JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 89.37.63.221

89.37.63.221 was found in our database!

This IP was reported 28 times. Confidence of Abuse is 18%: ?

18%

ISP	Mullvad VPN AB
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	mullvad.net
Country	🇸🇪 Sweden
City	Stockholm, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 89.37.63.221

Whois 89.37.63.221

IP Abuse Reports for 89.37.63.221:

This IP address has been reported a total of 28 times from 19 distinct sources. 89.37.63.221 was first reported on February 23rd 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-07 16:13:45 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 89.37.63.221 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 89.37.63.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 12:13:41.256642 2026] [security2:error] [pid 32620:tid 32620] [client 89.37.63.221:50612] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "athletefirst.org"] [uri "/.git/index"] [unique_id "aiWYtXXmiAf57tO6eCIUHwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 15:23:29 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 89.37.63.221 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 89.37.63.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 11:23:22.707781 2026] [security2:error] [pid 8328:tid 8334] [client 89.37.63.221:46016] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arrowsinthequiver.com"] [uri "/.git/index"] [unique_id "aiWM6j0uVDfDWwasP0oJwQAAAUQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 13:55:16 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 89.37.63.221 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 89.37.63.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 09:55:11.827590 2026] [security2:error] [pid 11434:tid 11434] [client 89.37.63.221:54678] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "andrejblatnik.com"] [uri "/.git/index"] [unique_id "aiV4PwC2WDS3wHoKuLwa2wAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 13:29:24 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 89.37.63.221 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 89.37.63.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 09:29:20.974191 2026] [security2:error] [pid 16873:tid 16873] [client 89.37.63.221:58782] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "americanacademyofteachersofsinging.org"] [uri "/.git/index"] [unique_id "aiVyMFStSWsUzt8a4rvQcQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 12:38:22 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 89.37.63.221 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 89.37.63.221 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 08:38:16.817467 2026] [security2:error] [pid 26940:tid 26940] [client 89.37.63.221:48314] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "34thprs.org"] [uri "/.git/index"] [unique_id "aiVmOFMY20TV9_ST_RB8wAAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇹🇷 Ted Mayers	2026-05-30 20:41:13 (1 week ago)	DROP_INPUT detected 21 times on IPFire, port 6881	Brute-Force
🇩🇪 HandyTreff.de	2026-05-01 12:30:00 (1 month ago)	Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -33.554 (Bad < -10 / Very Bad < -20 ... show more Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -33.554 (Bad < -10 / Very Bad < -20 / Extreme < -35) \| UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 S show less	Web App Attack Bad Web Bot
Anonymous	2026-04-05 17:52:51 (2 months ago)	PAD: ModSec_Scanner! detected	Bad Web Bot
🇬🇧 AvonleaConsulting	2026-03-12 04:24:12 (2 months ago)	Scanning unused Default website or suspicious access to valid sites from IP marked as abusive	Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2026-03-12 04:21:18 (2 months ago)	IM360 WAF: SQLi vulnerability in aWeb Cart Watching System for Virtuemart v1.0.7 for Joomla! (CVE-20 ... show more IM360 WAF: SQLi vulnerability in aWeb Cart Watching System for Virtuemart v1.0.7 for Joomla! (CVE-2016-10114) MV:com_virtuemart' show less	SQL Injection
Anonymous	2026-03-05 05:10:07 (3 months ago)	\| Multiple SQL injection attempts from same source ip.(multiple servers)	Web App Attack Hacking SQL Injection
Anonymous	2025-09-19 03:10:13 (8 months ago)	Unauthorized connection attempt detected in the last 24 hours	Hacking
Anonymous	2025-09-16 03:05:16 (8 months ago)	Unauthorized connection attempt detected in the last 24 hours	Hacking
Anonymous	2025-08-08 16:15:15 (10 months ago)	Unauthorized connection attempt detected in the last 24 hours	Hacking
🇧🇷 Sipo Chutão	2025-07-29 03:00:01 (10 months ago)	ModSecurity: Access denied with code 403 (phase 2). Pattern match python-requests/"	Hacking

Showing 1 to 15 of 28 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 222.76.248.54

🇧🇴 181.115.208.189

🇺🇸 162.216.149.130

🇺🇸 104.28.245.40

🇻🇳 103.78.0.229

🇧🇬 79.124.49.226

🇱🇹 45.227.254.170

🇬🇧 35.203.211.82

🇬🇧 31.14.254.15

🇰🇷 218.146.163.192

🇩🇪 167.94.146.51

🇫🇷 104.28.196.55

🇷🇴 92.118.39.236

🇺🇸 72.240.125.133

🇺🇸 66.132.195.26

🇺🇸 51.8.107.68

🇨🇳 43.226.36.89

🇩🇪 43.165.62.10

🇭🇰 165.154.6.75

🇵🇹 94.63.14.61