JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 89.117.157.159

89.117.157.159 was found in our database!

This IP was reported 43 times. Confidence of Abuse is 100%: ?

100%

ISP	IPXO
Usage Type	Data Center/Web Hosting/Transit
ASN	AS47583
Domain Name	telecentras.lt
Country	🇮🇳 India
City	Mumbai, Maharashtra

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 89.117.157.159

Whois 89.117.157.159

IP Abuse Reports for 89.117.157.159:

This IP address has been reported a total of 43 times from 31 distinct sources. 89.117.157.159 was first reported on June 6th 2026, and the most recent report was 6 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 todix	2026-06-08 10:21:43 (6 days ago)	WebAttack or semilar from 89.117.157.159	Web App Attack
🇲🇾 Rizzy	2026-06-08 03:17:43 (6 days ago)	Multiple WAF Violations	Brute-Force Web App Attack
Anonymous	2026-06-08 02:33:05 (6 days ago)	(caddyscan) Scanner path probe from 89.117.157.159 (IN/India/-): 5 in the last 3600 secs; Ports: ; ... show more (caddyscan) Scanner path probe from 89.117.157.159 (IN/India/-): 5 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 89.117.157.159 - - [08/Jun/2026:02:33:03 +0000] "GET /app/.env HTTP/1.1" [REDACTED] 200 2627 89.117.157.159 - - [08/Jun/2026:02:33:03 +0000] "GET /laravel/.env HTTP/1.1" [REDACTED] 200 2627 89.117.157.159 - - [08/Jun/2026:02:33:04 +0000] "GET /dev/.env HTTP/1.1" [REDACTED] 200 2627 89.117.157.159 - - [08/Jun/2026:02:33:04 +0000] "GET /member/.env HTTP/1.1" [REDACTED] 200 2627 89.117.157.159 - - [08/Jun/2026:02:33:04 +0000] "GET /admin/.env HTTP/1.1" show less	Port Scan
🇳🇱 homeshowdomain.nl	2026-06-07 22:07:25 (6 days ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-06. show less	Web App Attack SSH Hacking
Anonymous	2026-06-07 20:20:02 (6 days ago)	suspicious request in access.log	Web App Attack
🇷🇺 DZBOT	2026-06-07 18:21:30 (6 days ago)	DZBOT: Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
🇩🇪 LRob.fr	2026-06-07 17:30:15 (6 days ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
🇨🇭 4server	2026-06-07 16:40:29 (1 week ago)	[SunJun0718:40:22.8191142026][security2:error][pid4049301:tid4049516][client89.117.157.159:0]ModSecu ... show more [SunJun0718:40:22.8191142026][security2:error][pid4049301:tid4049516][client89.117.157.159:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"364\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"annunci-ticino.ch\"][uri\"/admin/.env\"][unique_id\"aiWe9jflqlnkay9QxbVaugAAAII\"] show less	Hacking Web App Attack
🇩🇪 FeG Deutschland	2026-06-07 14:59:24 (1 week ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 12	Exploited Host Web App Attack
🇦🇺 paulshipley.com.au	2026-06-07 10:05:21 (1 week ago)	[Sun Jun 07 20:05:20.014772 2026] [security2:error] [pid 895602] [client 89.117.157.159:57438] [clie ... show more [Sun Jun 07 20:05:20.014772 2026] [security2:error] [pid 895602] [client 89.117.157.159:57438] [client 89.117.157.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "levellapromotions.com.au"] [uri "/app/.env"] [unique_id "aiVCYMBSXCfIK3Psmqu_uQAAAAw"], referer: https://realestatepromo.com.au/app/.env ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 09:42:12 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 89.117.157.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 89.117.157.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 05:42:04.458341 2026] [security2:error] [pid 5492:tid 5492] [client 89.117.157.159:39718] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "onlinesuretybonds.com"] [uri "/core/.env"] [unique_id "aiU87Fs8mZ_WjDjin99w7QAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 NewGastroline	2026-06-07 08:19:40 (1 week ago)	Malicious request blocked by CrowdSec on gastro-prod1.boreus.de	Bad Web Bot Web App Attack
🇺🇸 kosada.com	2026-06-07 07:26:46 (1 week ago)	Web vulnerability probing: /.env	Web App Attack
🇩🇪 sdos.es	2026-06-07 06:00:37 (1 week ago)	"Restricted File Access Attempt - Matched Data: /.env found within REQUEST_FILENAME: /.env"	Web App Attack
Anonymous	2026-06-07 05:49:26 (1 week ago)	[osotir.org] httpd-suspicious-path: sites=global,osotir.gr,osotir.org; logs=/var/log/httpd/access_lo ... show more [osotir.org] httpd-suspicious-path: sites=global,osotir.gr,osotir.org; logs=/var/log/httpd/access_log,/var/log/httpd/domains/osotir.gr.log,/var/log/httpd/domains/osotir.org.log; samples=/dev/.env \| /core/.env \| /laravel/.env show less	Hacking Web App Attack

Showing 1 to 15 of 43 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 123.58.200.147

🇺🇸 45.148.233.208

🇳🇱 45.148.10.147

🇵🇰 43.246.221.174

🇺🇸 20.163.33.23

🇬🇧 2a06:4880:c000::e4

🇪🇹 196.189.155.89

🇵🇾 190.128.201.18

🇨🇳 125.77.73.145

🇻🇳 116.99.174.27

🇸🇬 101.47.156.21

🇺🇸 64.62.156.135

🇨🇳 61.145.190.218

🇸🇬 47.82.14.58

🇰🇷 222.112.192.170

🇺🇸 150.136.214.177

🇺🇸 137.184.202.173

🇨🇱 131.196.178.244

127.0.0.1

🇷🇺 95.84.137.48