JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 157.100.89.12

157.100.89.12 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 28%: ?

28%

ISP	ECUANET - CORPORACION ECUATORIANA DE INFORMACION
Usage Type	Data Center/Web Hosting/Transit
ASN	AS27947
Hostname(s)	host-157-100-89-12.ecua.net.ec
Domain Name	ecua.net.ec
Country	🇪🇨 Ecuador
City	Quito, Pichincha

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 157.100.89.12

Whois 157.100.89.12

IP Abuse Reports for 157.100.89.12:

This IP address has been reported a total of 14 times from 12 distinct sources. 157.100.89.12 was first reported on November 6th 2024, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-12 23:57:00 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 157.100.89.12 (host-157-100-89-12.ecua.net.ec): ... show more (mod_security) mod_security (id:210492) triggered by 157.100.89.12 (host-157-100-89-12.ecua.net.ec): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 19:56:52.819441 2026] [security2:error] [pid 11291:tid 11337] [client 157.100.89.12:20743] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sailcleaner.com"] [uri "/wp-config.php"] [unique_id "aiycxC9phsOpFSz208QmkgAAAIU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-05 14:15:16 (1 week ago)	Botnet activity. Attribution: Angara Technologies Group / mikhail-smirnov-79830322 \| Attack Signatur ... show more Botnet activity. Attribution: Angara Technologies Group / mikhail-smirnov-79830322 \| Attack Signature Blocked: /wishlist/index/add/product/11231/form_key/cNNnjXuzmQY1JxIE/ \| UA: Opera/9.12.(X11; Linux i686; sid-ET) Presto/2.9.190 Version/12.00 \| (Magent... show less	Hacking Bad Web Bot Web App Attack
🇩🇪 SMARTNET	2026-05-27 06:03:53 (2 weeks ago)	Aisuru(Mirai variant) DDoS \| Incident ID: f33ea243-b344-42fe-b994-8adedb9f85ca	DDoS Attack
🇺🇸 Penny Packer	2026-05-01 17:54:20 (1 month ago)	Fail2Ban apache-tripwires	Web App Attack
🇩🇪 london2038.com	2026-04-30 03:04:01 (1 month ago)	Probing for exploits 157.100.89.12 - - [30/Apr/2026:05:03:58 +0200] "GET /phpmyadmin/ HTTP/1.1" 422 ... show more Probing for exploits 157.100.89.12 - - [30/Apr/2026:05:03:58 +0200] "GET /phpmyadmin/ HTTP/1.1" 422 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0" 157.100.89.12 - - [30/Apr/2026:05:03:58 +0200] "GET /phpMyAdmin/ HTTP/1.1" 422 0 "-" "Mozilla/5.0 (Linux; Android 18; SM-S9010 Build/UP1A.231000.007; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/132.0.6834.122 Mobile Safari/537.36 Barcelona 365.0.0.40.109 Android (34/14; 450dpi; 1080x2124; samsung; SM-S9010; r0q; qcom; zh_TW_#Hant; 690232887)" show less	Hacking Web App Attack
🇮🇩 BPS-StatisticsIndonesia	2026-04-29 14:42:10 (1 month ago)	WP Login Scan Activities: "2026-04-29T21:42:10.702+07:00" "/wp-login.php" "157.100.89.12" "Mozilla/5 ... show more WP Login Scan Activities: "2026-04-29T21:42:10.702+07:00" "/wp-login.php" "157.100.89.12" "Mozilla/5.0 (Linux; Android 9; itel L5002P Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.6834.163 Mobile Safari/537.36" show less	Web App Attack
🇺🇸 TPI-Abuse	2026-01-26 05:31:56 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 157.100.89.12 (host-157-100-89-12.ecua.net.ec): ... show more (mod_security) mod_security (id:210730) triggered by 157.100.89.12 (host-157-100-89-12.ecua.net.ec): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 26 00:31:49.524878 2026] [security2:error] [pid 11322:tid 11322] [client 157.100.89.12:15120] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|comics.flyingdodostudio.com\|F\|2"] [data ".tumblr.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "comics.flyingdodostudio.com"] [uri "/onelemmingsloss/inkyphalangies.tumblr.com"] [unique_id "aXb8Ra3Mw-MUTt8pe7TpoAAAAAA"], referer: http://comics.flyingdodostudio.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 D3monite	2025-11-20 09:59:25 (6 months ago)	Attempted Brute Force (cpaneld)	Brute-Force
Anonymous	2025-11-19 10:33:21 (6 months ago)	scanning http requests from known botnet	Web App Attack
🇸🇬 mypatricks	2025-10-11 09:14:09 (8 months ago)	157.100.89.12 \| Port: 44908 \| DNS: host-157-100-89-12.ecua.net.ec 2025-10-11T17:14:08+08:00 America/ ... show more 157.100.89.12 \| Port: 44908 \| DNS: host-157-100-89-12.ecua.net.ec 2025-10-11T17:14:08+08:00 America/Guayaquil \| Bad Behavior Activity \| UA: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Mobile Safari/537.36 HTTP/1.1 443 GET \| URL: /cart/?1084b6cac10b73f10b3b1=CNY&code=CNY \| Ref: - \| Country: EC/Ecuador/−05:00 IP City: Quito 98cd3ed1b6ba8258-GYE/Guayaquil, Ecuador 1 hits/0 secs Robots 3 show less	Web Spam Blog Spam Brute-Force Exploited Host Web App Attack
Anonymous	2025-09-14 03:21:30 (9 months ago)	Attempted brute force login to web vpn 2 time(s); last attempt for 2025.09.14 is noted in report tim ... show more Attempted brute force login to web vpn 2 time(s); last attempt for 2025.09.14 is noted in report timestamp show less	Hacking Brute-Force
🇪🇸 Global Cyber Police	2025-07-28 07:38:50 (10 months ago)	Malicious bot activity detected: Hitting honeypot page. Part of massive botnet.	DDoS Attack Hacking SQL Injection Spoofing Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-01-31 01:40:52 (1 year ago)	Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
Anonymous	2024-11-06 21:54:44 (1 year ago)	wordpress-trap	Web App Attack

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 198.235.24.50

🇳🇱 160.119.76.62

🇨🇳 61.179.73.179

🇨🇳 220.180.166.214

🇨🇳 220.179.255.54

🇨🇳 220.161.52.149

🇹🇼 198.235.24.43

🇹🇼 198.235.24.42

🇬🇧 185.247.137.243

🇺🇦 176.103.1.39

🇳🇱 176.65.149.236

🇰🇷 168.107.44.30

🇺🇸 165.154.162.239

🇰🇷 144.24.68.152

🇺🇸 135.237.123.204

🇺🇸 129.153.145.135

🇨🇳 122.97.136.129

🇳🇱 107.189.24.77

🇧🇩 103.119.94.10

🇧🇬 79.124.62.178