JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 91.92.42.63

91.92.42.63 was found in our database!

This IP was reported 563 times. Confidence of Abuse is 100%: ?

100%

ISP	Euro Crypt EOOD
Usage Type	Data Center/Web Hosting/Transit
ASN	AS209630
Domain Name	evro.net
Country	🇳🇱 Netherlands
City	Rotterdam, South Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 91.92.42.63

Whois 91.92.42.63

IP Abuse Reports for 91.92.42.63:

This IP address has been reported a total of 563 times from 278 distinct sources. 91.92.42.63 was first reported on May 21st 2026, and the most recent report was 6 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 dynamix	2026-06-04 17:25:00 (6 hours ago)	Multiple WAF Violations	Web App Attack
🇸🇬 nayumi	2026-06-04 16:51:44 (7 hours ago)	CrowdSec detection: crowdsecurity/appsec-vpatch \| Service: appsec, appsec	Hacking
🇩🇪 FeG Deutschland	2026-06-04 16:37:45 (7 hours ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇨🇭 dalslab ltd	2026-06-04 16:00:27 (7 hours ago)	[04/Jun/2026:17:55:55 +0200] - 404 404 - GET https tracking.dalslab.com "/.git/config" [Client 91.92 ... show more [04/Jun/2026:17:55:55 +0200] - 404 404 - GET https tracking.dalslab.com "/.git/config" [Client 91.92.42.63] [Length 15915] [Gzip -] [Sent-to ] "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:133.0) Gecko/20100101 Firefox/133.0" "http://tracking.dalslab.com/.git/config" [04/Jun/2026:18:00:27 +0200] - 404 404 - GET https tracking.dalslab.com "/phpinfo/info.php" [Client 91.92.42.63] [Length 27347] [Gzip -] [Sent-to ] "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:133.0) Gecko/20100101 Firefox/133.0" "http://tracking.dalslab.com/phpinfo/info.php" [04/Jun/2026:18:00:27 +0200] - 404 404 - GET https tracking.dalslab.com "/portal/phpinfo.php" [Client 91.92.42.63] [Length 27350] [Gzip -] [Sent-to ] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0" "http://tracking.dalslab.com/portal/phpinfo.php" [04/Jun/2026:18:00:27 +0200] - 404 404 - GET https tracking.dalslab.com "/config/parameters.yml" [Client 91.92.42.63] [ ... show less	Web Spam Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 15:40:43 (8 hours ago)	(mod_security) mod_security (id:210492) triggered by 91.92.42.63 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 91.92.42.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 11:40:37.653167 2026] [security2:error] [pid 13058:tid 13058] [client 91.92.42.63:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "colonybet.com"] [uri "/.git/config"] [unique_id "aiGcdb_WH_RwvWzyiR3AggAAABA"], referer: http://colonybet.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇯🇵 HeliJP	2026-06-04 14:46:09 (9 hours ago)	2026-06-04T00:11:18Z - Recognized attacks\bad behavior from IP address 91.92.42.63 on port 443\80 (9 ... show more 2026-06-04T00:11:18Z - Recognized attacks\bad behavior from IP address 91.92.42.63 on port 443\80 (94 daily hits): client denied by server configuration, The Application Returned a 500-Level Status Code show less	Port Scan Hacking SQL Injection Brute-Force Web App Attack
🇳🇱 WinnieHoneypots	2026-06-04 11:56:03 (11 hours ago)	Crappy bot probing nonexistent /.env	Brute-Force Bad Web Bot Web App Attack
🇳🇱 wolfemium	2026-06-04 10:47:56 (13 hours ago)	91.92.42.63 - - [04/Jun/2026:13:44:17 +0300] "GET /info.php HTTP/1.1" 502 552 "http://verymobile.it. ... show more 91.92.42.63 - - [04/Jun/2026:13:44:17 +0300] "GET /info.php HTTP/1.1" 502 552 "http://verymobile.it.kk.netanalyze.it/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" 91.92.42.63 - - [04/Jun/2026:13:44:17 +0300] "GET /wp-config.php HTTP/1.1" 502 150 "http://verymobile.it.kk.netanalyze.it/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:133.0) Gecko/20100101 Firefox/133.0" 91.92.42.63 - - [04/Jun/2026:13:44:17 +0300] "GET /config.php HTTP/1.1" 502 552 "http://verymobile.it.kk.netanalyze.it/" "Mozilla/5.0 (Linux; Android 14; Pixel 8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Mobile Safari/537.36" 91.92.42.63 - - [04/Jun/2026:13:44:17 +0300] "GET /phpinfo.php HTTP/1.1" 502 552 "http://verymobile.it.kk.netanalyze.it/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0" 91.92.42.63 - - [04/Jun/2026:13:47:55 +0300] "GET /settings.php HTTP/1.1" 5 ... show less	DDoS Attack
🇩🇪 Hary74656	2026-06-04 10:21:27 (13 hours ago)	[Thu Jun 04 12:21:26.263146 2026] [core:info] [pid 302088:tid 302198] [client 91.92.42.63:38530] AH0 ... show more [Thu Jun 04 12:21:26.263146 2026] [core:info] [pid 302088:tid 302198] [client 91.92.42.63:38530] AH00128: File does not exist: /home/harald/www/fehlende.info/portal/phpinfo.php, referer: http://fehlende.info/portal/phpinfo.php ... show less	Bad Web Bot
🇫🇷 masterguru	2026-06-04 09:58:00 (13 hours ago)	Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-201)	Hacking Web App Attack
🇮🇹 mediarama.com	2026-06-04 09:24:22 (14 hours ago)	Banned by Fail2Ban	Web App Attack
🇺🇸 Starburst SysOp Team	2026-06-04 08:30:33 (15 hours ago)	(mod_security-custom) mod_security (id:210492) triggered by 91.92.42.63 (BG/Bulgaria/Sofia-grad/Sofi ... show more (mod_security-custom) mod_security (id:210492) triggered by 91.92.42.63 (BG/Bulgaria/Sofia-grad/Sofia/-/[AS209630 KREDIT-AS]): 1 in the last 3600 secs (0-srv1) show less	Hacking
🇫🇷 masterguru	2026-06-04 07:02:09 (16 hours ago)	Restricted File Access Attempt. Matched phrase "phpinfo.php" at REQUEST_FILENAME. (930130-195)	Hacking Web App Attack
🇲🇾 Rizzy	2026-06-04 06:07:24 (17 hours ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇺🇸 Rip	2026-06-04 05:53:35 (18 hours ago)	WordPress attack surface probing: wp-login, wp-login.php	Port Scan Web App Attack

Showing 1 to 15 of 563 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2602:fb54:1400::1f5

🇺🇸 2602:80d:1008::3b

🇻🇪 190.97.230.198

🇸🇪 171.25.193.235

🇨🇳 111.225.149.242

🇷🇴 80.94.92.184

🇫🇷 62.138.3.40

🇺🇸 147.185.132.16

🇮🇩 103.15.226.202

🇺🇸 66.132.172.127

🇳🇱 45.148.10.206

🇳🇱 20.23.229.100

🇺🇸 205.210.31.104

🇺🇸 143.42.1.44

🇺🇸 142.248.80.72

🇩🇪 195.248.243.197

🇩🇪 178.105.163.37

🇺🇸 108.46.150.21

🇩🇪 217.234.92.249

🇱🇾 164.160.145.129