JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 64.89.163.28

64.89.163.28 was found in our database!

This IP was reported 30 times. Confidence of Abuse is 100%: ?

100%

ISP	Meowcore Softworks LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS401626
Domain Name	geofeed.space
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 64.89.163.28

Whois 64.89.163.28

IP Abuse Reports for 64.89.163.28:

This IP address has been reported a total of 30 times from 24 distinct sources. 64.89.163.28 was first reported on June 13th 2026, and the most recent report was 29 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 RogueAutomata	2026-06-15 11:02:25 (29 minutes ago)	Detected malicious request: GET /.env Detections triggered: Environment/config probe Access via IP ... show more Detected malicious request: GET /.env Detections triggered: Environment/config probe Access via IP addr (v4) show less	Web App Attack
Anonymous	2026-06-15 09:45:40 (1 hour ago)	64.89.163.28 - - [15/Jun/2026:09:45:38 +0000] "GET /.env HTTP/1.1" 404 162 "-" "Mozilla/5.0 (Macinto ... show more 64.89.163.28 - - [15/Jun/2026:09:45:38 +0000] "GET /.env HTTP/1.1" 404 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" 64.89.163.28 - - [15/Jun/2026:09:45:38 +0000] "GET /wp-content/ HTTP/1.1" 404 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" ... show less	Web App Attack
🇮🇩 securejdprop	2026-06-15 09:37:52 (1 hour ago)	This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET DROP Spamhaus D ... show more This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET DROP Spamhaus DROP Listed Traffic Inbound group 9). Ip 64.89.163.28 performed 'crowdsecurity/suricata-major-severity' (1 events over 0s) at 2026-06-15 09:37:49.69199877 +0000 UTC show less	Hacking Web App Attack
🇹🇷 Threat.live	2026-06-15 08:35:02 (2 hours ago)	Suspicious Connection Attempts	Brute-Force
🇬🇧 OptimusGO	2026-06-15 07:55:10 (3 hours ago)	Malicious activity detected: web_attack Server: commstackbc (185.127.18.66) Attack: web_attack Time ... show more Malicious activity detected: web_attack Server: commstackbc (185.127.18.66) Attack: web_attack Timestamp: 2026-06-15 08:55:10 UTC Log evidence: 64.89.163.28 - - [15/Jun/2026:08:55:09 +0100] "GET /.env HTTP/1.1" 404 146 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" 64.89.163.28 - - [15/Jun/2026:08:55:09 +0100] "GET /wp-content/ HTTP/1.1" 404 146 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" 06/15/2026-08:55:09.514911 [wDrop] [] [1:1000110:2] SECURITY CRITICAL: .env File Access Attempt - INSTANT BAN [] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 64.89.163.28:54839 -> 185.127.18.66:80 show less	Port Scan Brute-Force
🇧🇷 diego	2026-06-15 03:01:53 (8 hours ago)	[rede-arem1] 06/15/2026-00:01:53.373370, 64.89.163.28, Protocol: 6, ET DROP Spamhaus DROP Listed Tra ... show more [rede-arem1] 06/15/2026-00:01:53.373370, 64.89.163.28, Protocol: 6, ET DROP Spamhaus DROP Listed Traffic Inbound group 9 show less	Hacking
🇩🇪 Bedios GmbH	2026-06-15 02:31:52 (9 hours ago)	Wordpress hacking attempt	Web App Attack
🇺🇸 mccsoft.io	2026-06-15 02:10:17 (9 hours ago)	Web application attack / vulnerability scanning against our public nginx web server (TCP 80/443). So ... show more Web application attack / vulnerability scanning against our public nginx web server (TCP 80/443). Source matched a blocked-path security rule (jail nginx-444); server returned HTTP 444 (connection closed without response). TCP three-way handshake completed (full HTTP request received). show less	Bad Web Bot Web App Attack
