JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.89.42.199

185.89.42.199 was found in our database!

This IP was reported 7 times. Confidence of Abuse is 3%: ?

ISP	FINE GROUP SERVERS SOLUTIONS LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS59651
Domain Name	finegroupservers.com
Country	🇫🇮 Finland
City	Helsinki, Uusimaa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.89.42.199

Whois 185.89.42.199

IP Abuse Reports for 185.89.42.199:

This IP address has been reported a total of 7 times from 4 distinct sources. 185.89.42.199 was first reported on October 28th 2023, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-05-21 12:43:40 (2 weeks ago)	(mod_security) mod_security (id:225170) triggered by 185.89.42.199 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 185.89.42.199 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 08:43:35.961526 2026] [security2:error] [pid 23727:tid 23727] [client 185.89.42.199:54517] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|unitedletter.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "unitedletter.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ag7997kI5ZTR-pUkirJRowAAAAc"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-14 15:30:19 (3 weeks ago)	(mod_security) mod_security (id:225170) triggered by 185.89.42.199 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 185.89.42.199 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 14 11:30:12.954822 2026] [security2:error] [pid 12764:tid 12764] [client 185.89.42.199:37925] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|kippert.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "kippert.com"] [uri "/wp-json/wp/v2/users"] [unique_id "agXqhN3M8RIMp7O_Kb9vlwAAAAI"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 tentwentyfour	2026-03-20 13:48:42 (2 months ago)	Blocked for brute-forcing WordPress log-in	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-12-26 20:36:29 (5 months ago)	(mod_security) mod_security (id:225170) triggered by 185.89.42.199 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 185.89.42.199 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 26 15:36:22.477253 2025] [security2:error] [pid 29176:tid 29176] [client 185.89.42.199:13563] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|jolankagroup.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "jolankagroup.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aU7xxlcOrrUoxult2dUsJAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-23 12:28:05 (5 months ago)	(mod_security) mod_security (id:225170) triggered by 185.89.42.199 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 185.89.42.199 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 23 07:27:59.376215 2025] [security2:error] [pid 13953:tid 13953] [client 185.89.42.199:28973] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|tcomputerguy.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "tcomputerguy.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aUqKz5nm8WYTXNbqvWyhWQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 FeG Deutschland	2025-01-28 23:19:33 (1 year ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 15	Exploited Host Web App Attack
🇵🇱 TI	2023-10-28 10:12:18 (2 years ago)	Scrapping website, using diffrent useragents, not wait for response, #botnet20231026	DDoS Attack Bad Web Bot

Showing 1 to 7 of 7 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 167.172.28.156

🇪🇨 190.155.57.175

🇧🇷 186.194.83.221

🇭🇰 165.154.225.20

🇱🇹 81.30.98.62

🇧🇪 74.125.47.144

🇺🇸 66.132.186.237

🇰🇷 61.76.112.4

🇮🇳 45.123.110.70

🇸🇬 43.153.204.181

🇺🇸 40.65.222.177

🇮🇷 193.151.130.217

🇺🇸 162.216.149.179

🇩🇰 109.58.19.15

🇺🇸 89.106.84.74

🇺🇸 86.111.187.169

🇳🇱 74.125.114.209

🇧🇷 45.169.200.254

🇺🇸 20.168.120.208

🇳🇱 195.178.110.30