JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 89.19.34.245

89.19.34.245 was found in our database!

This IP was reported 20 times. Confidence of Abuse is 20%: ?

20%

ISP	NEW-YORK-CUSTOMERS
Usage Type	Data Center/Web Hosting/Transit
ASN	AS26548
Domain Name	finegroupservers.com
Country	🇺🇸 United States of America
City	Seattle, Washington

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 89.19.34.245

Whois 89.19.34.245

IP Abuse Reports for 89.19.34.245:

This IP address has been reported a total of 20 times from 12 distinct sources. 89.19.34.245 was first reported on February 17th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-05-24 12:30:12 (1 week ago)	89.19.34.245 - - [24/May/2026:12:30:11 +0000] "GET /modules/.env HTTP/1.1" 403 9768 "-" "Mozilla/5.0 ... show more 89.19.34.245 - - [24/May/2026:12:30:11 +0000] "GET /modules/.env HTTP/1.1" 403 9768 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36" ... show less	Bad Web Bot Web App Attack
Anonymous	2026-05-24 12:14:13 (1 week ago)	[Sun May 24 12:14:11.146097 2026] [authz_core:error] [pid 138916:tid 138916] [client 89.19.34.245:55 ... show more [Sun May 24 12:14:11.146097 2026] [authz_core:error] [pid 138916:tid 138916] [client 89.19.34.245:55457] AH01630: client denied by server configuration: /var/www/shop.gassycat.be/htdocs/js/lZp5Tm1qbi6d.php [Sun May 24 12:14:11.511937 2026] [authz_core:error] [pid 138916:tid 138916] [client 89.19.34.245:55457] AH01630: client denied by server configuration: /var/www/shop.gassycat.be/htdocs/classes/ [Sun May 24 12:14:11.847312 2026] [authz_core:error] [pid 138916:tid 138916] [client 89.19.34.245:55457] AH01630: client denied by server configuration: /var/www/shop.gassycat.be/htdocs/config/ [Sun May 24 12:14:12.499709 2026] [authz_core:error] [pid 138916:tid 138916] [client 89.19.34.245:55457] AH01630: client denied by server configuration: /var/www/shop.gassycat.be/htdocs/controllers/gs92C31aPGJK.php [Sun May 24 12:14:12.877408 2026] [authz_core:error] [pid 138916:tid 138916] [client 89.19.34.245:55457] AH01630: client denied by server configuration: /var/www/shop.gassycat.be/htdocs/loca ... show less	Brute-Force
🇺🇸 TPI-Abuse	2026-05-22 14:00:49 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 89.19.34.245 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 89.19.34.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 22 10:00:38.631998 2026] [security2:error] [pid 17708:tid 17708] [client 89.19.34.245:12873] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "abilityengraving.com"] [uri "/wp-config.php.dist"] [unique_id "ahBhhk__-124IqAWNpY9dQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-20 21:17:54 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 89.19.34.245 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 89.19.34.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 20 17:17:50.939663 2026] [security2:error] [pid 15686:tid 15686] [client 89.19.34.245:22707] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "altoshp.com"] [uri "/.wp-config.php.swp"] [unique_id "ag4k_oB9SdlVEsqSS59FpAAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-20 16:35:50 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 89.19.34.245 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 89.19.34.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 20 12:35:43.083272 2026] [security2:error] [pid 13985:tid 13991] [client 89.19.34.245:61115] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "staging.kettlehill.com"] [uri "/wp-config.php.save"] [unique_id "ag3i3zHcs3iy05nsBHsjOgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-20 12:40:10 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 89.19.34.245 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 89.19.34.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 20 08:40:02.285992 2026] [security2:error] [pid 4797:tid 4797] [client 89.19.34.245:62751] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.txt" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.vintageamptubes.ink2wear.com"] [uri "/wp-config.txt"] [unique_id "ag2ropeKHbNgL5D_A2kQwgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Aetherweb Ark	2026-04-16 16:37:12 (1 month ago)	(mod_security) mod_security (id:949110) triggered by 89.19.34.245 (US/United States/-): N in the las ... show more (mod_security) mod_security (id:949110) triggered by 89.19.34.245 (US/United States/-): N in the last X secs show less	Web App Attack
