JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 94.231.113.91

94.231.113.91 was found in our database!

This IP was reported 394 times. Confidence of Abuse is 100%: ?

100%

ISP	JSC ER-Telecom Holding Ryazan branch
Usage Type	Fixed Line ISP
ASN	AS56420
Hostname(s)	94-231-113-91.nat.nlink.ru
Domain Name	ertelecom.ru
Country	🇷🇺 Russian Federation
City	Ryazan', Ryazan Oblast

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 94.231.113.91

Whois 94.231.113.91

IP Abuse Reports for 94.231.113.91:

This IP address has been reported a total of 394 times from 261 distinct sources. 94.231.113.91 was first reported on May 7th 2026, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 BellFix	2026-05-22 14:41:32 (3 weeks ago)	Fail2ban reported 94.231.113.91 for npm-docker	Web App Attack
🇳🇱 BellFix	2026-05-19 16:26:01 (3 weeks ago)	Fail2ban reported 94.231.113.91 for npm-docker	Web App Attack
🇺🇸 wasuma	2026-05-18 04:24:04 (3 weeks ago)	Honeypot: Apache path traversal RCE (CVE-2021-41773). C2 payload URL: http://125.135.169.171/sh. Pat ... show more Honeypot: Apache path traversal RCE (CVE-2021-41773). C2 payload URL: http://125.135.169.171/sh. Path: /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh show less	Port Scan Web App Attack
🇵🇱 wikdomain	2026-05-15 14:15:50 (4 weeks ago)	WEB Apache HTTP Server Path traversal (CVE-2021-41773) Attack at 2026-05-11 08:28:38 GMT, Source: 94 ... show more WEB Apache HTTP Server Path traversal (CVE-2021-41773) Attack at 2026-05-11 08:28:38 GMT, Source: 94.231.113.91, Destination: 192.168.1.52. Reported at 2026-05-15 14:15:50 GMT show less	Web App Attack
🇨🇭 SOC [GOLINE SA]	2026-05-15 02:12:24 (4 weeks ago)	[RoutePulse \| 2026-05-15T02:12:24Z \| RTBH-INJECTED] ATTACK CLASS: behavioral SOURCE: 94.231.113.91 ( ... show more [RoutePulse \| 2026-05-15T02:12:24Z \| RTBH-INJECTED] ATTACK CLASS: behavioral SOURCE: 94.231.113.91 (94-231-113-91.nat.nlink.ru) · AS56420 JSC ER-Telecom Holding · Russia EVIDENCE: AbuseIPDB score 100% with 390 reports, threatScore 100, and previous verdict of Botnet C2 Node targeting our infrastructure IP 185.54.81.22 (portal.tschingg.eu/SharePoint) persistently over 2 days. Active TCP/HTTP probing of internal ShareP INTEL: AbuseIPDB 100% \| feeds: FortiAnalyzer Threat Intel,IPsum Level 4 (very low FP),Wazuh SIEM — Wazuh Threat Intel (built-in TI enrichment),AbuseIPDB_IP_Blacklist (105) \| RoutePulse score 100/100 CONVICTION: Tier 4, LLR 2.12 (multi-source SPRT) MITRE: T1071 Application Layer Protocol DETECTION: Conviction Engine SPRT + 18-model ML ensemble + 5-pillar threat scoring ACTION: BGP null route injected at RoutePulse network edge show less	Hacking
🇩🇪 phil2k	2026-05-14 23:20:46 (4 weeks ago)	TCP portscan or auth bruteforce on ports: 2375 telnet : Firewall: Within 2026-05-08 15:56:01 - 2026- ... show more TCP portscan or auth bruteforce on ports: 2375 telnet : Firewall: Within 2026-05-08 15:56:01 - 2026-05-12 15:29:11 CEST(+0200) identified: unallowed access from 94.231.113.91/32 on uncommon port/s: 2375(tcp:2375),23(telnet) (2 trials) Fail2ban: Within 2026-05-08 15:56:01 - 2026-05-12 15:29:11 CEST(+0200) banned: 9 times by fail2ban[firewall]; 9 times by fail2ban[recidive] show less	Port Scan Brute-Force
🇨🇭 SOC [GOLINE SA]	2026-05-14 03:10:48 (1 month ago)	FortiGate detected IPS attack from IPv4 address 94.231.113.91	Hacking
🇨🇭 SOC [GOLINE SA]	2026-05-14 01:33:53 (1 month ago)	[RoutePulse \| 2026-05-14T01:33:53Z \| RTBH-INJECTED] ATTACK CLASS: behavioral SOURCE: 94.231.113.91 ( ... show more [RoutePulse \| 2026-05-14T01:33:53Z \| RTBH-INJECTED] ATTACK CLASS: behavioral SOURCE: 94.231.113.91 (94-231-113-91.nat.nlink.ru) · AS56420 JSC ER-Telecom Holding · Russia EVIDENCE: Auto-classified: threat score 36 is below AI analysis threshold (70). Monitoring under observation. INTEL: AbuseIPDB 100% \| feeds: FortiAnalyzer Threat Intel,Wazuh SIEM — Wazuh Threat Intel (built-in TI enrichment),AbuseIPDB_IP_Blacklist,IPsum Level 4 (very low FP) (105) \| RoutePulse score 97/100 CONVICTION: Tier 4, LLR 1.00 (multi-source SPRT) MITRE: T1071 Application Layer Protocol DETECTION: Conviction Engine SPRT + 18-model ML ensemble + 5-pillar threat scoring ACTION: BGP null route injected at RoutePulse network edge show less	Hacking
