JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 89.116.53.170

89.116.53.170 was found in our database!

This IP was reported 40 times. Confidence of Abuse is 100%: ?

100%

ISP	IPXO
Usage Type	Data Center/Web Hosting/Transit
ASN	AS47583
Domain Name	netutils.io
Country	🇳🇱 Netherlands
City	Meppel, Drenthe

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 89.116.53.170

Whois 89.116.53.170

IP Abuse Reports for 89.116.53.170:

This IP address has been reported a total of 40 times from 31 distinct sources. 89.116.53.170 was first reported on June 11th 2026, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 e.fierstra	2026-06-13 16:53:54 (2 hours ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇩🇪 gadix	2026-06-13 12:20:02 (6 hours ago)	[13/Jun/2026:14:19:59.354150 +0200] ai1K7xJdwkysRw-nCOXfIgAAAEU 89.116.53.170 41274 127.0.0.1 7081 [ ... show more [13/Jun/2026:14:19:59.354150 +0200] ai1K7xJdwkysRw-nCOXfIgAAAEU 89.116.53.170 41274 127.0.0.1 7081 [13/Jun/2026:14:19:59.627485 +0200] ai1K7xJdwkysRw-nCOXfIwAAAFc 89.116.53.170 41288 127.0.0.1 7081 [13/Jun/2026:14:19:59.628692 +0200] ai1K7xJdwkysRw-nCOXfJAAAAE4 89.116.53.170 41280 127.0.0.1 7081 ... show less	Web App Attack
Anonymous	2026-06-13 09:23:48 (9 hours ago)	(caddyscan) Scanner path probe from 89.116.53.170 (NL/The Netherlands/-): 5 in the last 3600 secs; P ... show more (caddyscan) Scanner path probe from 89.116.53.170 (NL/The Netherlands/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 89.116.53.170 - - [13/Jun/2026:09:23:44 +0000] "GET /core/.env.save HTTP/1.1" [REDACTED] 200 2627 89.116.53.170 - - [13/Jun/2026:09:23:44 +0000] "GET /admin/.env HTTP/1.1" [REDACTED] 200 2627 89.116.53.170 - - [13/Jun/2026:09:23:44 +0000] "GET /laravel/.env HTTP/1.1" [REDACTED] 200 2627 89.116.53.170 - - [13/Jun/2026:09:23:44 +0000] "GET /.env.save HTTP/1.1" [REDACTED] 200 2627 89.116.53.170 - - [13/Jun/2026:09:23:44 +0000] "GET /dev/.env HTTP/1.1" show less	Port Scan
🇳🇱 wlt-blocker	2026-06-13 06:54:31 (12 hours ago)	Unauthorized access to webpage admin	Web App Attack
🇵🇱 MatStef132	2026-06-13 06:47:28 (12 hours ago)	MatShield L7: blocked on justchat.icu (secret-path-probe)	DDoS Attack
Anonymous	2026-06-13 06:44:28 (12 hours ago)	(caddyscan) Scanner path probe from 89.116.53.170 (NL/The Netherlands/-): 5 in the last 3600 secs; P ... show more (caddyscan) Scanner path probe from 89.116.53.170 (NL/The Netherlands/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 89.116.53.170 - - [13/Jun/2026:06:44:25 +0000] "GET /core/.env.save HTTP/1.1" [REDACTED] 200 2627 89.116.53.170 - - [13/Jun/2026:06:44:25 +0000] "GET /backend/.env HTTP/1.1" [REDACTED] 200 2627 89.116.53.170 - - [13/Jun/2026:06:44:25 +0000] "GET /app/.env HTTP/1.1" [REDACTED] 200 2627 89.116.53.170 - - [13/Jun/2026:06:44:25 +0000] "GET /.env.save HTTP/1.1" [REDACTED] 200 2627 89.116.53.170 - - [13/Jun/2026:06:44:25 +0000] "GET /api/.env HTTP/1.1" show less	Port Scan
🇺🇸 Matthew Ping	2026-06-13 04:45:01 (14 hours ago)	ModSecurity rule 949110 triggered on wp1. Web application attack blocked by CSF/LFD.	Web App Attack Hacking
🇲🇽 octageeks.com	2026-06-13 04:18:53 (14 hours ago)	Wordpress malicious attack:[octablocked]	Web App Attack
🇩🇪 4server	2026-06-13 04:16:27 (14 hours ago)	[SatJun1306:16:24.0774272026][security2:error][pid541779:tid541849][client89.116.53.170:0]ModSecurit ... show more [SatJun1306:16:24.0774272026][security2:error][pid541779:tid541849][client89.116.53.170:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"giuseppeasaro.com\"][uri\"/api/.env.save\"][unique_id\"aizZmBjWKYuBibT0FFLRkwAAAIg\"] show less	Port Scan Brute-Force Web App Attack
🇬🇧 consul.to	2026-06-13 03:51:11 (15 hours ago)	Web attack/malicious scanning detected	Web App Attack
🇩🇪 big-cloud.nl	2026-06-13 02:41:49 (16 hours ago)	Try to access /members/.env	Web App Attack
🇲🇾 Rizzy	2026-06-13 00:45:51 (18 hours ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇨🇦 polycoda	2026-06-13 00:45:23 (18 hours ago)	AutoBlock: 🎯 Vulnerability Scanner (Non Decay-Based)	Hacking Web App Attack
🇩🇪 FeG Deutschland	2026-06-12 21:21:53 (21 hours ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 127	Exploited Host Web App Attack
🇫🇷 dwmp	2026-06-12 19:39:05 (23 hours ago)	[12/Jun/2026:21:39:04.103090 +0200] aixgWOTcN-w0SiNePcRrkwAAAAI 89.116.53.170 57472 38.242.227.117 7 ... show more [12/Jun/2026:21:39:04.103090 +0200] aixgWOTcN-w0SiNePcRrkwAAAAI 89.116.53.170 57472 38.242.227.117 7081 [12/Jun/2026:21:39:04.105709 +0200] aixgWOTcN-w0SiNePcRrlAAAABE 89.116.53.170 57474 38.242.227.117 7081 [12/Jun/2026:21:39:04.134030 +0200] aixgVwOUn0PUn9UJMF0VwAAAANY 89.116.53.170 57454 38.242.227.117 7081 ... show less	Brute-Force SSH

Showing 1 to 15 of 40 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 48.214.144.34

🇻🇳 171.231.193.186

🇺🇸 52.177.169.196

🇳🇱 45.153.34.43

🇺🇸 40.77.167.55

🇺🇸 2607:f8b0:4001:c12::125

🇨🇳 183.66.166.30

🇺🇦 159.26.120.37

🇵🇰 119.73.102.239

🇮🇳 103.209.145.149

🇲🇦 81.192.46.29

🇺🇸 66.132.186.203

🇻🇳 27.79.40.244

🇨🇳 27.43.207.27

🇩🇪 193.233.86.212

🇬🇧 193.163.125.230

🇸🇬 148.66.132.204

🇸🇬 114.119.189.237

🇨🇳 101.96.208.174

🇨🇦 85.217.149.3