🇳🇱 juutis	2026-04-16 05:03:21 (1 month ago)	Multiple WAF abuses - IP blocked	Hacking Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-02-19 03:56:08 (3 months ago)	(mod_security) mod_security (id:225170) triggered by 89.19.34.245 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 89.19.34.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 22:55:53.805059 2026] [security2:error] [pid 11242:tid 11242] [client 89.19.34.245:36167] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.csm-dtc.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.csm-dtc.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aZaJyZWcJ1STgM1u4n9e8QAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-01-31 12:34:28 (4 months ago)	Attempted brute force login to web vpn 1 time(s); last attempt for 2026.01.31 is noted in report tim ... show more Attempted brute force login to web vpn 1 time(s); last attempt for 2026.01.31 is noted in report timestamp show less	Hacking Brute-Force
Anonymous	2025-12-27 01:13:43 (5 months ago)	Attempted brute force login to web vpn 2 time(s); last attempt for 2025.12.27 is noted in report tim ... show more Attempted brute force login to web vpn 2 time(s); last attempt for 2025.12.27 is noted in report timestamp show less	Hacking Brute-Force
🇺🇸 inspectorgdgt	2025-12-18 01:06:06 (5 months ago)	Failed login invalid user bruteforce attempt	Brute-Force SSH
Anonymous	2025-12-11 23:10:10 (5 months ago)	Attempted brute force login to web vpn 1 time(s); last attempt for 2025.12.11 is noted in report tim ... show more Attempted brute force login to web vpn 1 time(s); last attempt for 2025.12.11 is noted in report timestamp show less	Hacking Brute-Force
🇩🇪 hbrks	2025-10-22 17:32:03 (7 months ago)	1 attack(s) detected, such as these: {"event":"nginx_block","ip":"89.19.34.245","host":"marche-be.co ... show more 1 attack(s) detected, such as these: {"event":"nginx_block","ip":"89.19.34.245","host":"marche-be.com","request":"GET /administrator/ HTTP/1.1","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36","reason":"service:unknow","timestamp":"2025-10-22T17:32:03 00:00","logentry":"marche-be.com 89.19.34.245 - - [22/Oct/2025:17:32:03 0000] GET /administrator/ HTTP/1.1 444 0 http://marche-be.com/administrator/ Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 - matched:service:unknow"} * Report Details : https://p4u.xyz/U7XW85F5YYP/1 IP Details *: https://p4u.xyz/U7XW85F5YYP/2 show less	Web Spam Hacking Bad Web Bot
🇺🇸 TPI-Abuse	2025-10-20 07:00:07 (7 months ago)	(mod_security) mod_security (id:210350) triggered by 89.19.34.245 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210350) triggered by 89.19.34.245 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 20 02:59:57.429131 2025] [security2:error] [pid 548:tid 548] [client 89.19.34.245:35165] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|insua.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "insua.com"] [uri "/"] [unique_id "aPXd7Yu4mnj6COE42I0_mgAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 20 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2607:f8b0:400e:c0c::124

🇫🇷 2001:41d0:303:a4e6::1

🇬🇧 193.163.125.95

🇮🇹 158.47.223.42

🇳🇱 88.151.32.61

🇳🇱 45.148.10.67

🇲🇲 37.111.53.110

🇺🇸 18.144.23.124

🇧🇷 205.210.31.168

🇲🇽 189.173.42.116

🇳🇱 185.223.235.33

🇳🇱 176.65.139.66

🇳🇬 152.32.143.6

🇵🇰 103.74.21.111

🇳🇱 93.123.109.127

🇮🇹 93.44.112.179

🇺🇸 91.230.168.94

🇬🇧 89.37.172.141

🇺🇬 196.0.34.106

🇺🇸 190.92.141.186