JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 66.78.34.89

66.78.34.89 was found in our database!

This IP was reported 31 times. Confidence of Abuse is 14%: ?

14%

ISP	Code200
Usage Type	Data Center/Web Hosting/Transit
ASN	AS21769
Domain Name	code200.global
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 66.78.34.89

Whois 66.78.34.89

IP Abuse Reports for 66.78.34.89:

This IP address has been reported a total of 31 times from 9 distinct sources. 66.78.34.89 was first reported on May 12th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-05-28 21:59:53 (1 week ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-27. show less	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-05-27 18:41:04 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 66.78.34.89 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 66.78.34.89 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 14:40:51.513963 2026] [security2:error] [pid 28129:tid 28160] [client 66.78.34.89:58035] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|2291106.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "2291106.com"] [uri "/config/database.php.bak"] [unique_id "ahc6s4U_7eO-d9NOj80lYgAAABE"], referer: https://www.google.com/search?q=2291106.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 12:19:27 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 66.78.34.89 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 66.78.34.89 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 08:19:19.873890 2026] [security2:error] [pid 18944:tid 18944] [client 66.78.34.89:48617] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.z-industrial.com"] [uri "/wp-config.php"] [unique_id "ahbhR6DOc5Erbw1EPw-5eQAAABg"], referer: https://www.google.com/search?q=autodiscover.z-industrial.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 10:28:06 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 66.78.34.89 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 66.78.34.89 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 06:27:59.185515 2026] [security2:error] [pid 25577:tid 25577] [client 66.78.34.89:35519] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "blanchebb.com"] [uri "/wp-config.php.save"] [unique_id "ahbHL6Nln0zIcjp5KwThUwAAAAU"], referer: https://www.google.com/search?q=blanchebb.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 19:06:10 (5 months ago)	(mod_security) mod_security (id:212620) triggered by 66.78.34.89 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:212620) triggered by 66.78.34.89 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 14:06:02.326632 2025] [security2:error] [pid 22842:tid 23016] [client 66.78.34.89:44717] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|ftp.kettlehill.net\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call=savefile&data=</script><script>alert(document.domain)</script>&mimetype=text/html;charset=utf-8"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "ftp.kettlehill.net"] [uri "/wp-content/plugins/jsmol2wp/php/jsmol.php"] [unique_id "aVLRGlKoonkfA7MmLZcPewAAAQ4"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-25 10:26:03 (6 months ago)	Malicious activity detected	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-11-13 14:09:03 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 66.78.34.89 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 66.78.34.89 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 09:08:57.357801 2025] [security2:error] [pid 29436:tid 29436] [client 66.78.34.89:48175] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.nbcnewsradio.com\|F\|2"] [data ".example.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.nbcnewsradio.com"] [uri "/.example.com"] [unique_id "aRXmeagH3rODJFVlOL9HGQAAACU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 dayda.net	2025-10-13 03:22:27 (7 months ago)	query: option=com_jtagmembersdirectory&task=attachment&download_file=../../../../../../../../../../. ... show more query: option=com_jtagmembersdirectory&task=attachment&download_file=../../../../../../../../../../../etc/passwd show less	Bad Web Bot
🇺🇸 TPI-Abuse	2025-07-27 01:44:08 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 66.78.34.89 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 66.78.34.89 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 21:44:04.326403 2025] [security2:error] [pid 783496:tid 783518] [client 66.78.34.89:38715] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.kettlehill.net"] [uri "/.env.www"] [unique_id "aIWEZEBIVxi3CeAsEkDyxgAAAU4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-29 15:35:11 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 66.78.34.89 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 66.78.34.89 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 11:35:02.928835 2025] [security2:error] [pid 2888724:tid 2888724] [client 66.78.34.89:53165] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.farmers123.com"] [uri "/wp-config.php-backup"] [unique_id "aDh-prVt4kIDToi1w9NmXgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-04-19 05:26:27 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 66.78.34.89 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:211190) triggered by 66.78.34.89 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 19 01:24:55.736603 2025] [security2:error] [pid 26434:tid 26437] [client 66.78.34.89:42417] [client 66.78.34.89] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|www.blog.spinningdesigns.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /api/console/api_server?sense_version=%40%40SENSE_VERSION&apis=../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "blog.spinningdesigns.com"] [uri "/api/console/api_server"] [unique_id "aAMzp0BDF0hFmouiiEBGdAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-01-17 14:10:05 (1 year ago)	\| Shellshock attack attempt	Hacking SQL Injection Web App Attack
Anonymous	2024-06-05 14:59:34 (2 years ago)		Web Spam
🇦🇺 oncord	2024-06-04 17:40:03 (2 years ago)	Form spam	Web Spam
Anonymous	2024-06-02 23:11:38 (2 years ago)		Web Spam

Showing 1 to 15 of 31 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 222.86.168.224

🇮🇩 103.19.231.170

🇧🇬 78.128.114.102

🇺🇸 31.57.63.117

🇧🇪 198.235.24.237

🇲🇽 187.140.215.8

🇲🇽 186.96.145.241

🇺🇸 147.182.241.81

🇷🇺 94.154.84.215

🇬🇧 35.203.211.93

🇺🇸 13.221.235.58

🇺🇸 13.217.227.148

🇻🇪 200.11.216.22

🇪🇹 196.189.236.162

🇬🇧 193.163.125.233

🇮🇳 182.95.178.70

🇩🇪 165.245.223.100

🇱🇹 45.227.254.170

🇺🇸 38.154.138.3

🇧🇩 27.147.200.142