Is IP address 91.224.92.17 dangerous?

Yes, 91.224.92.17 is considered dangerous with a threat level of 8/10. It has been reported 1,307 times for malicious activities including . We recommend blocking this IP address.

Who owns or operates IP address 91.224.92.17?

IP address 91.224.92.17 is operated by UAB Host Baltic (ASN 209605) and is geolocated to GB. This information is derived from public WHOIS and geolocation databases.

Should I block IP address 91.224.92.17?

Yes, blocking 91.224.92.17 is strongly recommended. With a threat level of 8/10 and 1,307 security reports, this IP poses significant risk. Implement firewall rules to block incoming and outgoing traffic.

How accurate is this threat assessment for 91.224.92.17?

Our threat assessment for 91.224.92.17 has a confidence score of 66%, based on 1,307 independent reports from multiple independent sources. Higher confidence scores indicate more reliable assessments.

IP Address

91.224.92.17

IPv4 Public

AS209605

UAB Host Baltic

1,307 Reports

GB Location

UAB Host Baltic ASN 209605

1,307 Reports

Honeypot Data Source

High Risk

IP 91.224.92.17 is a high-risk address with a threat level of 8 out of 10 that has been linked to web application attacks, accumulating 1,306 total abuse reports from automated honeypot sensors between August and October 2025. The IP originates from the United Kingdom and is routed through ASN AS209605, operated by UAB Host Baltic, a hosting provider whose infrastructure has been associated with scanning and probing activity in threat intelligence databases.

The confidence score of 63 percent reflects moderate certainty in the attribution, based on 20 recent reports specifically categorizing the activity as web application attacks. The detection timeframe spans approximately three months, with the first reports appearing in August 2025 and the most recent in October 2025. The activity frequency metric of 0 out of 10 suggests intermittent rather than continuous engagement, which is consistent with automated scanning campaigns that probe large IP ranges in irregular patterns rather than sustained targeted assaults against a single host.

Web application attacks encompass exploitation attempts targeting vulnerabilities described in the OWASP Top 10, including cross-site scripting, cross-site request forgery, file inclusion vulnerabilities and other input-validation weaknesses in web-facing software. The probe pattern detected suggests this address is systematically scanning the internet for vulnerable web applications, potentially as a precursor to more targeted compromise or as part of an automated exploitation toolkit designed to identify easily breached targets at scale.

Site operators exposing web services should consider implementing a web application firewall to filter malicious request patterns, enforce strict input validation on all user-supplied data and maintain current patch cycles for all web software including content management systems, plugins and backend frameworks. Deploying rate-limiting rules on authentication and form-submission endpoints can further disrupt automated scanning activity. Community tools such as fail2ban can be configured to automatically block IPs exhibiting aggressive probe behaviour based on log analysis.

More threatening than 79% of monitored IPs

Threat Categories

Web App Attack 29

Hacking 1

Exploited Host 1

SSH 1

Technical Details

Web application attacks target vulnerabilities like XSS, CSRF, file inclusion, and other OWASP Top 10 issues.

Recommended Mitigations

Deploy web application firewalls, keep applications updated, and conduct regular security audits.

Behavioral Analysis

Activity Pattern: Consistent Activity

Steady malicious activity over less than a day indicates persistent threat actor operations.

First Observed 17. June 2026

Last Activity 17. June 2026

Recent (7 days) 1 incidents

Moderate Network Risk

The network hosting this IP (ASN 209605, operated by UAB Host Baltic) shows moderate threat indicators. Some concerning activity has been detected from neighboring addresses.

Consider the network context when assessing this individual IP.

Security Recommendations

Long-term blocking recommended.

Reputation Summary

Threat Level 8/10 High

Critical

Activity Frequency 6/10 Moderate

Confidence Score 66% High Confidence

Confidence History

17. Sep 2025 - 17. Jun 2026

66% Current

Stable Trend

Date	Categories	Source	Confidence
17. Jun 2026 New	Hacking SSH Exploited Host	Honeypot x3	75%
6. Oct 2025	Web App Attack	Honeypot	75%
30. Sep 2025	Web App Attack	Honeypot	75%
30. Sep 2025	Web App Attack	Honeypot	75%
29. Sep 2025	Web App Attack	Honeypot	75%
29. Sep 2025	Web App Attack	Honeypot	75%
17. Sep 2025	Web App Attack	Honeypot	75%
17. Sep 2025	Web App Attack	Honeypot	75%
17. Sep 2025	Web App Attack	Honeypot	75%
17. Sep 2025	Web App Attack	Honeypot	75%
17. Sep 2025	Web App Attack	Honeypot	75%
17. Sep 2025	Web App Attack	Honeypot	75%
17. Sep 2025	Web App Attack	Honeypot	75%
17. Sep 2025	Web App Attack	Honeypot	75%
17. Sep 2025	Web App Attack	Honeypot	75%
17. Sep 2025	Web App Attack	Honeypot	75%
17. Sep 2025	Web App Attack	Honeypot	75%
17. Sep 2025	Web App Attack	Honeypot	75%
17. Sep 2025	Web App Attack	Honeypot	75%
17. Sep 2025	Web App Attack	Honeypot	75%
17. Sep 2025	Web App Attack	Honeypot	75%
17. Sep 2025	Web App Attack	Honeypot	75%
17. Sep 2025	Web App Attack	Honeypot	75%
17. Sep 2025	Web App Attack	Honeypot	75%
17. Sep 2025	Web App Attack	Honeypot	75%
17. Sep 2025	Web App Attack	Honeypot	75%
17. Sep 2025	Web App Attack	Honeypot	75%
17. Sep 2025	Web App Attack	Honeypot	75%
17. Sep 2025	Web App Attack	Honeypot	75%
17. Sep 2025	Web App Attack	Honeypot	75%

