JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 89.213.226.8

89.213.226.8 was found in our database!

This IP was reported 157 times. Confidence of Abuse is 0%: ?

ISP	GCI Network Solutions Limited
Usage Type	Unknown
ASN	Unknown
Domain Name	nasstar.com
Country	🇬🇷 Greece
City	Athens, Attica

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 89.213.226.8

Whois 89.213.226.8

IP Abuse Reports for 89.213.226.8:

This IP address has been reported a total of 157 times from 82 distinct sources. 89.213.226.8 was first reported on December 18th 2024, and the most recent report was 8 months ago.

Old Reports: The most recent abuse report for this IP address is from 8 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 hbrks	2025-10-11 22:40:58 (8 months ago)	1 attack(s) detected, such as these: {"event":"nginx_block","ip":"89.213.226.8","host":"p4u.xyz","re ... show more 1 attack(s) detected, such as these: {"event":"nginx_block","ip":"89.213.226.8","host":"p4u.xyz","request":"HEAD /backups/www.sql HTTP/2.0","user_agent":"","reason":"404","timestamp":"2025-10-11T22:40:58 00:00","logentry":"p4u.xyz 89.213.226.8 - - [11/Oct/2025:22:40:58 0000] HEAD /backups/www.sql HTTP/2.0 404 0 - - 172.25.79.44:5000 matched:-"} * Report Details : https://p4u.xyz/JTKVPKCDEWJ/1 IP Details *: https://p4u.xyz/JTKVPKCDEWJ/2 show less	Web Spam Hacking Bad Web Bot
🇺🇸 TPI-Abuse	2025-10-11 11:25:29 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 89.213.226.8 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 89.213.226.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 11 07:25:24.071584 2025] [security2:error] [pid 23092:tid 23092] [client 89.213.226.8:29953] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.nationalenq.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.nationalenq.com"] [uri "/backup/www.sql"] [unique_id "aOo-pGEI3pf0y9WCBc4e_gAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 pinguin	2025-10-10 13:33:06 (8 months ago)	Triggered Cloudflare WAF (firewallManaged) from GR. Action taken: LOG Protocol: HTTP/2 (HEAD method) ... show more Triggered Cloudflare WAF (firewallManaged) from GR. Action taken: LOG Protocol: HTTP/2 (HEAD method) Endpoint: /config.json UA: Empty string This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇫🇷 Thaliruth	2025-10-09 23:44:30 (8 months ago)	89.213.226.8 - - [10/Oct/2025:01:44:30 +0200] "HEAD /backup/backup.sql.gz HTTP/1.1" 301 0 "-" "-" .. ... show more 89.213.226.8 - - [10/Oct/2025:01:44:30 +0200] "HEAD /backup/backup.sql.gz HTTP/1.1" 301 0 "-" "-" ... show less	SQL Injection
🇺🇸 Penny Packer	2025-10-06 21:07:12 (8 months ago)	Fail2Ban apache-tripwires	Web App Attack
🇯🇵 Valhalla	2025-10-01 08:44:36 (8 months ago)	/restore/website.gz	Hacking Web App Attack
🇫🇷 dynamix	2025-09-30 21:24:11 (8 months ago)	Multiple WAF Violations	Web App Attack
🇺🇸 TPI-Abuse	2025-09-27 05:35:25 (9 months ago)	(mod_security) mod_security (id:210730) triggered by 89.213.226.8 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 89.213.226.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 27 01:35:19.771941 2025] [security2:error] [pid 27068:tid 27068] [client 89.213.226.8:38779] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|cvgandhes.investments\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cvgandhes.investments"] [uri "/backups/backup.sql"] [unique_id "aNd3l5lSYSulA-5aW-1cPwAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-24 11:45:02 (9 months ago)	(mod_security) mod_security (id:210730) triggered by 89.213.226.8 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 89.213.226.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 24 07:44:57.697099 2025] [security2:error] [pid 30534:tid 30534] [client 89.213.226.8:35905] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mpaexchangeinc.