JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 136.0.189.62

136.0.189.62 was found in our database!

This IP was reported 15 times. Confidence of Abuse is 4%: ?

ISP	Ace Data Centers II, L.L.C.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396362
Hostname(s)	136-0-189-62.ips.acedatacenter.com
Domain Name	acedatacenter.com
Country	🇺🇸 United States of America
City	New York City, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 136.0.189.62

Whois 136.0.189.62

IP Abuse Reports for 136.0.189.62:

This IP address has been reported a total of 15 times from 3 distinct sources. 136.0.189.62 was first reported on May 28th 2025, and the most recent report was 6 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-01 02:56:41 (6 days ago)	(mod_security) mod_security (id:210730) triggered by 136.0.189.62 (136-0-189-62.ips.acedatacenter.co ... show more (mod_security) mod_security (id:210730) triggered by 136.0.189.62 (136-0-189-62.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 22:56:37.267780 2026] [security2:error] [pid 7732:tid 7753] [client 136.0.189.62:46711] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.kettlehill.net\|F\|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.net"] [uri "/host.key"] [unique_id "ahz05SKq_i-FrRbJEDIQVwAAAUc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-08 21:35:08 (1 month ago)	(mod_security) mod_security (id:212620) triggered by 136.0.189.62 (136-0-189-62.ips.acedatacenter.co ... show more (mod_security) mod_security (id:212620) triggered by 136.0.189.62 (136-0-189-62.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 08 17:34:55.751413 2026] [security2:error] [pid 176784:tid 176784] [client 136.0.189.62:54759] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|mail.nbcnewsradio.com\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /ajax/apps/manifests?action=all&format=debug&xss=<script>alert(document.domain);</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "mail.nbcnewsradio.com"] [uri "/ajax/apps/manifests"] [unique_id "adbJ_553_HVqaHUYQn13dQAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-01 11:38:41 (4 months ago)	(mod_security) mod_security (id:240950) triggered by 136.0.189.62 (136-0-189-62.ips.acedatacenter.co ... show more (mod_security) mod_security (id:240950) triggered by 136.0.189.62 (136-0-189-62.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 01 06:38:01.672700 2026] [security2:error] [pid 16720:tid 16850] [client 136.0.189.62:46477] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)\|\|cpcalendars.kettlehill.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cpcalendars.kettlehill.com"] [uri "/secure/QueryComponentRendererValue!Default.jspa"] [unique_id "aX87GXgN2ebRaezbXtJGSgAAAVE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-16 08:33:00 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 136.0.189.62 (136-0-189-62.ips.acedatacenter.co ... show more (mod_security) mod_security (id:210492) triggered by 136.0.189.62 (136-0-189-62.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 03:32:55.531166 2026] [security2:error] [pid 15470:tid 15470] [client 136.0.189.62:46751] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/_.htaccess"] [unique_id "aWn3t_Ue1Fg6nofhLvCnRgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 22:32:04 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 136.0.189.62 (136-0-189-62.ips.acedatacenter.co ... show more (mod_security) mod_security (id:210492) triggered by 136.0.189.62 (136-0-189-62.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 17:32:00.444173 2025] [security2:error] [pid 12886:tid 12886] [client 136.0.189.62:53781] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whm.farmers123.com"] [uri "/htaccess_for_page_not_found_redirects.htaccess"] [unique_id "aS9o4M4SHK0S-s2IadYmrAAAACQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-01 07:05:29 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 136.0.189.62 (136-0-189-62.ips.acedatacenter.co ... show more (mod_security) mod_security (id:210730) triggered by 136.0.189.62 (136-0-189-62.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 02:05:24.784710 2025] [security2:error] [pid 30768:tid 30785] [client 136.0.189.62:42405] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kettlehill.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kettlehill.com"] [uri "/log/errors.log"] [unique_id "aS0-NP5kVQ-rlVW6wYR7dQAAAU0"], referer: http://kettlehill.com/log/errors.log show less	Brute-Force Bad Web Bot Web App Attack
🇦🇹 Erpelstolz	2025-11-25 11:30:21 (6 months ago)	VM 131: 136.0.189.62 - - [25/Nov/2025:12:30:17 +0100] "GET /solr/solrdefault/debug/dump?param=Conten ... show more VM 131: 136.0.189.62 - - [25/Nov/2025:12:30:17 +0100] "GET /solr/solrdefault/debug/dump?param=ContentStreams&stream.url=file://c:/windows/win.ini HTTP/1.1" 404 8451 show less	Web App Attack