Basic Information

IP Address: 91.224.92.17
IP Version: IPv4
Network Type: Public
Tor Network: No
Network Class: Class A

Geolocation

Country: GB
ASN: AS209605
ISP: UAB Host Baltic

DNS Information

Reverse DNS: srv-91-224-92-17.serveroffer.net
PTR Record: Yes
Connection Type: Dynamic

Statistics

Total Reports: 1,307
First Reported: 15 Aug 2025
Last Reported: 17 Jun 2026, 03:30

Network Reputation

Analysis of the entire network (ASN) that this IP address belongs to, providing context about the hosting provider and network-wide threat patterns.

Network Identity

ASN: AS209605

Organization: UAB Host Baltic

Country:

Network Threat Assessment

6/10

This network shows moderate threat levels with some malicious activity patterns.

Network Statistics

184

Total IPs Monitored

14,057

Total Reports

76.4

Reports per IP

Network Context

This IP address belongs to UAB Host Baltic (AS209605), which manages 184 IP addresses in our monitoring system. Out of these, 14,057 have been reported for suspicious activities, resulting in a network-wide threat level of 6/10.

Network warning: This network has elevated threat levels. Exercise caution when interacting with IPs from this ASN.

Comparative Analysis

How this IP compares to others in our threat intelligence database

79 %

Global Threat Ranking

This IP is more threatening than 79% of all IPs in our database.

High Threat Percentile

Global Comparison

Compared against 216,971 reported IPs worldwide

Threat Level 8/10 avg: 5.5 +

Total Reports 1,307 avg: 22 ++

Network Comparison

Compared against 203 IPs in ASN 209605

Threat Level 8/10 network avg: 6.5 +

Total Reports 1,307 network avg: 71 ++

Network UAB Host Baltic has overall threat level 6/10

Geographic Comparison

Compared against 4,568 IPs in GB

Threat Level 8/10 country avg: 5.6 +

Total Reports 1,307 country avg: 26 ++

Daily report activity over the last 30 days showing patterns and peaks.

Peak Day 17 Jun 2026 1 reports

Daily Average 0 reports/day

Most Active Sunday 336 reports

Evolution of threat level over time based on reported categories and frequency.

Initial Threat 6/10

Current Threat 6/10

Distribution of threat categories reported over time.

Top Threat Categories

Web App Attack 1,298

Hacking 8

Bad Web Bot 1

SSH 1

Exploited Host 1

Activity patterns showing when this IP is most active during the day and week.

Hourly Activity

Peak activity at 16:00 with 124 reports

Weekly Activity

Geographic Threat Distribution

203,417 threat incidents tracked globally • Last 24h: 18,919 Logs

FEED

Top Threat Sources

01

United States US

42,047 20.7%
02

India IN

32,530 16%
03

China CN

27,373 13.5%
04

Brazil BR

11,004 5.4%
05

Germany DE

7,701 3.8%
06

Singapore SG

6,800 3.3%
07

Indonesia ID

6,015 3%
08

Pakistan PK

5,312 2.6%
09

Russia RU

5,156 2.5%
10

Netherlands NL

4,682 2.3%

+40 more countries

THREAT LEVEL

LOW MED HIGH

IPs from the same Autonomous System (AS) network provider.

20 Related IPs

8.7/10 Avg Threat

93% Avg Confidence

20 High Threat

High-risk network: Majority of related IPs are flagged

High Risk

Threat Categories

Technical Details

Recommended Mitigations

Behavioral Analysis

Moderate Network Risk

Security Recommendations

Basic Information

Geolocation

DNS Information

Statistics

Network Reputation

Network Identity

Network Threat Assessment

Network Statistics

Network Context

Global Threat Ranking

Top Threat Categories

Hourly Activity

Weekly Activity

FEED

Top Threat Sources

JSON Report

Firewall Rules

iptables / netfilter

UFW (Ubuntu)

Windows Firewall

Cloudflare

nginx

Apache .htaccess

PDF Report

Analyzed high-risk IP addresses

reportedIP

Parkstraße 19, 80339 München

Consultation

+49-89-215505888

Report a IP

[email protected]