🇫🇷 Baking333	2026-06-15 00:27:59 (11 hours ago)	redacted:80 64.89.163.28 - - [15/Jun/2026:01:27:57 +0100] "GET /.env HTTP/1.1" 200 147 0/24710 "-" " ... show more redacted:80 64.89.163.28 - - [15/Jun/2026:01:27:57 +0100] "GET /.env HTTP/1.1" 200 147 0/24710 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" redacted:80 64.89.163.28 - - [15/Jun/2026:01:27:57 +0100] "GET /wp-content/ HTTP/1.1" 301 533 0/338 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" show less	Bad Web Bot Web App Attack
🇪🇸 bohl-aiG5aef	2026-06-15 00:17:34 (11 hours ago)	Suricata Alert [SID:2031502] ET INFO Request to Hidden Environment File - Inbound	Hacking
🇩🇪 bescared	2026-06-14 23:20:07 (12 hours ago)	F2B - Malicious activity detected. URL Probing. -151302cd-	Hacking Bad Web Bot Web App Attack
🇺🇸 Starburst SysOp Team	2026-06-14 23:19:46 (12 hours ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-mnz6-7)	Hacking Bad Web Bot
🇺🇸 LotPhantom	2026-06-14 22:53:06 (12 hours ago)	64.89.163.28 - - [14/Jun/2026:22:52:06 +0000] "GET /.env HTTP/1.1" 404 146 "-" "Mozilla/5.0 (Macinto ... show more 64.89.163.28 - - [14/Jun/2026:22:52:06 +0000] "GET /.env HTTP/1.1" 404 146 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" "0" ... show less	Web App Attack
🇸🇬 securejdprop	2026-06-14 22:51:48 (12 hours ago)	This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET DROP Spamhaus D ... show more This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET DROP Spamhaus DROP Listed Traffic Inbound group 9). Ip 64.89.163.28 performed 'crowdsecurity/suricata-major-severity' (1 events over 0s) at 2026-06-14 22:51:46.733658327 +0000 UTC show less	Hacking Web App Attack
🇦🇹 Pingger Shikkoken	2026-06-14 21:57:37 (13 hours ago)	2026-06-14T21:57:37+00:00 iskariot kernel: AbuseIPDB-Blacklist-Dropped: IN=ens3 OUT=ServerBridge MAC ... show more 2026-06-14T21:57:37+00:00 iskariot kernel: AbuseIPDB-Blacklist-Dropped: IN=ens3 OUT=ServerBridge MAC=b6:ab:74:e6:2e:14:84:03:28:62:58:1a:08:00 SRC=64.89.163.28 DST=10.1.1.2 LEN=52 TOS=0x02 PREC=0x00 TTL=117 ID=23128 DF PROTO=TCP SPT=63583 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 2026-06-14T21:57:38+00:00 iskariot kernel: AbuseIPDB-Blacklist-Dropped: IN=ens3 OUT=ServerBridge MAC=b6:ab:74:e6:2e:14:84:03:28:62:58:1a:08:00 SRC=64.89.163.28 DST=10.1.1.2 LEN=52 TOS=0x02 PREC=0x00 TTL=117 ID=23129 DF PROTO=TCP SPT=63583 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 2026-06-14T21:57:40+00:00 iskariot kernel: AbuseIPDB-Blacklist-Dropped: IN=ens3 OUT=ServerBridge MAC=b6:ab:74:e6:2e:14:84:03:28:62:58:1a:08:00 SRC=64.89.163.28 DST=10.1.1.2 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=23130 DF PROTO=TCP SPT=63583 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 show less	Hacking Bad Web Bot

Showing 1 to 15 of 30 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 193.163.125.100

🇮🇳 159.65.156.145

🇺🇸 20.98.140.180

🇰🇷 220.71.199.64

🇮🇩 203.83.45.113

🇫🇷 185.177.72.67

🇸🇬 168.138.177.40

🇳🇱 160.119.69.14

🇹🇭 118.194.251.144

🇺🇸 66.132.172.43

🇨🇳 39.105.133.77

🇺🇸 216.73.161.220

🇮🇳 122.183.57.114

🇨🇳 115.231.78.11

🇫🇷 91.196.152.29

🇬🇧 89.37.172.136

🇺🇸 20.80.105.86

🇰🇷 222.232.176.7

🇨🇳 221.228.10.226

🇧🇷 187.8.3.230