JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 89.249.195.74

89.249.195.74 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 23%: ?

23%

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS19148
Domain Name	netutils.io
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 89.249.195.74

Whois 89.249.195.74

IP Abuse Reports for 89.249.195.74:

This IP address has been reported a total of 19 times from 6 distinct sources. 89.249.195.74 was first reported on January 17th 2025, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 consul.to	2026-05-29 09:12:19 (2 weeks ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 00:17:04 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 89.249.195.74 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 89.249.195.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 20:16:55.346353 2026] [security2:error] [pid 15234:tid 15234] [client 89.249.195.74:55263] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "virttee.com"] [uri "/.env.development.local"] [unique_id "aheJdyj3YoQP0ipF48-XbwAAAA0"], referer: https://www.google.com/search?q=virttee.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 22:44:37 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 89.249.195.74 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 89.249.195.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 18:43:49.562298 2026] [security2:error] [pid 13474:tid 13474] [client 89.249.195.74:48955] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.naturallyneworleans.anthonyjoseph.us"] [uri "/.env.development.local"] [unique_id "ahdzpW2tF3M9L6NphNoiIQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2026-05-27 22:00:53 (2 weeks ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-26. show less	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-05-27 17:50:31 (2 weeks ago)	(mod_security) mod_security (id:949110) triggered by 89.249.195.74 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:949110) triggered by 89.249.195.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 13:50:12.837723 2026] [security2:error] [pid 14070:tid 14070] [client 89.249.195.74:41429] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letahitibookings.com"] [uri "/wp-config.php~"] [unique_id "ahcu1N5pwiBAqopjgyYo4gAAAAk"], referer: https://www.google.com/search?q=letahitibookings.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 16:24:50 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 89.249.195.74 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 89.249.195.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 12:24:44.127265 2026] [security2:error] [pid 2581:tid 2581] [client 89.249.195.74:36095] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "frmoto24montmelo.com"] [uri "/wp-config.php"] [unique_id "ahcazGFPgs_WN9V7l0HEXQAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 15:55:00 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 89.249.195.74 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 89.249.195.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 11:54:51.855999 2026] [security2:error] [pid 17139:tid 17139] [client 89.249.195.74:60901] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "drdot.xyz"] [uri "/.env"] [unique_id "ahcTy6RYKrUWkwQLr9ilYQAAABE"], referer: https://www.google.com/search?q=drdot.xyz show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 12:00:54 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 89.249.195.74 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 89.249.195.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 08:00:43.207885 2026] [security2:error] [pid 29467:tid 29541] [client 89.249.195.74:41605] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.southtampaprinting.com"] [uri "/sftp-config.json"] [unique_id "ahbc656i53ZJZj4NukOk0QAAAEs"], referer: https://www.google.com/search?q=cpanel.southtampaprinting.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 00:57:46 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 89.249.195.74 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 89.249.195.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 20:57:40.472468 2026] [security2:error] [pid 29516:tid 29516] [client 89.249.195.74:43105] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "oposicionesyconcursos.es"] [uri "/.env.local"] [unique_id "ahZBhMW3LWn__xIUZ85A1wAAAAA"], referer: https://www.google.com/search?q=oposicionesyconcursos.es show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 4server	2026-05-27 00:56:59 (2 weeks ago)	[WedMay2702:56:52.2358742026][security2:error][pid366227:tid366385][client89.249.195.74:0]ModSecurit ... show more [WedMay2702:56:52.2358742026][security2:error][pid366227:tid366385][client89.249.195.74:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"\\\\\\\\.sql$\?:\$\\|\\\\\\\\.\(\?:zip\\|\(\?:t\\|r$ar\\\\\\\\.\?g\?z\?\\|t\?$\?:g\\|b$z\\|old\\|ba$\?:k\\|c$u\?p\?\)\$\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"1183\"][id\"350590\"][rev\"3\"][msg\"Atomicorp.comWAFRules:AttackBlocked-Dataleakage-attempttoaccessrawSQLfiles$disablethisruleifyourequireaccesstofilesthatendwith.sql$\"][severity\"CRITICAL\"][hostname\"carolin-mizio.ch.81-17-25-250.cpanel.site\"][uri\"/backup.sql.gz\"][unique_id\"ahZBVCUmHivWzRiXxqydfwAAAE4\"]\,referer:https://www.google.com/search\?q=carolin-mizio.ch.81-17-25-250.cpanel.site show less	Hacking Web App Attack
🇳🇱 homeshowdomain.nl	2026-05-26 21:59:07 (2 weeks ago)	Auto-ban: >3000 req/min op 2026-05-26	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-05-26 17:57:42 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 89.249.195.74 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 89.249.195.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 13:57:05.269753 2026] [security2:error] [pid 25973:tid 25973] [client 89.249.195.74:47101] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "boblog111.com"] [uri "/.env.backup"] [unique_id "ahXe8RJknHm7UpGWLjolUQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-27 02:37:52 (4 months ago)	(mod_security) mod_security (id:211190) triggered by 89.249.195.74 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:211190) triggered by 89.249.195.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 26 21:35:07.131734 2026] [security2:error] [pid 23296:tid 23307] [client 89.249.195.74:41589] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|www.staging.kettlehill.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /fuel/pages/select/?filter=%27%2bpi(print(%24a%3d%27system%27))%2b%24a(%27cat%20/etc/passwd%27)%2b%27"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "staging.kettlehill.com"] [uri "/fuel/pages/select/"] [unique_id "aXgkWknBpq4P6Y3u9V76lQAAAMc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-17 07:54:20 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 89.249.195.74 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 89.249.195.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 02:54:09.059303 2026] [security2:error] [pid 20090:tid 20090] [client 89.249.195.74:36639] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/.env.production"] [unique_id "aWtAIQ61XiHU2p2y2LhYPQAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 HandyTreff.de	2026-01-08 19:37:32 (5 months ago)	Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -30.989 (Bad < -10 / Very Bad < -20 ... show more Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -30.989 (Bad < -10 / Very Bad < -20 / Extreme < -35) \| UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Sa show less	Bad Web Bot Web App Attack

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇵🇰 202.66.180.185

🇸🇬 146.190.110.231

🇩🇪 87.156.176.191

🇭🇰 43.250.173.130

🇺🇸 20.64.105.156

🇬🇧 2a06:4880:4000::5d

🇺🇸 2607:f8b0:4001:c58::12d

🇺🇸 198.11.179.228

🇮🇷 85.198.19.242

🇷🇴 80.94.92.165

🇺🇸 65.49.20.114

🇸🇬 47.88.138.99

🇫🇷 45.81.243.62

🇹🇷 213.128.70.19

🇦🇷 186.139.37.209

🇺🇸 184.105.247.228

🇺🇸 173.255.242.196

🇺🇸 173.255.223.143

🇨🇳 111.48.160.201

🇺🇸 107.175.156.151