🇺🇸 TPI-Abuse	2025-11-12 10:21:14 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 136.0.189.62 (136-0-189-62.ips.acedatacenter.co ... show more (mod_security) mod_security (id:210492) triggered by 136.0.189.62 (136-0-189-62.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 12 05:21:07.540993 2025] [security2:error] [pid 12372:tid 12372] [client 136.0.189.62:57869] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autoconfig.nbcnewsradio.com"] [uri "/.env.prod.local"] [unique_id "aRRfk5iohgB2Abb1qRa5XQAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-01 14:39:08 (7 months ago)	(mod_security) mod_security (id:211190) triggered by 136.0.189.62 (136-0-189-62.ips.acedatacenter.co ... show more (mod_security) mod_security (id:211190) triggered by 136.0.189.62 (136-0-189-62.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 01 10:39:06.018814 2025] [security2:error] [pid 27531:tid 27542] [client 136.0.189.62:42559] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|www.kettlehill.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /learn/cubemail/filemanagement.php?action=dl&f=../../../../../../../../../../../etc/passwd%00"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kettlehill.com"] [uri "/learn/cubemail/filemanagement.php"] [unique_id "aQYbin2WO2IkxYJ6zsIGPgAAAQk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-22 20:26:25 (8 months ago)	(mod_security) mod_security (id:210492) triggered by 136.0.189.62 (136-0-189-62.ips.acedatacenter.co ... show more (mod_security) mod_security (id:210492) triggered by 136.0.189.62 (136-0-189-62.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 22 16:26:20.864101 2025] [security2:error] [pid 23819:tid 23819] [client 136.0.189.62:35369] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.deandobkin.com"] [uri "/a.htaccess"] [unique_id "aNGw7EzQxSBv5-E3F_A61gAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-01 06:39:06 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 136.0.189.62 (136-0-189-62.ips.acedatacenter.co ... show more (mod_security) mod_security (id:210492) triggered by 136.0.189.62 (136-0-189-62.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 02:38:56.538864 2025] [security2:error] [pid 3331447:tid 3331453] [client 136.0.189.62:55827] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.kettlehill.net"] [uri "/wp-config.php"] [unique_id "aIxhAFSZjg6lcpTf51ZT-QAAAYI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-06-01 07:03:48 (1 year ago)	(mod_security) mod_security (id:211190) triggered by 136.0.189.62 (136-0-189-62.ips.acedatacenter.co ... show more (mod_security) mod_security (id:211190) triggered by 136.0.189.62 (136-0-189-62.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 03:03:42.188206 2025] [security2:error] [pid 2256139:tid 2256279] [client 136.0.189.62:38999] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|www.staging.kettlehill.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php?ajaxAction=getIds&cfg=../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "staging.kettlehill.com"] [uri "/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php"] [unique_id "aDv7TnvRuSdZj0PHFrREJwAAARU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-30 20:15:57 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 136.0.189.62 (136-0-189-62.ips.acedatacenter.co ... show more (mod_security) mod_security (id:210730) triggered by 136.0.189.62 (136-0-189-62.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 30 16:15:52.233280 2025] [security2:error] [pid 627846:tid 627846] [client 136.0.189.62:60927] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.nbcnewsradio.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.nbcnewsradio.com"] [uri "/errors.log"] [unique_id "aDoR-F9NVszmkQQD9qI4ZAAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-28 20:31:09 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 136.0.189.62 (136-0-189-62.ips.acedatacenter.co ... show more (mod_security) mod_security (id:210730) triggered by 136.0.189.62 (136-0-189-62.ips.acedatacenter.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 28 16:30:59.931949 2025] [security2:error] [pid 1861738:tid 1861738] [client 136.0.189.62:56723] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|autodiscover.farmers123.com\|F\|2"] [data ".com.db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "autodiscover.farmers123.com"] [uri "/farmers123.com.db"] [unique_id "aDdyg5TlYLoEzKMr-LLZzAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-05-28 04:50:07 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack

Showing 1 to 15 of 15 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.180.246.74

🇺🇸 192.178.115.221

🇨🇱 186.189.95.9

🇦🇷 179.60.228.74

🇲🇩 178.175.167.68

🇬🇧 172.69.224.198

🇺🇸 162.216.150.189

🇺🇸 142.93.201.122

🇨🇳 113.109.26.123

🇷🇴 92.118.39.62

🇧🇬 79.124.56.138

🇱🇺 64.89.160.35

🇺🇸 34.53.101.90

🇺🇸 216.180.246.202

🇺🇸 213.201.243.87

🇹🇷 212.87.199.64

🇹🇼 198.235.24.37

🇬🇧 193.163.125.102

🇬🇧 172.69.224.81

🇺🇸 151.240.93.36