JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 91.224.92.19

91.224.92.19 was found in our database!

This IP was reported 214 times. Confidence of Abuse is 100%: ?

100%

ISP	Cloud hosting
Usage Type	Data Center/Web Hosting/Transit
ASN	AS209605
Hostname(s)	catch-document.intellidelete.com
Domain Name	serveroffer.lt
Country	🇱🇹 Lithuania
City	Vilnius, Vilnius

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 91.224.92.19

Whois 91.224.92.19

IP Abuse Reports for 91.224.92.19:

This IP address has been reported a total of 214 times from 142 distinct sources. 91.224.92.19 was first reported on March 27th 2024, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 tecnicorioja	2026-06-13 22:02:15 (1 hour ago)	(Mod_security)	Web App Attack Brute-Force Bad Web Bot
🇳🇱 i-turnradio.nl	2026-06-13 19:29:16 (3 hours ago)	2026-06-13 @ 21:29:16 (CET) ~ Blocked for trying to access: /.vscode/sftp.json	Web App Attack
🇺🇸 wordpresshosting.solutions	2026-06-13 18:32:47 (4 hours ago)	Web app vulnerability scanning detected. Evidence: 91.224.92.19 - - [13/Jun/2026:18:32:47 +0000] "GE ... show more Web app vulnerability scanning detected. Evidence: 91.224.92.19 - - [13/Jun/2026:18:32:47 +0000] "GET /sftp-config.json HTTP/1.1" 404 40755 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" show less	Web App Attack
🇷🇺 loveprod	2026-06-13 18:19:35 (4 hours ago)	91.224.92.19 - - [13/Jun/2026:21:19:34 +0300] "GET /sftp-config.json HTTP/1.1" 301 353 "-" "Mozilla/ ... show more 91.224.92.19 - - [13/Jun/2026:21:19:34 +0300] "GET /sftp-config.json HTTP/1.1" 301 353 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" 91.224.92.19 - - [13/Jun/2026:21:19:34 +0300] "GET /sftp-config.json HTTP/1.1" 301 360 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" ... show less	Bad Web Bot
🇺🇸 billyw0nka	2026-06-13 17:06:54 (5 hours ago)	pattern: admindev	Hacking
🇫🇷 Baking333	2026-06-13 16:52:07 (6 hours ago)	[redacted] 91.224.92.19 - - [13/Jun/2026:17:52:05 +0100] "GET /.vscode/[redacted] HTTP/1.1" 302 5293 ... show more [redacted] 91.224.92.19 - - [13/Jun/2026:17:52:05 +0100] "GET /.vscode/[redacted] HTTP/1.1" 302 5293 0/61032 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" [redacted] 91.224.92.19 - - [13/Jun/2026:17:52:06 +0100] "GET /[redacted] HTTP/1.1" 302 5293 0/98681 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" show less	Bad Web Bot Web App Attack
🇺🇸 MPL	2026-06-13 16:49:20 (6 hours ago)	tcp/80 (6 or more attempts)	Port Scan
🇩🇪 pltcldvlpr	2026-06-13 16:11:27 (6 hours ago)	CMS/framework probe: 91.224.92.19 - - [13/Jun/2026:18:10:33 +0200] "GET /.vscode/sftp.json HTTP/1.1" ... show more CMS/framework probe: 91.224.92.19 - - [13/Jun/2026:18:10:33 +0200] "GET /.vscode/sftp.json HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" asn=209605 org="UAB Host Baltic" country=LT ... show less	Web App Attack
Anonymous	2026-06-13 16:09:51 (6 hours ago)	Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: LT, Attack patterns: Auto ... show more Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: LT, Attack patterns: Automated scanning show less	Bad Web Bot Web App Attack
🇬🇧 Mendip_Defender	2026-06-13 16:05:36 (7 hours ago)	91.224.92.19 - - [13/Jun/2026:17:05:30 +0100] "GET /.vscode/sftp.json HTTP/1.1" 301 162 "-" "Mozilla ... show more 91.224.92.19 - - [13/Jun/2026:17:05:30 +0100] "GET /.vscode/sftp.json HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" 91.224.92.19 - - [13/Jun/2026:17:05:30 +0100] "GET /.vscode/sftp.json HTTP/1.1" 404 51186 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" 91.224.92.19 - - [13/Jun/2026:17:05:31 +0100] "GET /sftp-config.json HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36" ... show less	Hacking Web App Attack
🇫🇮 oh.mg	2026-06-13 14:38:51 (8 hours ago)	[Sat Jun 13 16:38:50.255204 2026] [security2:error] [pid 2899199:tid 2899225] [client 91.224.92.19:0 ... show more [Sat Jun 13 16:38:50.255204 2026] [security2:error] [pid 2899199:tid 2899225] [client 91.224.92.19:0] [client 91.224.92.19] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [ver "OWASP_CRS/4.10.0-dev"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "adm01.sup.coop"] [uri "/.vscode/sftp.json"] [unique_id "ai1reisdGyiULU8nCx81YgAAAZg"] [Sat Jun 13 16:38:50.932223 2026] [security2:error] [pid 2898746:tid 2898752] [client 91.224.92.19:0] [client 91.224.92.19] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [ver "OWASP_CRS/4.10.0-dev"] [tag ... show less	Web App Attack Bad Web Bot
🇫🇷 lechat	2026-06-13 14:38:14 (8 hours ago)	2026-06-13T14:38:13.967571+0000 inbound port scan detected by Suricata. src=91.224.92.19:54645 dst=5 ... show more 2026-06-13T14:38:13.967571+0000 inbound port scan detected by Suricata. src=91.224.92.19:54645 dst=51.68.231.122:80 proto=TCP. signature="ET SCAN SFTP/FTP Password Exposure via sftp-config.json" category="Attempted Information Leak" sid=2015940 reason=scan_signature. show less	Port Scan
🇺🇸 mccsoft.io	2026-06-13 14:29:46 (8 hours ago)	Web application attack / vulnerability scanning against our public nginx web server (TCP 80/443). So ... show more Web application attack / vulnerability scanning against our public nginx web server (TCP 80/443). Source matched a blocked-path security rule (jail nginx-444); server returned HTTP 444 (connection closed without response). TCP three-way handshake completed (full HTTP request received). show less	Bad Web Bot Web App Attack
🇧🇷 ludarkstar99	2026-06-13 14:20:07 (8 hours ago)	Blocked by os-abuseipdb; 6 hits, proto=tcp, ports=80	Port Scan Hacking
🇺🇸 Lezetho	2026-06-13 14:00:41 (9 hours ago)	DDoS, WebSpam, Web Attack, and Brute-force blocked by Cloudflare	DDoS Attack Email Spam Hacking Brute-Force

Showing 1 to 15 of 214 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.25.89.119

🇳🇱 178.16.54.88

🇺🇸 107.180.88.176

🇮🇳 223.233.64.5

🇨🇳 221.207.54.128

🇨🇳 218.4.91.162

🇦🇷 190.105.214.48

🇬🇧 185.216.145.187

🇷🇺 176.120.22.240

🇰🇷 125.176.202.122

🇨🇳 123.52.35.110

🇰🇷 121.159.41.81

🇨🇳 120.48.28.60

🇩🇪 69.5.169.227

🇩🇪 69.5.169.160

🇨🇳 61.178.209.47

🇧🇷 45.229.91.34

🇬🇧 213.166.84.62

🇫🇮 178.20.215.191

🇺🇸 147.185.132.107