JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 89.249.193.254

89.249.193.254 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 0%: ?

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396190
Domain Name	netutils.io
Country	🇺🇸 United States of America
City	Seattle, Washington

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 89.249.193.254

Whois 89.249.193.254

IP Abuse Reports for 89.249.193.254:

This IP address has been reported a total of 10 times from 3 distinct sources. 89.249.193.254 was first reported on May 28th 2025, and the most recent report was 5 months ago.

Old Reports: The most recent abuse report for this IP address is from 5 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-01-16 07:30:16 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 89.249.193.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 89.249.193.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 02:30:10.955628 2026] [security2:error] [pid 20367:tid 20367] [client 89.249.193.254:33445] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.nbcnewsradio.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.nbcnewsradio.com"] [uri "/footer.php.bak"] [unique_id "aWnpAknkd1-fsuBA-q0XHAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 raspi4	2025-12-31 19:23:33 (5 months ago)	Fail2Ban Ban Triggered	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-12-01 05:58:21 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 89.249.193.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 89.249.193.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 00:58:17.338052 2025] [security2:error] [pid 25970:tid 26019] [client 89.249.193.254:58033] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.staging.kettlehill.com"] [uri "/htaccess_for_page_not_found_redirects.htaccess"] [unique_id "aS0ueZmi-m8ypGFmmHe-gQAAAUY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-17 12:13:09 (7 months ago)	\| Suspicious URL access.	Hacking SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2025-10-29 06:28:07 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 89.249.193.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 89.249.193.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 29 02:28:02.802600 2025] [security2:error] [pid 27378:tid 27378] [client 89.249.193.254:60419] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.nbcnewsradio.com\|F\|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.nbcnewsradio.com"] [uri "/ssl/localhost.key"] [unique_id "aQGz8mcEJfIvFwYDlqFB4QAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-01 15:38:52 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 89.249.193.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 89.249.193.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 11:38:45.130248 2025] [security2:error] [pid 30111:tid 30194] [client 89.249.193.254:34051] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.kettlehill.kettlehill.com\|F\|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.kettlehill.com"] [uri "/server.key"] [unique_id "aN1LBRH4YjaIRtXIcLB5DwAAAhg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-05 19:22:15 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 89.249.193.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 89.249.193.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 05 15:22:12.089301 2025] [security2:error] [pid 8316:tid 8316] [client 89.249.193.254:49925] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htpasswd" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nbcnewsradio.com"] [uri "/.htpasswd"] [unique_id "aJJZ5F2SRfuI9H8VG9SwGAAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-01 06:39:14 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 89.249.193.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 89.249.193.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 02:38:57.730930 2025] [security2:error] [pid 3331447:tid 3331453] [client 89.249.193.254:36653] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.kettlehill.com"] [uri "/wp-config.php"] [unique_id "aIxhAVSZjg6lcpTf51ZUFwAAAYI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-06-01 05:45:38 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 89.249.193.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 89.249.193.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 01:45:34.057419 2025] [security2:error] [pid 2256135:tid 2256179] [client 89.249.193.254:42859] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.staging.kettlehill.com"] [uri "/wp-config.php.bak"] [unique_id "aDvo_q49PdggYnA6bssd3wAAAEM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-28 20:32:12 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 89.249.193.254 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 89.249.193.254 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 28 16:32:02.292556 2025] [security2:error] [pid 1865552:tid 1865552] [client 89.249.193.254:45759] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|autodiscover.farmers123.com\|F\|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "autodiscover.farmers123.com"] [uri "/server.key"] [unique_id "aDdywowTwR2VbdT00_DgNwAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 188.166.81.67

🇺🇸 185.187.235.144

🇨🇴 179.33.218.135

🇺🇸 162.241.50.50

🇺🇸 99.21.52.103

🇸🇬 68.183.180.73

🇺🇸 66.132.212.13

🇺🇸 64.62.156.126

🇳🇱 45.148.10.152

🇹🇷 31.145.131.202

🇬🇧 195.206.182.198

🇺🇸 195.26.243.245

🇭🇰 194.187.178.162

🇳🇱 176.65.139.229

🇩🇪 167.94.146.79

🇩🇪 167.94.146.57

🇭🇰 152.32.128.85

🇸🇬 103.250.11.176

🇹🇷 85.99.229.74

🇺🇸 64.62.197.43