JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 89.124.77.48

89.124.77.48 was found in our database!

This IP was reported 189 times. Confidence of Abuse is 100%: ?

100%

ISP	SERVERS TECH FZCO
Usage Type	Data Center/Web Hosting/Transit
ASN	AS216071
Domain Name	vdsina.com
Country	🇳🇱 Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 89.124.77.48

Whois 89.124.77.48

IP Abuse Reports for 89.124.77.48:

This IP address has been reported a total of 189 times from 130 distinct sources. 89.124.77.48 was first reported on May 19th 2026, and the most recent report was 13 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇿 ptlab	2026-05-19 14:30:02 (2 weeks ago)	Detected lfi_path_traversal attack from WP-host.	Hacking Web App Attack
🇫🇮 kumiko	2026-05-19 14:24:33 (2 weeks ago)	[2026-05-19 17:24:33] Probing for dotfiles "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/. ... show more [2026-05-19 17:24:33] Probing for dotfiles "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" 403 show less	Bad Web Bot Web App Attack
🇹🇭 MWA SOC	2026-05-19 14:23:16 (2 weeks ago)		Hacking
🇺🇸 MPL	2026-05-19 14:17:59 (2 weeks ago)	tcp/443 (2 or more attempts)	Port Scan
🇺🇸 kosada.com	2026-05-19 14:15:16 (2 weeks ago)	Web vulnerability probing: /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php (bogus vhost/SNI)	Web App Attack
🇺🇸 TPI-Abuse	2026-05-19 14:11:46 (2 weeks ago)	(mod_security) mod_security (id:218420) triggered by 89.124.77.48 (v637587.hosted-by-vdsina.com): 1 ... show more (mod_security) mod_security (id:218420) triggered by 89.124.77.48 (v637587.hosted-by-vdsina.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 19 10:11:38.035270 2026] [security2:error] [pid 14069:tid 14176] [client 89.124.77.48:59610] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|192.64.150.14:80\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.14"] [uri "/hello.world"] [unique_id "agxvmg0R1BsnHMU3-2Y-PAAAAkE"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 SOC [GOLINE SA]	2026-05-19 14:07:26 (2 weeks ago)	FortiGate detected IPS attack from IPv4 address 89.124.77.48	Hacking
🇫🇷 omartin	2026-05-19 14:02:17 (2 weeks ago)	Exploit Attempt (Path Traversal/SQLi/XSS)	Hacking Brute-Force Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-05-19 13:39:28 (2 weeks ago)	(mod_security) mod_security (id:218420) triggered by 89.124.77.48 (v637587.hosted-by-vdsina.com): 1 ... show more (mod_security) mod_security (id:218420) triggered by 89.124.77.48 (v637587.hosted-by-vdsina.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 19 09:39:22.043280 2026] [security2:error] [pid 30614:tid 30614] [client 89.124.77.48:34756] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|192.64.150.49:80\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.49"] [uri "/hello.world"] [unique_id "agxoCpi_HcTJzCnMnSga5wAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇱 router.al	2026-05-19 13:36:55 (2 weeks ago)	05/19/2026-13:36:55.112641 89.124.77.48 Protocol: 6 ET WEB_SERVER /bin/sh In URI Possible Shell Comm ... show more 05/19/2026-13:36:55.112641 89.124.77.48 Protocol: 6 ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt show less	Hacking
🇦🇺 afleventoffice.com.au	2026-05-19 13:09:27 (2 weeks ago)	POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1	Web App Attack
🇺🇸 TPI-Abuse	2026-05-19 13:07:15 (2 weeks ago)	(mod_security) mod_security (id:218420) triggered by 89.124.77.48 (v637587.hosted-by-vdsina.com): 1 ... show more (mod_security) mod_security (id:218420) triggered by 89.124.77.48 (v637587.hosted-by-vdsina.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 19 09:07:09.847896 2026] [security2:error] [pid 9403:tid 9426] [client 89.124.77.48:53536] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|192.64.150.84:80\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.84"] [uri "/hello.world"] [unique_id "agxgfZoM5rEsf7O1tb1UtAAAARQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 nfsec.pl	2026-05-19 13:06:29 (2 weeks ago)	Detected: TCP scan on port: 23 with flags: SYN	Port Scan
🇬🇧 knock	2026-05-19 12:46:55 (2 weeks ago)	Knock-Knock honeypot brute-force: Telnet (1 total hits)	Brute-Force
🇺🇸 TPI-Abuse	2026-05-19 12:35:07 (2 weeks ago)	(mod_security) mod_security (id:218420) triggered by 89.124.77.48 (v637587.hosted-by-vdsina.com): 1 ... show more (mod_security) mod_security (id:218420) triggered by 89.124.77.48 (v637587.hosted-by-vdsina.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 19 08:35:04.384996 2026] [security2:error] [pid 27438:tid 27438] [client 89.124.77.48:54038] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|192.64.150.119:80\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.119"] [uri "/hello.world"] [unique_id "agxY-NQsJH8Uik71sD4EtAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 151 to 165 of 189 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 216.10.245.205

🇺🇸 185.77.220.57

🇧🇩 103.138.171.40

🇺🇸 62.132.18.142

🇬🇧 35.203.211.74

🇧🇷 201.69.32.200

🇸🇪 193.13.167.151

🇮🇩 180.244.231.101

🇫🇷 149.50.220.135

🇮🇳 113.193.234.210

🇳🇱 80.82.77.139

🇮🇳 66.116.199.98

🇬🇧 8.228.55.217

🇳🇱 5.83.143.112

🇫🇷 185.177.72.81

🇨🇱 181.42.38.158

🇵🇾 170.254.219.18

🇮🇳 152.52.232.174

🇺🇸 150.136.129.10

🇻🇳 123.25.97.130