JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 91.228.152.101

91.228.152.101 was found in our database!

This IP was reported 50 times. Confidence of Abuse is 0%: ?

ISP	www.fornex.com, Fornex Hosting S.L.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS44051
Hostname(s)	dsde298.fornex.org
Domain Name	fornex.com
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 91.228.152.101

Whois 91.228.152.101

IP Abuse Reports for 91.228.152.101:

This IP address has been reported a total of 50 times from 25 distinct sources. 91.228.152.101 was first reported on March 23rd 2024, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-02-07 02:02:12 (4 months ago)	Ports: 25,110,143,993,995; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇺🇸 Ocean Ascents	2025-11-04 14:06:07 (7 months ago)	Probe for vulnerabilities. Path attempted: /.env	Web App Attack
🇬🇧 Aetherweb Ark	2025-10-30 19:45:11 (7 months ago)	(mod_security) mod_security (id:949110) triggered by 91.228.152.101 (DE/Germany/dsde298.fornex.org): ... show more (mod_security) mod_security (id:949110) triggered by 91.228.152.101 (DE/Germany/dsde298.fornex.org): N in the last X secs show less	Web App Attack
🇺🇸 TPI-Abuse	2025-10-29 15:56:48 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 91.228.152.101 (dsde298.fornex.org): 1 in the l ... show more (mod_security) mod_security (id:210492) triggered by 91.228.152.101 (dsde298.fornex.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 29 11:56:41.517078 2025] [security2:error] [pid 29912:tid 29912] [client 91.228.152.101:55684] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jmrlighting.com"] [uri "/.env"] [unique_id "aQI5OVZCqXp7VzJrF09w_QAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 UM3	2025-04-28 18:03:30 (1 year ago)	Exim Auth Failed	Brute-Force
🇩🇪 sdos.es	2025-04-28 06:21:30 (1 year ago)	"Restricted File Access Attempt - Matched Data: /.env found within REQUEST_FILENAME: /.env"	Web App Attack
🇫🇷 ingroscart.it	2025-04-26 22:37:56 (1 year ago)	(mod_security) mod_security triggered on hostname [redacted] 91.228.152.101 (DE/Germany/dsde298.forn ... show more (mod_security) mod_security triggered on hostname [redacted] 91.228.152.101 (DE/Germany/dsde298.fornex.org) show less	SQL Injection
🇩🇪 sdos.es	2025-04-26 12:24:30 (1 year ago)	"Restricted File Access Attempt - Matched Data: /.env found within REQUEST_FILENAME: /.env"	Web App Attack
🇫🇷 ingroscart.it	2025-04-25 14:40:59 (1 year ago)	(mod_security) mod_security triggered on hostname [redacted] 91.228.152.101 (DE/Germany/dsde298.forn ... show more (mod_security) mod_security triggered on hostname [redacted] 91.228.152.101 (DE/Germany/dsde298.fornex.org) show less	SQL Injection
🇩🇪 sdos.es	2025-04-25 09:35:16 (1 year ago)	"Restricted File Access Attempt - Matched Data: /.env found within REQUEST_FILENAME: /.env"	Web App Attack
🇩🇪 HERA - Operations	2025-04-23 19:05:08 (1 year ago)	sensobox - searching for vulnerable scripts: .env 2025/04/23 19:05:07	Web App Attack
🇩🇪 sdos.es	2025-04-23 05:53:27 (1 year ago)	"Restricted File Access Attempt - Matched Data: /.env found within REQUEST_FILENAME: /.env"	Web App Attack
🇩🇪 bescared	2025-04-22 09:40:08 (1 year ago)	F2B - Malicious activity detected. URL Probing.	Hacking Bad Web Bot Web App Attack
🇩🇪 sdos.es	2025-04-22 02:58:47 (1 year ago)	"Restricted File Access Attempt - Matched Data: /.env found within REQUEST_FILENAME: /.env"	Web App Attack
🇩🇪 0x44	2025-04-19 02:13:11 (1 year ago)	2025/04/19 [Spam host detected, probing for vulnerabilities] ...	Web Spam Exploited Host Web App Attack

Showing 1 to 15 of 50 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 192.178.119.20

🇺🇸 74.48.21.121

🇺🇸 31.77.131.226

🇩🇪 194.88.98.112

🇨🇴 190.249.147.76

🇩🇪 185.242.3.230

🇯🇵 161.129.35.117

🇭🇰 150.5.154.160

🇪🇸 149.91.97.132

🇮🇳 125.19.138.74

🇨🇳 123.158.253.240

🇻🇳 103.161.16.196

🇨🇦 85.217.149.6

🇫🇷 85.217.140.15

🇳🇱 77.83.39.94

🇯🇵 56.155.73.238

🇨🇳 47.93.4.143

🇩🇪 46.101.216.224

🇳🇱 45.148.10.152

🇳🇱 45.148.10.121