Critical Threat
IP 91.92.241.242 is a critical-risk address associated with 425 abuse reports indicating it functions as an exploited host, meaning the machine has been compromised and is being weaponized by threat actors to conduct attacks without the owner's knowledge. The Netherlands-based IP has been flagged with a perfect threat score of 10/10, reflecting the severity of malicious activity originating from this address during November 2025.
Analysis of the report data reveals this IP was detected by 20 separate automated honeypot sensors, generating a substantial volume of abuse reports concentrated within a single month. The network is registered to metaspinner net GmbH under ASN AS209800, placing the infrastructure within a commercial hosting environment. The reported activity centers on malware and exploit delivery mechanisms, suggesting the compromised system is being leveraged as a staging point or attack platform for subsequent intrusion campaigns. Despite a confidence score of 71 percent, the sheer volume of independent detections and the consistent attribution to exploited-host behavior patterns establish a clear threat profile.
Exploited-host activity represents a particularly concerning threat vector because it involves hijacked infrastructure rather than attacker-controlled servers. Systems running exploited-host IPs are typically unwitting participants in malicious operations, meaning their legitimate owners remain unaware their resources are being weaponized for credential theft, malware distribution, or coordinated scanning. This pattern creates downstream risk for any organization whose defensive perimeters encounter traffic originating from this address, as such traffic may carry payloads designed to exploit vulnerable services.
Site operators should immediately block IP 91.92.241.242 at the network perimeter and implement deep-packet inspection to identify any associated malicious payloads in ingress traffic. Deploying tools such as fail2ban or equivalent rate-limiting solutions can help mitigate repeated connection attempts from similar patterns. Investigating internal logs for any prior contact with this address is strongly advised, and organizations discovering related indicators should consider notifying the hosting provider to facilitate remediation of the compromised system. Ongoing monitoring of abuse-feed blocklists will ensure timely detection of any renewed activity from this source.
BG 
RO 
GB 
JP 
LV 
KR 
TH