JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 64.89.163.197

64.89.163.197 was found in our database!

This IP was reported 66 times. Confidence of Abuse is 100%: ?

100%

ISP	Meowcore Softworks LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS401626
Domain Name	geofeed.space
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 64.89.163.197

Whois 64.89.163.197

IP Abuse Reports for 64.89.163.197:

This IP address has been reported a total of 66 times from 40 distinct sources. 64.89.163.197 was first reported on June 16th 2026, and the most recent report was 16 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 jfz-abuse	2026-06-26 19:58:42 (16 hours ago)	fail2ban: apache-filepath-recon ...	Web App Attack
🇺🇸 aks4226	2026-06-26 14:30:30 (22 hours ago)	Attacking common web applications. (n01)	Web App Attack
🇸🇬 anotherwatcher	2026-06-26 13:26:47 (23 hours ago)	bad bot	Bad Web Bot
🇫🇷 giulio gorobey	2026-06-24 15:00:02 (2 days ago)	[Drupal AbuseIPDB module] Request path is blacklisted. /.env	Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 13:45:13 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 64.89.163.197 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 64.89.163.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 09:45:07.293193 2026] [security2:error] [pid 14623:tid 14623] [client 64.89.163.197:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jspsf.com"] [uri "/.env"] [unique_id "ajvfY_qWrFavjmJv96Yg_gAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 11:19:30 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 64.89.163.197 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 64.89.163.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 07:19:25.824220 2026] [security2:error] [pid 17676:tid 17676] [client 64.89.163.197:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nyemdr.org"] [uri "/.env"] [unique_id "aju9PegDN9FaNMIuzP-FDwAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 🇨🇭 Hosting	2026-06-24 05:10:17 (3 days ago)	Automated WAF report: 125-150 blocked requests from this IP detected by our WAF.	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 04:31:16 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 64.89.163.197 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 64.89.163.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 00:31:10.381085 2026] [security2:error] [pid 28324:tid 28324] [client 64.89.163.197:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kryptonome.com"] [uri "/.env"] [unique_id "ajtdjiAD4VJx7Hl6rsG24QAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 alferez	2026-06-24 03:21:18 (3 days ago)	Searching .(env\|sql\|zip\|tar\|rar) files	Hacking Exploited Host Web App Attack
🇭🇺 Adorjan Daczo	2026-06-23 23:49:45 (3 days ago)	Probe for vulnerabilities. Path attempted: /.env	Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 23:48:47 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 64.89.163.197 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 64.89.163.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 19:48:44.634198 2026] [security2:error] [pid 23423:tid 23423] [client 64.89.163.197:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webfrog.ws"] [uri "/.env"] [unique_id "ajsbXN2wS_Ezx_b6AycSxgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-23 22:33:48 (3 days ago)	64.89.163.197 - - [23/Jun/2026:17:32:02 -0500] "GET /.env HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Window ... show more 64.89.163.197 - - [23/Jun/2026:17:32:02 -0500] "GET /.env HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36" 64.89.163.197 64.89.163.197 - - [23/Jun/2026:17:32:02 -0500] "GET /.env HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36" 64.89.163.197 64.89.163.197 - - [23/Jun/2026:17:32:02 -0500] "GET /.env HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36" 64.89.163.197 64.89.163.197 - - [23/Jun/2026:17:32:02 -0500] "GET /.env HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36" 64.89.163.197 64.89.163.197 - - [23/Jun/2026:17:32:02 -0500] "GET /.env HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome ... show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 gadix	2026-06-23 19:39:35 (3 days ago)	[23/Jun/2026:21:39:34.231005 +0200] ajrg9lT-x2IkdPP8nkQQwgAAAIY 64.89.163.197 43444 127.0.0.1 7081 [ ... show more [23/Jun/2026:21:39:34.231005 +0200] ajrg9lT-x2IkdPP8nkQQwgAAAIY 64.89.163.197 43444 127.0.0.1 7081 [23/Jun/2026:21:39:34.231781 +0200] ajrg9lT-x2IkdPP8nkQQwwAAAIg 64.89.163.197 43438 127.0.0.1 7081 [23/Jun/2026:21:39:34.234514 +0200] ajrg9lT-x2IkdPP8nkQQxAAAAIQ 64.89.163.197 43446 127.0.0.1 7081 ... show less	Web App Attack
🇭🇺 kranem	2026-06-23 18:02:41 (3 days ago)	Triggered Cloudflare WAF from DE. Action taken: BLOCK ASN: 401626 (Netiface America, Inc.) Protocol: ... show more Triggered Cloudflare WAF from DE. Action taken: BLOCK ASN: 401626 (Netiface America, Inc.) Protocol: HTTP/1.1 (GET method) Endpoint: /.env Timestamp: 2026-06-23T15:18:37Z User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36 show less	Bad Web Bot
🇳🇱 enpepet	2026-06-23 17:29:37 (3 days ago)	GENERAL: parametres: [url:env=] UA:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHT ... show more GENERAL: parametres: [url:env=] UA:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36 URL:/.env show less	Port Scan Hacking Brute-Force Bad Web Bot

Showing 1 to 15 of 66 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2602:80d:1007::23

🇨🇳 223.109.141.9

🇮🇳 47.15.235.224

🇳🇱 45.148.10.147

🇩🇪 213.209.159.226

🇬🇧 194.50.235.135

🇰🇿 178.88.112.170

🇺🇸 104.22.24.45

🇭🇰 101.36.112.101

🇳🇱 62.164.177.41

🇻🇳 27.79.0.180

🇺🇸 209.112.91.74

🇳🇱 193.176.31.208

🇫🇷 167.86.123.111

🇨🇳 123.190.186.184

🇳🇱 64.89.162.131

🇿🇦 45.220.15.222

🇺🇸 20.163.14.227

🇹🇼 198.235.24.101

🇧🇷 179.251.40.98