JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 89.208.106.138

89.208.106.138 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 21%: ?

21%

ISP	AEZA GROUP Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS210644
Domain Name	aeza.ru
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 89.208.106.138

Whois 89.208.106.138

IP Abuse Reports for 89.208.106.138:

This IP address has been reported a total of 17 times from 11 distinct sources. 89.208.106.138 was first reported on March 28th 2026, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇺 oncord	2026-05-01 07:18:59 (1 month ago)	Form spam	Web Spam
🇦🇺 screwlooseit.com.au	2026-04-30 01:23:57 (1 month ago)	Blocked by CSF 13 firewall - Rule: RU/Russia/vpntg.ptr.network	Web App Attack
🇫🇷 jank	2026-04-29 18:20:08 (1 month ago)	pop3 login attempt	Brute-Force
🇹🇭 anurak.org	2026-04-29 04:50:00 (1 month ago)	HTTP DDOS attack of 1.02k requests	DDoS Attack
Anonymous	2026-04-28 05:00:12 (1 month ago)	BruteForce IMAP/POP3/SMTP	Brute-Force
🇺🇸 oncord	2026-04-26 14:53:53 (1 month ago)	Form spam	Web Spam
🇺🇸 oncord	2026-04-24 23:50:44 (1 month ago)	Form spam	Web Spam
🇸🇬 pusathosting.com	2026-04-24 09:36:03 (1 month ago)	24ds22 bruteforce	Brute-Force Web App Attack
🇫🇷 masterguru	2026-04-23 03:00:48 (1 month ago)	wp-comments-post.php request blocked, no referer. Pattern match "wp-comments-post.php" at REQUEST_UR ... show more wp-comments-post.php request blocked, no referer. Pattern match "wp-comments-post.php" at REQUEST_URI. (88520-201) show less	Hacking
🇫🇷 masterguru	2026-04-21 08:01:41 (1 month ago)	wp-comments-post.php request blocked, no referer. Pattern match "wp-comments-post.php" at REQUEST_UR ... show more wp-comments-post.php request blocked, no referer. Pattern match "wp-comments-post.php" at REQUEST_URI. (88520-196) show less	Hacking
🇮🇹 VHosting	2026-04-10 05:17:25 (2 months ago)	Detected attack and reported by a human	Brute-Force Web App Attack SSH DDoS Attack Exploited Host Bad Web Bot
🇺🇸 TPI-Abuse	2026-04-10 05:16:02 (2 months ago)	(mod_security) mod_security (id:240950) triggered by 89.208.106.138 (vpntg.ptr.network): 1 in the la ... show more (mod_security) mod_security (id:240950) triggered by 89.208.106.138 (vpntg.ptr.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 10 01:15:55.195328 2026] [security2:error] [pid 2749899:tid 2749899] [client 89.208.106.138:48342] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)\|\|portalvasco.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "portalvasco.com"] [uri "/spotify:user:antiradares:playlist:16K9RPRO9I2ExMU6lJw69I"] [unique_id "adiHi5KB8yS1xDJLGooHUQAAAAA"], referer: https://portalvasco.com/contacto.html show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 NoaQT	2026-04-05 22:02:18 (2 months ago)	89.208.106.138 - - [05/Apr/2026:16:31:11 +0200] "GET /web/login HTTP/1.1" 303 231 "https://www.yahoo ... show more 89.208.106.138 - - [05/Apr/2026:16:31:11 +0200] "GET /web/login HTTP/1.1" 303 231 "https://www.yahoo.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 89.208.106.138 - - [05/Apr/2026:16:31:47 +0200] "GET /web/login HTTP/1.1" 303 231 "https://www.bing.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 89.208.106.138 - - [05/Apr/2026:16:33:01 +0200] "GET /web/login HTTP/1.1" 303 231 "https://www.linkedin.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 89.208.106.138 - - [05/Apr/2026:16:33:04 +0200] "GET /web/login HTTP/1.1" 303 231 "https://www.youtube.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 89.208.106.138 - - [05/Apr/2026:16:31:47 +0200] "GET /web/login HTTP/1.1" 303 231 "https://www.bing.com/" ... show less	DDoS Attack
🇩🇪 NoaQT	2026-04-05 17:04:17 (2 months ago)	89.208.106.138 - - [05/Apr/2026:19:03:05 +0200] "GET /web/login HTTP/1.1" 303 231 "https://www.reddi ... show more 89.208.106.138 - - [05/Apr/2026:19:03:05 +0200] "GET /web/login HTTP/1.1" 303 231 "https://www.reddit.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 89.208.106.138 - - [05/Apr/2026:19:03:59 +0200] "GET /web/login HTTP/1.1" 303 231 "https://www.site18.com/services" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 89.208.106.138 - - [05/Apr/2026:19:03:59 +0200] "GET /web/login HTTP/1.1" 303 231 "https://www.site18.com/services" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 89.208.106.138 - - [05/Apr/2026:19:04:13 +0200] "GET /web/login HTTP/1.1" 303 231 "https://www.facebook.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 89.208.106.138 - - [05/Apr/2026:19:04:13 +0200] "GET /web/login HTTP/1.1" 303 231 ... show less	DDoS Attack
🇩🇪 NoaQT	2026-04-05 15:57:09 (2 months ago)	89.208.106.138 - - [05/Apr/2026:17:56:56 +0200] "GET /web/login HTTP/1.1" 303 231 "https://www.faceb ... show more 89.208.106.138 - - [05/Apr/2026:17:56:56 +0200] "GET /web/login HTTP/1.1" 303 231 "https://www.facebook.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 89.208.106.138 - - [05/Apr/2026:17:56:56 +0200] "GET /web/login HTTP/1.1" 303 231 "https://qGGLL.info/news" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 89.208.106.138 - - [05/Apr/2026:17:56:58 +0200] "GET /web/login HTTP/1.1" 303 231 "https://app.mvUNOTQv.co/products" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 89.208.106.138 - - [05/Apr/2026:17:57:08 +0200] "GET /web/login HTTP/1.1" 303 231 "https://www.facebook.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 89.208.106.138 - - [05/Apr/2026:17:57:09 +0200] "GET /web/login HTTP/1.1" 303 231 "https://tech54.co/" ... show less	DDoS Attack

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 212.132.100.147

🇮🇳 205.254.166.144

🇿🇦 196.216.134.34

🇺🇸 172.110.223.97

🇨🇳 171.114.229.97

🇮🇳 157.51.205.182

🇮🇳 103.178.105.180

🇵🇰 103.104.87.244

🇸🇬 43.156.60.15

🇬🇧 35.203.210.194

🇻🇳 1.54.150.239

🇳🇱 185.183.32.162

🇫🇮 170.168.174.201

🇯🇵 156.59.29.230

🇫🇷 146.70.40.70

🇧🇷 129.159.56.14

🇭🇰 123.58.212.28

🇨🇳 111.62.232.61

🇮🇩 103.139.11.88

🇩🇪 89.19.209.155