🇬🇧 andypiper	2026-05-14 01:02:49 (1 month ago)	CrowdSec ban for AbuseIPDB Top List	Brute-Force Web App Attack
🇭🇺 DumaNet	2026-05-13 18:42:00 (1 month ago)	Web app attack attempts, scanning for vulnerability. Date: 2026 May 13. 11:18:02 Source IP: 94.231 ... show more Web app attack attempts, scanning for vulnerability. Date: 2026 May 13. 11:18:02 Source IP: 94.231.113.91 Portion of the log(s): 94.231.113.91 - - [13/May/2026:11:18:00 +0200] "GET /demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 153 "-" "libredtail-http" 94.231.113.91 - - [13/May/2026:11:18:00 +0200] "GET /api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 153 "-" "libredtail-http" 94.231.113.91 - - [13/May/2026:11:18:00 +0200] "GET /testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 153 "-" "libredtail-http" 94.231.113.91 - - [13/May/2026:11:17:59 +0200] "GET /test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 153 "-" "libredtail-http" 94.231.113.91 - - [13/May/2026:11:17:59 +0200] "GET /tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 153 "-" "libredtail-http" 94.231.113.91 - - [13/May/2026:11:17:59 +0200] "GET /V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 153 "-" "libre show less	Web App Attack
🇭🇺 DumaNet	2026-05-13 18:27:00 (1 month ago)	Web app attack attempts, scanning for vulnerability. Date: 2026 May 13. 11:08:56 Source IP: 94.231 ... show more Web app attack attempts, scanning for vulnerability. Date: 2026 May 13. 11:08:56 Source IP: 94.231.113.91 Portion of the log(s): 94.231.113.91 - - [13/May/2026:11:08:56 +0200] "GET /lib/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 153 "-" "libredtail-http" 94.231.113.91 - - [13/May/2026:11:08:56 +0200] "GET /lib/phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" 404 153 "-" "libredtail-http" 94.231.113.91 - - [13/May/2026:11:08:56 +0200] "GET /lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 153 "-" "libredtail-http" 94.231.113.91 - - [13/May/2026:11:08:56 +0200] "GET /phpunit/Util/PHP/eval-stdin.php HTTP/1.1" 404 153 "-" "libredtail-http" 94.231.113.91 - - [13/May/2026:11:08:56 +0200] "GET /phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 153 "-" "libredtail-http" 94.231.113.91 - - [13/May/2026:11:08:55 +0200] "GET /phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" 404 153 "-" "libredtail-http" 94.231.113.91 - - [13/May/2026:11:08:55 +0200] "GET /phpunit/phpunit/src/Util/PHP/ show less	Web App Attack
🇧🇷 chronos	2026-05-13 10:10:22 (1 month ago)	2026-05-13 07:03:43 UTC-3\|\|Unauthorized connection attempt detected for port scanning	Port Scan
🇫🇷 GoodOldTOS	2026-05-13 09:30:16 (1 month ago)	Bad keywords detected in request: /cgi-bin/	Web App Attack
🇨🇭 Ribeye375	2026-05-13 08:43:58 (1 month ago)	HIPS rce-attempt - Block tcp/0:65535	Hacking Web App Attack
🇹🇷 Detmach	2026-05-13 08:12:58 (1 month ago)	Security attack detected. Multiple failed attempts from 94.231.113.91. IP banned for 1440 minutes at ... show more Security attack detected. Multiple failed attempts from 94.231.113.91. IP banned for 1440 minutes at 13.05.2026 11:11:57. Failed attempts: 1 show less	Brute-Force

Showing 1 to 15 of 394 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 183.36.179.7

🇺🇸 147.185.132.143

🇸🇬 129.226.221.96

🇬🇧 46.101.2.249

🇧🇪 198.235.24.238

🇦🇷 181.167.106.40

🇺🇸 156.154.67.196

🇨🇳 111.26.6.111

🇲🇲 103.154.241.61

🇷🇴 93.114.194.159

🇮🇹 88.147.30.59

🇺🇸 73.235.99.213

🇱🇹 45.125.66.11

🇮🇳 34.131.174.236

🇺🇸 216.25.89.78

🇩🇪 194.59.206.2

🇸🇬 194.5.82.127

🇨🇴 181.129.41.162

🇫🇮 178.20.210.208

🇺🇸 144.126.129.217