JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 89.249.195.131

89.249.195.131 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 18%: ?

18%

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS19148
Domain Name	netutils.io
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 89.249.195.131

Whois 89.249.195.131

IP Abuse Reports for 89.249.195.131:

This IP address has been reported a total of 12 times from 5 distinct sources. 89.249.195.131 was first reported on January 15th 2025, and the most recent report was 4 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 4 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 4server	2026-05-29 11:20:23 (4 weeks ago)	[FriMay2913:20:18.3292472026][security2:error][pid2133200:tid2133362][client89.249.195.131:0]ModSecu ... show more [FriMay2913:20:18.3292472026][security2:error][pid2133200:tid2133362][client89.249.195.131:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"www.test.pytag.ch\"][uri\"/.env.development\"][unique_id\"ahl2cvtQHjDvmLRO5GN0bAAAAQk\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 00:48:19 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 89.249.195.131 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 89.249.195.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 20:48:11.944462 2026] [security2:error] [pid 30978:tid 31005] [client 89.249.195.131:50055] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.joshua.wijaya.biz"] [uri "/.env.development"] [unique_id "aheQy0JXYb2kfyPdR_-QFwAAABg"], referer: https://www.google.com/search?q=www.joshua.wijaya.biz show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2026-05-27 22:00:36 (4 weeks ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-26. show less	Web App Attack SSH Hacking
🇦🇹 René Hickersberger	2026-05-27 02:19:02 (1 month ago)	malicious bot detected: violations="hit-honeypot"; user_agent="Mozilla/5.0 (compatible; Googlebot/2. ... show more malicious bot detected: violations="hit-honeypot"; user_agent="Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" show less	Web App Attack
🇨🇭 4server	2026-05-27 00:56:54 (1 month ago)	[WedMay2702:56:48.6019242026][security2:error][pid366231:tid366426][client89.249.195.131:0]ModSecuri ... show more [WedMay2702:56:48.6019242026][security2:error][pid366231:tid366426][client89.249.195.131:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"364\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"carolin-mizio.ch\"][uri\"/.env.backup\"][unique_id\"ahZBUHnH08FBH6UBi3zTqgAAAMc\"]\,referer:https://www.google.com/search\?q=carolin-mizio.ch show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 00:21:59 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 89.249.195.131 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 89.249.195.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 20:21:54.617669 2026] [security2:error] [pid 29028:tid 29028] [client 89.249.195.131:45179] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gandmaquatics.com"] [uri "/wp-config.php~"] [unique_id "ahY5IgfWmyBzV8xv6NCwAAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-17 13:37:58 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 89.249.195.131 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 89.249.195.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 08:37:53.109525 2026] [security2:error] [pid 28540:tid 28540] [client 89.249.195.131:35789] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/.env.bak"] [unique_id "aWuQsSZiUZrSmdbHtihu0wAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 18:09:28 (5 months ago)	(mod_security) mod_security (id:210350) triggered by 89.249.195.131 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210350) triggered by 89.249.195.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 13:09:10.866401 2025] [security2:error] [pid 12486:tid 12529] [client 89.249.195.131:60023] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.kettlehill.net\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.kettlehill.net"] [uri "/mcp"] [unique_id "aVLDxpEinm-CivtncBSm2wAAAUM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-27 00:57:29 (11 months ago)	(mod_security) mod_security (id:221260) triggered by 89.249.195.131 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:221260) triggered by 89.249.195.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 20:57:25.579000 2025] [security2:error] [pid 404367:tid 404521] [client 89.249.195.131:49367] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|cpcalendars.kettlehill.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.kettlehill.com"] [uri "/cgi-bin/status"] [unique_id "aIV5dQU3F-1fMbOT39mj1AAAABc"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-29 21:36:01 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 89.249.195.131 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 89.249.195.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 17:35:53.587626 2025] [security2:error] [pid 3551496:tid 3551496] [client 89.249.195.131:48203] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whm.farmers123.com"] [uri "/wp-content/plugins/adaptive-images/adaptive-images-script.php"] [unique_id "aDjTOUTjXAhIHwt2JTS-ogAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-02-28 21:37:58 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 89.249.195.131 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 89.249.195.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 28 16:37:29.140246 2025] [security2:error] [pid 14499:tid 14587] [client 89.249.195.131:58427] [client 89.249.195.131] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whm.kettlehill.net"] [uri "/wp-config.php-backup"] [unique_id "Z8IsmQd2rL8yO1LQWRCv0QAAAZg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-01-15 09:41:09 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇿🇼 197.221.254.89

🇳🇱 185.242.226.91

🇧🇷 177.190.209.33

🇬🇧 165.154.174.27

🇨🇳 122.226.163.226

🇺🇸 93.114.192.85

🇵🇱 83.168.69.141

🇳🇱 45.148.10.152

🇬🇧 2a06:4880:c000::fc

🇺🇸 2001:470:1:c84::25a

🇺🇸 198.41.227.63

🇲🇿 197.219.208.38

🇪🇬 156.206.53.31

🇺🇸 108.162.212.41

🇨🇳 103.236.87.224

🇭🇰 103.30.40.129

🇲🇦 102.53.15.18

🇺🇸 45.33.14.5

🇰🇷 36.39.140.2

🇧🇪 34.53.224.98