JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 89.116.210.104

89.116.210.104 was found in our database!

This IP was reported 29 times. Confidence of Abuse is 91%: ?

91%

ISP	Ethernet Servers
Usage Type	Data Center/Web Hosting/Transit
ASN	AS46475
Domain Name	ethernetservers.com
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 89.116.210.104

Whois 89.116.210.104

IP Abuse Reports for 89.116.210.104:

This IP address has been reported a total of 29 times from 17 distinct sources. 89.116.210.104 was first reported on June 10th 2026, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 Site.eu	2026-06-11 01:52:13 (3 days ago)	Excessive multi-domain requests	Brute-Force
🇮🇹 www.tana.it	2026-06-10 22:04:55 (3 days ago)	PHP scan	Web App Attack
🇳🇱 homeshowdomain.nl	2026-06-10 22:02:07 (3 days ago)	Auto-ban: >3000 req/min op 2026-06-10	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-06-10 21:24:07 (3 days ago)	(mod_security) mod_security (id:210730) triggered by 89.116.210.104 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 89.116.210.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 17:24:02.643741 2026] [security2:error] [pid 4299:tid 4299] [client 89.116.210.104:33276] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|curriergallery.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "curriergallery.com"] [uri "/storage/logs/laravel.log"] [unique_id "ainV8pNnfeLhSMt8QhgeDgAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 wlt-blocker	2026-06-10 21:02:52 (3 days ago)	Unauthorized access to webpage admin	Web App Attack
🇮🇹 Inartis	2026-06-10 19:47:20 (4 days ago)	89.116.210.104 - - [10/Jun/2026:21:47:12 +0200] "GET /.git/config HTTP/1.1" 500 4050 "-" "Mozilla/5. ... show more 89.116.210.104 - - [10/Jun/2026:21:47:12 +0200] "GET /.git/config HTTP/1.1" 500 4050 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; OAI-SearchBot/1.0; +https://openai.com/searchbot" 89.116.210.104 - - [10/Jun/2026:21:47:18 +0200] "GET /.env.production HTTP/1.1" 403 4075 "-" "Mozilla/5.0 (compatible; Bytespider; [email protected])" 89.116.210.104 - - [10/Jun/2026:21:47:18 +0200] "GET /.env.example HTTP/1.1" 403 4075 "-" "Mozilla/5.0 (compatible; Bytespider; [email protected])" ... show less	Brute-Force Bad Web Bot Web App Attack
🇺🇦 URAN Publishing Service	2026-06-10 19:04:45 (4 days ago)	89.116.210.104 - - [10/Jun/2026:22:04:38 +0300] "GET /.env HTTP/1.1" 404 628 "-" "Mozilla/5.0 (compa ... show more 89.116.210.104 - - [10/Jun/2026:22:04:38 +0300] "GET /.env HTTP/1.1" 404 628 "-" "Mozilla/5.0 (compatible; Applebot/0.1; +http://www.apple.com/go/applebot)" 89.116.210.104 - - [10/Jun/2026:22:04:45 +0300] "GET /api/.env HTTP/1.1" 404 689 "-" "Mozilla/5.0 (compatible; Bytespider; [email protected])" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 19:03:39 (4 days ago)	(mod_security) mod_security (id:210730) triggered by 89.116.210.104 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 89.116.210.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 15:03:35.750407 2026] [security2:error] [pid 15883:tid 15979] [client 89.116.210.104:33208] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|culturallyyours.org\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "culturallyyours.org"] [uri "/storage/logs/laravel.log"] [unique_id "aim1By9dJZqcSq5RzzGLtgAAAhc"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 Origon	2026-06-10 17:57:55 (4 days ago)	http-bad-user-agent - IP: 89.116.210.104 - time="2026-06-10T19:57:54+02:00" level=info msg="(555f66 ... show more http-bad-user-agent - IP: 89.116.210.104 - time="2026-06-10T19:57:54+02:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-bad-user-agent by ip 89.116.210.104 (US/46475) : 4h ban on Ip 89.116.210.104" module=db show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-10 17:48:14 (4 days ago)	(mod_security) mod_security (id:210730) triggered by 89.116.210.104 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 89.116.210.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 13:48:08.629899 2026] [security2:error] [pid 13184:tid 13184] [client 89.116.210.104:51500] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|cuddliesforkids.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cuddliesforkids.com"] [uri "/storage/logs/laravel.log"] [unique_id "aimjWAgLdzi1IW5VMogOpAAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 17:25:57 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 89.116.210.104 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 89.116.210.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 13:25:50.631796 2026] [security2:error] [pid 25379:tid 25379] [client 89.116.210.104:36052] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cubicearth.com"] [uri "/.git/config"] [unique_id "aimeHtEo35ELUH1c4OHbtgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-10 17:05:40 (4 days ago)	Abuse Detected (1)	Brute-Force Web App Attack
🇮🇹 ciccio diddo	2026-06-10 16:32:49 (4 days ago)	URL Scanner multiple 30X port:Tcp/80,443	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 16:14:23 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 89.116.210.104 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 89.116.210.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 12:14:17.028403 2026] [security2:error] [pid 2549:tid 2549] [client 89.116.210.104:44602] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ctjcisenate.org"] [uri "/.git/config"] [unique_id "aimNWcpkCtZJFGN343_pBAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 15:10:22 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 89.116.210.104 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 89.116.210.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 11:10:16.815921 2026] [security2:error] [pid 29524:tid 29524] [client 89.116.210.104:55742] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cspminc.com"] [uri "/.git/config"] [unique_id "ail-WK_9_JnlXmQEelHZ8AAAACA"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 29 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 179.126.187.0

🇳🇱 45.148.10.147

🇩🇪 45.135.194.10

🇺🇸 198.74.56.66

🇳🇱 195.178.110.26

🇩🇪 194.88.98.84

🇬🇧 193.32.209.235

🇧🇷 191.10.106.176

🇮🇳 122.187.227.167

🇫🇷 92.103.134.183

🇫🇷 85.217.140.26

🇺🇸 82.25.180.12

🇱🇹 81.30.98.144

🇺🇸 209.141.18.69

🇩🇪 69.5.169.58

🇩🇪 69.5.169.51

🇩🇪 69.5.169.9

🇺🇸 52.159.247.228

🇮🇳 49.43.42.160

🇩🇪 43.157.95.239