JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 89.251.0.148

89.251.0.148 was found in our database!

This IP was reported 191 times. Confidence of Abuse is 51%: ?

51%

ISP	VPN Consumer Toronto, Canada
Usage Type	Data Center/Web Hosting/Transit
ASN	AS41564
Domain Name	vpnconsumer.com
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 89.251.0.148

Whois 89.251.0.148

IP Abuse Reports for 89.251.0.148:

This IP address has been reported a total of 191 times from 73 distinct sources. 89.251.0.148 was first reported on March 22nd 2025, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇭 Origon	2026-06-22 07:49:30 (1 hour ago)	http-backdoors-attempts - IP: 89.251.0.148 - time="2026-06-22T09:49:30+02:00" level=info msg="(555f ... show more http-backdoors-attempts - IP: 89.251.0.148 - time="2026-06-22T09:49:30+02:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-backdoors-attempts by ip 89.251.0.148 (CA/41564) : 4h ban on Ip 89.251.0.148" module=db show less	Web App Attack
🇮🇹 [email protected]	2026-06-07 13:57:44 (2 weeks ago)	[Sun Jun 07 15:57:43.744626 2026] [proxy_fcgi:error] [pid 1066084:tid 1066086] [remote 89.251.0.148: ... show more [Sun Jun 07 15:57:43.744626 2026] [proxy_fcgi:error] [pid 1066084:tid 1066086] [remote 89.251.0.148:23723] AH01071: Got error "Primary script unknown", referer: http://blog.diegoweb.it/xleet.php show less	Web App Attack
🇫🇷 Hippoline	2026-06-04 11:39:38 (2 weeks ago)	[Thu Jun 04 13:39:05.190274 2026] [authz_core:error] [pid 2087] [client 89.251.0.148:50075] AH01630: ... show more [Thu Jun 04 13:39:05.190274 2026] [authz_core:error] [pid 2087] [client 89.251.0.148:50075] AH01630: client denied by server configuration: /var/www/championat.lu/web/5PJcpMFsD8B.php, referer: http://championat.lu/5PJcpMFsD8B.php [Thu Jun 04 13:39:07.235197 2026] [authz_core:error] [pid 2087] [client 89.251.0.148:50075] AH01630: client denied by server configuration: /var/www/championat.lu/web/filemanager.php, referer: http://championat.lu/filemanager.php [Thu Jun 04 13:39:29.667148 2026] [authz_core:error] [pid 2087] [client 89.251.0.148:50075] AH01630: client denied by server configuration: /var/www/championat.lu/web/classwithtostring.php, referer: http://championat.lu/classwithtostring.php [Thu Jun 04 13:39:31.065412 2026] [authz_core:error] [pid 2087] [client 89.251.0.148:50075] AH01630: client denied by server configuration: /var/www/championat.lu/web/autoload_classmap.php, referer: http://championat.lu/autoload_classmap.php [Thu Jun 04 13:39:37.772010 2026] [authz_core:error] [pi ... show less	Brute-Force Web App Attack
🇨🇭 backslash	2026-06-04 09:42:02 (2 weeks ago)	block ruleset WAF detection and high score on abuseIPDB 149EB1B42C242111FADBBC2EF8F90219570691E1	Bad Web Bot
🇳🇱 Savvii	2026-05-24 20:26:36 (4 weeks ago)	20 attempts against mh-misbehave-ban on redirect	Brute-Force Bad Web Bot Web App Attack
🇺🇸 nyt	2026-05-20 12:28:00 (1 month ago)	Hacking, Web App Attack, suspicious: Web Shell Upload	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-05-20 09:04:12 (1 month ago)	(mod_security) mod_security (id:234930) triggered by 89.251.0.148 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:234930) triggered by 89.251.0.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 20 05:04:08.640600 2026] [security2:error] [pid 23135:tid 23135] [client 89.251.0.148:64191] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)\|\|microscopedia.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "microscopedia.com"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "ag15CME2x091a0FRt7aFigAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Sklurk	2026-05-20 07:59:04 (1 month ago)	Web App Attack	Web App Attack
🇺🇦 URAN Publishing Service	2026-05-19 22:45:13 (1 month ago)	89.251.0.148 - - [20/May/2026:01:45:12 +0300] "GET /wp-includes/customize/wp-conflg.php?p= HTTP/1.1" ... show more 89.251.0.148 - - [20/May/2026:01:45:12 +0300] "GET /wp-includes/customize/wp-conflg.php?p= HTTP/1.1" 404 715 "-" "Go-http-client/1.1" 89.251.0.148 - - [20/May/2026:01:45:12 +0300] "GET /wp-admin/maint/wp-conflg.php HTTP/1.1" 404 715 "-" "Go-http-client/1.1" ... show less	Web App Attack
🇳🇱 Site.eu	2026-05-17 09:17:23 (1 month ago)	Excessive multi-domain requests	Brute-Force
🇳🇱 Site.eu	2026-05-14 02:06:01 (1 month ago)	Excessive multi-domain requests	Brute-Force
🇳🇱 Site.eu	2026-05-10 19:11:23 (1 month ago)	Excessive multi-domain requests	Brute-Force
🇬🇧 openstrike.co.uk	2026-05-10 05:12:56 (1 month ago)	95 attacks on PHP URLs: GET /wp-content/plugins/core/core.php HTTP/1.1	Web App Attack
🇫🇷 masterguru	2026-05-09 22:07:10 (1 month ago)	Too much 404 requests in 1 minute. Operator GE matched 10 at IP:block_script. (46020-195)	Hacking
🇫🇮 [email protected]	2026-05-09 21:07:52 (1 month ago)	Attack attempt against Interwebbi servers; (WPNINJA) Ninja Firewall attack on lbvuokraus.fi (WP vuln ... show more Attack attempt against Interwebbi servers; (WPNINJA) Ninja Firewall attack on lbvuokraus.fi (WP vulnerability) 89.251.0.148 (CA/Canada/-): 1 in the last 3600 secs (CF_ENABLE); IP: 89.251.0.148; Ports: *; Direction: 0; Trigger: LF_CUSTOMTRIGGER; show less	Web App Attack

Showing 1 to 15 of 191 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 2404:7c80:5f:1760:4165:63c5:254d:1708

🇳🇱 194.156.79.202

🇺🇸 159.223.175.47

🇺🇸 150.107.38.209

🇰🇷 115.95.23.226

🇮🇷 109.125.184.65

🇺🇸 107.150.109.196

🇨🇦 85.217.149.50

🇰🇷 59.24.133.197

🇺🇸 20.65.194.122

🇻🇳 14.225.33.204

🇺🇸 2a00:1450:4864:20::52b

🇺🇸 216.73.217.1

🇧🇪 207.211.214.162

🇬🇪 176.221.148.75

🇵🇭 124.107.185.138

🇦🇲 87.241.157.21

🇺🇸 66.132.172.144

🇮🇳 49.207.40.162

🇸🇬 47.128.110.229