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mpaexchangeinc.com"] [uri "/bak/dump.sql"] [unique_id "aNPZuT69jjvyNg7-MbE8cQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-09-16 03:00:00 (9 months ago)	sql injection	Hacking SQL Injection Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-09-14 20:55:15 (9 months ago)	(mod_security) mod_security (id:210801) triggered by 89.213.226.8 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210801) triggered by 89.213.226.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 14 16:55:12.334046 2025] [security2:error] [pid 15082:tid 15082] [client 89.213.226.8:21453] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "sqlmap" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|fydelitybags.com\|F\|2"] [data "sqlmap/1.9.9.1#dev (https://sqlmap.org)"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "fydelitybags.com"] [uri "/"] [unique_id "aMcrsGhszsv5dpP8QIHb-AAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-14 18:38:06 (9 months ago)	(mod_security) mod_security (id:210801) triggered by 89.213.226.8 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210801) triggered by 89.213.226.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 14 14:37:59.817450 2025] [security2:error] [pid 30640:tid 30640] [client 89.213.226.8:53295] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "sqlmap" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|comments.barkdull.org\|F\|2"] [data "sqlmap/1.9.9.1#dev (https://sqlmap.org)"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "comments.barkdull.org"] [uri "/"] [unique_id "aMcLhy-5fbYZ-LXtHgfwQAAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 el-brujo	2025-09-14 06:26:52 (9 months ago)	14/Sep/2025:08:26:52.397181 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 14/Sep/2025:08:26:52.397181 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 89.213.226.8] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's)&1o' [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "66"] [id "942100"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: s)&1o found within ARGS:C: N;O=D') AND 6917=DBMS_PIPE.RECEIVE_MESSAGE(CHR(78)\|\|CHR(85)\|\|CHR(100)\|\|CHR(73),5) AND ('nKTB'='nKTB"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [hostname "elhacker.info"] [uri "/"] [unique_id "aMZgLASJDjoNTCQzXkQ_xAAAAZ4"] ... show less	Hacking Web App Attack
Anonymous	2025-09-14 02:05:18 (9 months ago)	Blocked: Reason='Possible SQL injection activity (3/60 min)'; Requests=3	SQL Injection
🇪🇸 el-brujo	2025-09-14 00:51:44 (9 months ago)	Cloudflare WAF: Request Path: /index.php Request Query: ?action=login%27%29%20AND%206400%3DDBMS_PIPE ... show more Cloudflare WAF: Request Path: /index.php Request Query: ?action=login%27%29%20AND%206400%3DDBMS_PIPE.RECEIVE_MESSAGE%28CHR%28107%29%7C%7CCHR%2870%29%7C%7CCHR%2868%29%7C%7CCHR%2890%29%2C5%29%20AND%20%28%27CTnd%27%3D%27CTnd Host: forum.elhacker.net userAgent: sqlmap/1.9.9.1#dev (https://sqlmap.org) Action: log Source: firewallManaged ASN Description: CDNEXT Country: GR Method: GET Timestamp: 2025-09-14T00:51:44Z ruleId: 63e03eecddfc4b3fb0cad587d32b798c. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack

Showing 1 to 15 of 157 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.73.161.165

🇲🇽 186.96.151.198

🇺🇸 178.128.154.129

🇭🇰 168.76.131.178

🇵🇪 161.132.54.218

🇺🇸 157.245.1.7

🇩🇪 150.241.113.163

🇨🇦 85.217.149.0

🇺🇸 45.156.129.93

🇺🇸 44.117.161.251

🇨🇳 36.153.164.122

🇧🇪 35.195.157.201

🇧🇪 35.195.40.223

🇺🇸 34.204.93.98

🇰🇷 14.40.114.86

🇺🇸 2001:470:2cc:1::24e

🇺🇸 173.239.211.3

🇺🇸 147.182.180.232

🇺🇸 66.132.195.26

🇨🇳 47.110.136.174