JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 91.92.42.248

91.92.42.248 was found in our database!

This IP was reported 178 times. Confidence of Abuse is 100%: ?

100%

ISP	Euro Crypt EOOD
Usage Type	Data Center/Web Hosting/Transit
ASN	AS209630
Domain Name	evro.net
Country	🇳🇱 Netherlands
City	Rotterdam, South Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 91.92.42.248

Whois 91.92.42.248

IP Abuse Reports for 91.92.42.248:

This IP address has been reported a total of 178 times from 114 distinct sources. 91.92.42.248 was first reported on May 19th 2026, and the most recent report was 5 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Vegascosmetics	2026-06-07 08:08:07 (5 hours ago)	Kingcopy(AI-IDS) Report: IP automatically blocked after attack pattern. Vegas Security System	Hacking Brute-Force
🇺🇸 ambor	2026-06-07 06:27:20 (7 hours ago)	Honeypot access: Environment file access attempt. Path: /.env	Web App Attack
🇩🇪 FeG Deutschland	2026-06-07 06:11:44 (7 hours ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇹🇷 baku.hosting	2026-06-07 06:05:14 (7 hours ago)	CSF Auto Report: (mod_security) mod_security (id:949110) triggered by 91.92.42.248 (BG/Bulgaria/-): ... show more CSF Auto Report: (mod_security) mod_security (id:949110) triggered by 91.92.42.248 (BG/Bulgaria/-): 5 in the last 3600 secs show less	Brute-Force Web App Attack
🇩🇪 kkwemi	2026-06-07 06:03:18 (8 hours ago)	Blocked by block-exploit-paths on /.env	Bad Web Bot
🇸🇬 serverutama	2026-06-07 06:03:04 (8 hours ago)	Nginx scanner: 91.92.42.248 - - [07/Jun/2026:12:53:56 +0700] "GET /.env HTTP/1.1" 444 0 "-" "Mozilla ... show more Nginx scanner: 91.92.42.248 - - [07/Jun/2026:12:53:56 +0700] "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36" "-" 91.92.42.248 - - [07/Jun/2026:12:53:56 +0700] "GET /.env HTTP/1.1" 301 162 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36" "-" show less	Web App Attack Bad Web Bot
🇧🇷 Halux	2026-06-07 06:01:12 (8 hours ago)	91.92.42.248 Probing protected path or service	Web App Attack
Anonymous	2026-06-07 05:56:11 (8 hours ago)	(caddyscan) Scanner path probe from 91.92.42.248 (BG/Bulgaria/-): 5 in the last 3600 secs; Ports: ; ... show more (caddyscan) Scanner path probe from 91.92.42.248 (BG/Bulgaria/-): 5 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 91.92.42.248 - - [07/Jun/2026:05:26:34 +0000] "GET /.env HTTP/1.1" [REDACTED] 404 208 91.92.42.248 - - [07/Jun/2026:05:30:20 +0000] "GET /.env HTTP/1.1" [REDACTED] 404 207 91.92.42.248 - - [07/Jun/2026:05:34:09 +0000] "GET /.env HTTP/1.1" [REDACTED] 404 207 91.92.42.248 - - [07/Jun/2026:05:42:15 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 91.92.42.248 - - [07/Jun/2026:05:56:08 +0000] "GET /.env HTTP/1.1" show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-07 05:45:42 (8 hours ago)	(mod_security) mod_security (id:210492) triggered by 91.92.42.248 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 91.92.42.248 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 01:45:36.534480 2026] [security2:error] [pid 16218:tid 16218] [client 91.92.42.248:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "yggdrasil.org"] [uri "/.env"] [unique_id "aiUFgO9vpkaPU7ZB5V92bAAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 lespbaj	2026-06-07 05:37:54 (8 hours ago)	{"time":"2026-06-07T05:37:53+00:00","ip":"91.92.42.248","method":"GET","uri":"/.env","ua":"Mozilla/5 ... show more {"time":"2026-06-07T05:37:53+00:00","ip":"91.92.42.248","method":"GET","uri":"/.env","ua":"Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0","referer":""} ... show less	Bad Web Bot Web App Attack
🇦🇺 2000cn.com.au	2026-06-07 05:35:59 (8 hours ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
🇺🇸 Mundo Bueno	2026-06-07 05:31:30 (8 hours ago)	[ISILIA Protection v2.1] Tentative d'accès: /.env \| Pays: NL \| UA: Mozilla/5.0 (Macintosh; Intel Mac ... show more [ISILIA Protection v2.1] Tentative d'accès: /.env \| Pays: NL \| UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15. show less	Hacking Web App Attack
🇫🇷 masterguru	2026-06-07 05:10:41 (8 hours ago)	Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-196)	Hacking Web App Attack
🇺🇸 Equity Steward	2026-06-07 05:05:56 (8 hours ago)	Systematic automated scraping and endpoint enumeration against equitysteward.org. 1 offences recorde ... show more Systematic automated scraping and endpoint enumeration against equitysteward.org. 1 offences recorded. Trigger: Honeypot path accessed: /.env — deliberately ignored robots.txt Disallow directive.. Canary ref: 6e5802c3-d43. show less	Web App Attack Bad Web Bot
Anonymous	2026-06-07 05:02:43 (9 hours ago)	91.92.42.248 - - [07/Jun/2026:13:02:43 +0800] "GET /.env HTTP/1.1" 200 19012 "-" "Mozilla/5.0 (Macin ... show more 91.92.42.248 - - [07/Jun/2026:13:02:43 +0800] "GET /.env HTTP/1.1" 200 19012 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:139.0) Gecko/20100101 Firefox/139.0" ... show less	Bad Web Bot Web App Attack

Showing 1 to 15 of 178 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 178.16.55.161

🇳🇱 45.74.59.2

🇩🇪 43.228.157.234

🇮🇪 34.254.223.33

🇳🇱 5.61.209.126

🇳🇱 185.223.235.18

🇨🇱 181.43.104.166

🇨🇳 124.227.31.27

🇺🇸 104.236.229.227

🇺🇸 91.230.168.68

🇸🇬 68.183.234.194

🇺🇦 62.182.85.212

🇳🇱 45.148.10.141

🇺🇸 208.84.100.220

🇲🇿 197.219.228.246

🇳🇱 193.176.31.236

🇮🇶 185.24.60.203

🇺🇸 96.78.175.36

🇳🇱 77.83.39.241

🇬🇧 2a06:4880:6000::8a