JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 89.249.195.30

89.249.195.30 was found in our database!

This IP was reported 11 times. Confidence of Abuse is 4%: ?

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS19148
Domain Name	netutils.io
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 89.249.195.30

Whois 89.249.195.30

IP Abuse Reports for 89.249.195.30:

This IP address has been reported a total of 11 times from 3 distinct sources. 89.249.195.30 was first reported on January 17th 2025, and the most recent report was 7 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 bigorre.org	2026-06-18 16:43:21 (7 hours ago)	Excessive crawling : exceed crawl-delay defined in robots.txt	Bad Web Bot
🇺🇸 TPI-Abuse	2026-01-16 04:14:33 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 89.249.195.30 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 89.249.195.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 15 23:14:27.457491 2026] [security2:error] [pid 3525:tid 3525] [client 89.249.195.30:37167] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nbcnewsradio.com"] [uri "/.git/config"] [unique_id "aWm7I5eI14ltNthDGjdw5AAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 17:37:33 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 89.249.195.30 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 89.249.195.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 12:36:18.934425 2025] [security2:error] [pid 27849:tid 28210] [client 89.249.195.30:48189] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.kettlehill.kettlehill.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.kettlehill.com"] [uri "/cslu/v1/var/logs/customer-cslu-lib-log.log"] [unique_id "aVK8ElQ7a22kNO2lY86duwAAAMo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-01 15:33:50 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 89.249.195.30 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 89.249.195.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 01 11:33:44.284885 2025] [security2:error] [pid 29289:tid 29312] [client 89.249.195.30:38935] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.kettlehill.com"] [uri "/htaccess_for_page_not_found_redirects.htaccess"] [unique_id "aQYoWH3ZxI0nlMe2_W5dRwAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-28 23:56:31 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 89.249.195.30 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 89.249.195.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 19:56:28.155859 2025] [security2:error] [pid 4609:tid 4609] [client 89.249.195.30:42477] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.nbcnewsradio.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.nbcnewsradio.com"] [uri "/application/logs/application.log"] [unique_id "aQFYLF1Oj-YeXakBbt6wvAAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-26 04:16:08 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 89.249.195.30 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 89.249.195.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 26 00:15:58.056764 2025] [security2:error] [pid 4233:tid 4233] [client 89.249.195.30:52037] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.deandobkin.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.deandobkin.com"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\windows\\\\win.ini"] [unique_id "aNYTflvzgsCL8cL0WflE-QAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-27 02:14:56 (10 months ago)	(mod_security) mod_security (id:210730) triggered by 89.249.195.30 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 89.249.195.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 22:14:54.225690 2025] [security2:error] [pid 729662:tid 729751] [client 89.249.195.30:50727] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.kettlehill.net\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.net"] [uri "/install/froxlor.sql"] [unique_id "aIWLnrnOl9VusXIpylMm2AAAAQA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-29 16:43:57 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 89.249.195.30 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 89.249.195.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 12:43:51.795351 2025] [security2:error] [pid 3007647:tid 3007647] [client 89.249.195.30:33347] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.farmers123.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.farmers123.com"] [uri "/farmers123.db"] [unique_id "aDiOxwDyYIoLOUALE6D8tAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-04-19 05:27:44 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 89.249.195.30 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 89.249.195.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 19 01:27:20.967279 2025] [security2:error] [pid 22650:tid 22673] [client 89.249.195.30:45531] [client 89.249.195.30] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.blog.spinningdesigns.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "blog.spinningdesigns.com"] [uri "/site.sql"] [unique_id "aAM0OMLYwl69KqC_78ibbQAAAFQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-02-28 21:23:16 (1 year ago)	(mod_security) mod_security (id:212620) triggered by 89.249.195.30 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:212620) triggered by 89.249.195.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 28 16:22:22.703422 2025] [security2:error] [pid 23559:tid 23725] [client 89.249.195.30:37461] [client 89.249.195.30] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|kettlehill.kettlehill.com\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /squid.svg?title=notfound&text=thisisnotthepageyouarelookingfor!&background=\\x22><script>alert(document.domain)</script><imgsrc=\\x22&small"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "kettlehill.kettlehill.com"] [uri "/squid.svg"] [unique_id "Z8IpDuYvCKj82VG6zaPTUAAAAgU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-01-17 12:30:47 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack

Showing 1 to 11 of 11 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇮 147.185.133.62

🇨🇳 106.75.188.89

🇷🇴 92.118.39.62

🇪🇹 196.189.236.162

🇸🇬 148.66.132.204

🇵🇱 74.248.112.30

🇩🇪 69.5.169.14

🇺🇸 149.115.155.213

🇨🇳 121.199.34.107

🇨🇳 115.190.167.144

🇪🇬 41.38.91.188

🇬🇧 35.203.210.169

🇨🇳 101.96.202.48

🇬🇧 35.203.210.187

🇭🇰 218.190.8.165

🇨🇳 123.12.52.239

🇧🇷 20.226.2.115

🇩🇪 194.88.98.83

🇺🇸 45.61.130.187

🇫🇷 193.187.129.119