.91.101

🇮🇪 54.154.101.191

🇮🇩 43.165.194.10

🇹🇼 35.194.190.190

🇺🇸 20.65.193.230

🇳🇱 5.83.143.41

🇺🇸 130.131.162.184

🇸🇬 47.237.184.3

🇸🇬 43.156.162.193

🇨🇳 222.186.81.97

🇨🇳 175.43.162.228

🇮🇳 114.79.176.39

🇲🇦 105.69.33.7

🇳🇱 91.92.40.6

🇷🇺 91.79.172.102

🇷🇺 85.175.172.37

🇱🇹 81.30.98.144