Critical Alert
IP 91.92.242.109 is a critical-risk address with a threat level of 10/10 that has accumulated 876 abuse reports from automated honeypot sensors since November 2025, making it one of the most actively malicious IPs observed in recent months. The Dutch-hosted address, operating through AS209800 under metaspinner net GmbH, is associated exclusively with hacking activity, representing a sustained and deliberate campaign to compromise vulnerable systems.
Security monitoring systems detected this IP across multiple automated honeypot sensors between November 2025 and April 2026, with all 876 reports consistently categorizing the activity as hacking attempts. While the confidence score of 68% indicates some uncertainty in attribution, the sheer volume of independent reports from automated sensors provides strong corroboration of malicious intent. The Netherlands-based network infrastructure has been exploited as a staging point for these intrusion attempts, though the activity pattern suggests the address itself may be part of a broader compromised or botnet-controlled infrastructure rather than a direct operator-controlled server.
Hacking activity encompasses a broad spectrum of intrusion methodologies, including vulnerability exploitation, credential brute-forcing, and attempts to gain unauthorized system access through misconfigured or outdated services. The persistent and concentrated nature of the reports indicates systematic probing rather than opportunistic scanning, suggesting the operator behind this IP is actively seeking specific entry points. Organizations with exposed services matching the honeypot detection profile face concrete risks of credential compromise, data exfiltration, or malware installation if this IP's activity succeeds against unhardened targets.
Network defenders should immediately block traffic from 91.92.242.109 at the firewall or edge-device level and implement aggressive rate-limiting on services that have been targeted. Deploying tools such as fail2ban to dynamically ban repeated offenders provides an additional automated layer of protection. Maintaining rigorous patching cycles, enforcing strong authentication requirements with multi-factor authentication wherever possible, and deploying intrusion detection monitoring will substantially reduce the attack surface this IP could exploit. Organizations should also monitor their logs for any connections from this address as a precaution.
MC 
UA 
GB 
IR 
CO