JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 189.34.242.152

189.34.242.152 was found in our database!

This IP was reported 41 times. Confidence of Abuse is 98%: ?

98%

ISP	Claro NXT Telecomunicacoes Ltda
Usage Type	Fixed Line ISP
ASN	AS28573
Hostname(s)	bd22f298.virtua.com.br
Domain Name	claro.com.br
Country	🇧🇷 Brazil
City	Santos, Sao Paulo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 189.34.242.152

Whois 189.34.242.152

IP Abuse Reports for 189.34.242.152:

This IP address has been reported a total of 41 times from 23 distinct sources. 189.34.242.152 was first reported on May 27th 2026, and the most recent report was 20 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇲🇹 Malta	2026-06-14 14:49:20 (20 hours ago)	189.34.242.152 - - [14/Jun/2026:16:49:20 +0200] "POST /xmlrpc.php HTTP/1.1" "Jetpack by WordPress.co ... show more 189.34.242.152 - - [14/Jun/2026:16:49:20 +0200] "POST /xmlrpc.php HTTP/1.1" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.4)" show less	Hacking Web App Attack
🇫🇷 dynamix	2026-06-14 11:15:05 (23 hours ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
Anonymous	2026-06-14 07:18:06 (1 day ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack
🇫🇷 masterguru	2026-06-14 05:57:50 (1 day ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)	Hacking
🇺🇸 TPI-Abuse	2026-06-14 02:53:19 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 189.34.242.152 (bd22f298.virtua.com.br): 1 in t ... show more (mod_security) mod_security (id:240335) triggered by 189.34.242.152 (bd22f298.virtua.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 22:53:13.572374 2026] [security2:error] [pid 31257:tid 31257] [client 189.34.242.152:55573] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 189.34.242.152 (+1 hits since last alert)\|theroyalhouseofelohim.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "theroyalhouseofelohim.org"] [uri "/xmlrpc.php"] [unique_id "ai4XmbkTUKF8pa-GTz9JOwAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Lunix	2026-06-13 22:44:07 (1 day ago)		Brute-Force Web App Attack
🇸🇪 konseptit	2026-06-10 03:04:58 (5 days ago)	(wordpress) Failed wordpress login from 189.34.242.152 (BR/Brazil/bd22f298.virtua.com.br)	Brute-Force
🇲🇾 Rizzy	2026-06-10 03:03:59 (5 days ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇺🇸 graphics-muse.org	2026-06-05 16:31:11 (1 week ago)	Fri Jun 05 10:30:48.227733 2026189.34.242.152 - - [05/Jun/2026:10:30:50 -0600] "POST /xmlrpc.php HTT ... show more Fri Jun 05 10:30:48.227733 2026189.34.242.152 - - [05/Jun/2026:10:30:50 -0600] "POST /xmlrpc.php HTTP/1.1" 200 448 Fri Jun 05 10:30:48.227733 2026189.34.242.152 - - [05/Jun/2026:10:30:50 -0600] "POST /xmlrpc.php HTTP/1.1" 200 3611 "-" "Jetpack/12.5; WordPress/6.2; http://site83345419.com" Fri Jun 05 10:31:01.029218 2026189.34.242.152 - - [05/Jun/2026:10:31:01 -0600] "POST /xmlrpc.php HTTP/1.1" 200 448 Fri Jun 05 10:31:01.029218 2026189.34.242.152 - - [05/Jun/2026:10:31:01 -0600] "POST /xmlrpc.php HTTP/1.1" 200 3610 "-" "WordPress.com; https://wordpress.com" Fri Jun 05 10:31:07.935865 2026189.34.242.152 - - [05/Jun/2026:10:31:11 -0600] "POST /xmlrpc.php HTTP/1.1" 200 448 Fri Jun 05 10:31:07.935865 2026189.34.242.152 - - [05/Jun/2026:10:31:11 -0600] "POST /xmlrpc.php HTTP/1.1" 200 3609 "-" "Jetpack/12.0; WordPress/6.2; http://site39783108.com" ... show less	Brute-Force Web App Attack
Anonymous	2026-06-04 22:50:47 (1 week ago)	[ssd5.kdns.gr] httpd-xmlrpc-post: sites=sigasigacollective.com; logs=/var/log/httpd/domains/sigasiga ... show more [ssd5.kdns.gr] httpd-xmlrpc-post: sites=sigasigacollective.com; logs=/var/log/httpd/domains/sigasigacollective.com.log; samples=/xmlrpc.php show less	Brute-Force Web App Attack
🇳🇱 Site.eu	2026-06-04 04:13:39 (1 week ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇳🇱 Site.eu	2026-06-02 01:14:29 (1 week ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇳🇱 CryptoYakari	2026-06-01 08:10:00 (2 weeks ago)	[Mon Jun 01 11:09:38.172234 2026] [proxy_fcgi:error] [pid 2154299:tid 2154349] [client 189.34.242.15 ... show more [Mon Jun 01 11:09:38.172234 2026] [proxy_fcgi:error] [pid 2154299:tid 2154349] [client 189.34.242.152:0] AH01071: Got error 'Primary script unknown' [Mon Jun 01 11:09:48.261216 2026] [proxy_fcgi:error] [pid 2154299:tid 2154352] [client 189.34.242.152:0] AH01071: Got error 'Primary script unknown' [Mon Jun 01 11:09:58.678119 2026] [proxy_fcgi:error] [pid 2154299:tid 2154308] [client 189.34.242.152:0] AH01071: Got error 'Primary script unknown' ... show less	Web Spam Blog Spam Web App Attack Bad Web Bot
Anonymous	2026-06-01 08:01:30 (2 weeks ago)		Bad Web Bot Web App Attack
Anonymous	2026-06-01 07:42:59 (2 weeks ago)	Attac	Brute-Force

Showing 1 to 15 of 41 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇷 194.163.152.118

🇮🇳 182.95.102.190

🇮🇳 180.188.253.150

🇺🇸 172.217.36.93

🇹🇭 171.100.121.127

🇦🇺 170.64.163.202

🇺🇸 147.182.173.21

🇵🇱 145.239.82.4

🇰🇷 119.192.204.247

🇷🇴 80.94.92.167

🇧🇷 43.164.195.69

🇨🇦 20.220.147.44

🇳🇱 195.178.110.30

🇩🇪 167.94.146.34

🇪🇸 149.91.97.132

🇸🇬 107.155.56.47

🇿🇦 105.186.125.241

🇳🇱 45.142.193.161

🇸🇳 41.214.24.32

🇰🇷 34.47.123.170