JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 89.38.224.157

89.38.224.157 was found in our database!

This IP was reported 613 times. Confidence of Abuse is 0%: ?

ISP	M247 Ltd Belgrade
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	m247global.com
Country	🇷🇸 Serbia
City	Belgrade, Central Serbia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 89.38.224.157

Whois 89.38.224.157

IP Abuse Reports for 89.38.224.157:

This IP address has been reported a total of 613 times from 114 distinct sources. 89.38.224.157 was first reported on December 9th 2020, and the most recent report was 3 months ago.

Old Reports: The most recent abuse report for this IP address is from 3 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 Axel	2026-03-13 01:14:01 (3 months ago)	Blocked by ModSecurity. Rule ID: 210730 Message: COMODO WAF: URL file extension is restricted by pol ... show more Blocked by ModSecurity. Rule ID: 210730 Message: COMODO WAF: URL file extension is restricted by policy\|\|usvi.network\|F\|2 Phase: 2 Severity: CRITICAL URI: /sql.sql Server: UK-01 show less	Web App Attack Hacking SQL Injection
🇺🇸 TPI-Abuse	2026-03-11 16:33:54 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 89.38.224.157 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 89.38.224.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 11 12:33:48.206781 2026] [security2:error] [pid 17316:tid 17316] [client 89.38.224.157:52631] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.spectorworld.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.spectorworld.com"] [uri "/backup.sql"] [unique_id "abGZbIG9sbo11QrNcxJw5QAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-10 10:00:07 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 89.38.224.157 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 89.38.224.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 10 05:59:58.947430 2026] [security2:error] [pid 29219:tid 29219] [client 89.38.224.157:53551] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|barnesandbrower.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "barnesandbrower.com"] [uri "/bak/backup.sql"] [unique_id "aa_rnqVC-8zI5T6wYpGRvwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-09 22:03:28 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 89.38.224.157 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 89.38.224.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 09 18:03:23.533061 2026] [security2:error] [pid 20529:tid 20537] [client 89.38.224.157:43861] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ethniclivesmatter.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ethniclivesmatter.com"] [uri "/old/www.sql"] [unique_id "aa9Dq2-TU5y5kssZ6bg0CwAAAIU"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Axel	2026-03-09 21:26:02 (3 months ago)	Blocked by ModSecurity. Rule ID: 210492 Message: None Phase: 1 Severity: CRITICAL URI: /.env Server: ... show more Blocked by ModSecurity. Rule ID: 210492 Message: None Phase: 1 Severity: CRITICAL URI: /.env Server: UK-01 show less	Web App Attack Hacking SQL Injection
🇯🇵 Valhalla	2026-03-09 12:26:45 (3 months ago)	/old/website.rar	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-03-02 18:40:59 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 89.38.224.157 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 89.38.224.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 02 13:40:52.401002 2026] [security2:error] [pid 1364:tid 1364] [client 89.38.224.157:64127] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ibeautyexchange.com"] [uri "/backups/sftp-config.json"] [unique_id "aaXZtNnaRfSNJQMW-f6zZAAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-01 23:06:31 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 89.38.224.157 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 89.38.224.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 01 18:06:27.863811 2026] [security2:error] [pid 7385:tid 7385] [client 89.38.224.157:27153] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|powderriverinc.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "powderriverinc.com"] [uri "/restore/www.sql"] [unique_id "aaTGc-OM5t1Bp4fy89RxtgAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-28 20:06:33 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 89.38.224.157 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 89.38.224.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 28 15:06:16.384654 2026] [security2:error] [pid 24233:tid 24233] [client 89.38.224.157:64279] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|phantomkennels.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "phantomkennels.com"] [uri "/backup.sql"] [unique_id "aaNKuClVp_Xgmbrq0YK1hwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-25 17:12:42 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 89.38.224.157 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 89.38.224.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 25 12:12:34.691938 2026] [security2:error] [pid 16163:tid 16163] [client 89.38.224.157:37845] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.pcga.golf\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pcga.golf"] [uri "/backup/dump.sql"] [unique_id "aZ8tghv0siIk1OlnorjyhgAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-25 15:23:41 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 89.38.224.157 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 89.38.224.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 25 10:23:34.190518 2026] [security2:error] [pid 27650:tid 27668] [client 89.38.224.157:42923] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.fishrapper.com"] [uri "/restore/sftp-config.json"] [unique_id "aZ8T9kuty2XE6cj5dfLDuwAAAM0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-23 22:18:21 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 89.38.224.157 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 89.38.224.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 23 17:18:16.898308 2026] [security2:error] [pid 28128:tid 28128] [client 89.38.224.157:35029] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|asiabeef.network\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "asiabeef.network"] [uri "/restore/www.sql"] [unique_id "aZzSKPep1vsiAILXztoc0wAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Penny Packer	2026-02-23 21:40:33 (3 months ago)	Fail2Ban apache-tripwires	Web App Attack
🇺🇸 threatintelligence_bvc	2026-02-21 20:21:42 (3 months ago)		Brute-Force
🇺🇸 TPI-Abuse	2026-02-08 18:07:38 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 89.38.224.157 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 89.38.224.157 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 08 13:07:34.799052 2026] [security2:error] [pid 7985:tid 7985] [client 89.38.224.157:55235] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|wendeenicole.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "wendeenicole.com"] [uri "/backups/www.sql"] [unique_id "aYjQ5kYMzo_Yd1XOg33TMgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 613 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 198.235.24.65

🇺🇿 194.107.115.199

🇧🇬 193.24.211.247

🇳🇱 185.223.235.8

🇸🇬 103.250.11.116

🇳🇱 91.92.42.182

🇸🇬 43.160.193.17

🇸🇬 43.128.122.242

🇧🇪 34.53.191.130

🇯🇵 210.156.0.132

🇧🇪 198.235.24.247

🇧🇪 198.235.24.195

🇬🇧 188.122.37.97

🇨🇴 186.31.95.163

🇧🇴 181.188.176.242

🇺🇸 162.216.150.75

🇺🇸 162.216.149.64

🇨🇳 124.234.157.73

🇰🇷 121.142.87.218

🇳🇱 95.85.226.199