JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 189.39.138.44

189.39.138.44 was found in our database!

This IP was reported 26 times. Confidence of Abuse is 68%: ?

68%

ISP	MICRON LINE SERVICOS DE INFORMATICA LTDA - ME
Usage Type	Fixed Line ISP
ASN	AS28183
Domain Name	micron.com.br
Country	🇧🇷 Brazil
City	Irupi, Espirito Santo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 189.39.138.44

Whois 189.39.138.44

IP Abuse Reports for 189.39.138.44:

This IP address has been reported a total of 26 times from 15 distinct sources. 189.39.138.44 was first reported on June 10th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇮 YF	2026-06-14 00:01:36 (1 week ago)	xmlrpc.php Potential DDoS or brute force	DDoS Attack Brute-Force
🇺🇸 TPI-Abuse	2026-06-13 22:56:24 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 189.39.138.44 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 189.39.138.44 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 18:56:19.775229 2026] [security2:error] [pid 9306:tid 9306] [client 189.39.138.44:5369] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 189.39.138.44 (+1 hits since last alert)\|cloudex.link\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cloudex.link"] [uri "/xmlrpc.php"] [unique_id "ai3gE6r40QM_L0FF74cuAAAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-13 18:06:31 (1 week ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇺🇸 TPI-Abuse	2026-06-13 17:28:41 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 189.39.138.44 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 189.39.138.44 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 13:28:36.585347 2026] [security2:error] [pid 17138:tid 17138] [client 189.39.138.44:29437] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 189.39.138.44 (+1 hits since last alert)\|paleopathologist.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "paleopathologist.com"] [uri "/xmlrpc.php"] [unique_id "ai2TROz5-y47Yfa8JSBzHwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 konseptit	2026-06-13 16:55:41 (1 week ago)	(wordpress) Failed wordpress login from 189.39.138.44 (BR/Brazil/-)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-13 14:29:47 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 189.39.138.44 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 189.39.138.44 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 10:29:43.863631 2026] [security2:error] [pid 8918:tid 8918] [client 189.39.138.44:30132] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 189.39.138.44 (+1 hits since last alert)\|farsipraiseclub.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "farsipraiseclub.com"] [uri "/xmlrpc.php"] [unique_id "ai1pV3zBwp8mfGBueuxaOgAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 cmbplf	2026-06-12 23:35:32 (1 week ago)	4.320 requests with url.path */xmlrpc.php	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-12 23:03:46 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 189.39.138.44 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 189.39.138.44 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 19:03:41.960454 2026] [security2:error] [pid 4986:tid 4986] [client 189.39.138.44:6868] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 189.39.138.44 (+1 hits since last alert)\|michaelthompson.biz\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "michaelthompson.biz"] [uri "/xmlrpc.php"] [unique_id "aiyQTQlrjjhh4CQiDmK2pwAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 18:58:10 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 189.39.138.44 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 189.39.138.44 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 14:58:01.800726 2026] [security2:error] [pid 31736:tid 31736] [client 189.39.138.44:24955] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 189.39.138.44 (+1 hits since last alert)\|kobraagencies.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kobraagencies.com"] [uri "/xmlrpc.php"] [unique_id "aixWudR2T8QEXr307mUKzgAAACo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Dolutech.com	2026-06-12 11:28:55 (1 week ago)	BF Attack WP DolutechAI Detected	Brute-Force
🇩🇪 abdubhai	2026-06-12 00:27:09 (1 week ago)	189.39.138.44 - - [12/Jun/2026:0 ...	Brute-Force
Anonymous	2026-06-11 23:57:14 (1 week ago)		Bad Web Bot Web App Attack
Anonymous	2026-06-11 23:26:31 (1 week ago)	(wordpress) Failed wordpress login from 189.39.138.44 (BR/Brazil/-)	Brute-Force
Anonymous	2026-06-11 22:09:39 (1 week ago)	[redacted] 189.39.138.44 - - [12/Jun/2026:00:08:55 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "W ... show more [redacted] 189.39.138.44 - - [12/Jun/2026:00:08:55 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 189.39.138.44 - - [12/Jun/2026:00:09:05 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.1)" [redacted] 189.39.138.44 - - [12/Jun/2026:00:09:16 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 189.39.138.44 - - [12/Jun/2026:00:09:27 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/13.0; WordPress/6.2; http://site86167122.com" [redacted] 189.39.138.44 - - [12/Jun/2026:00:09:38 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.1; WordPress/6.1; http://site79878874.com" ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 21:56:54 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 189.39.138.44 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 189.39.138.44 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 17:56:47.121161 2026] [security2:error] [pid 19858:tid 19858] [client 189.39.138.44:51526] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 189.39.138.44 (+1 hits since last alert)\|dennisangellismusic.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "dennisangellismusic.com"] [uri "/xmlrpc.php"] [unique_id "aisvHwngkz6AdrPhraUxYAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 26 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇪🇹 196.190.62.24

🇬🇧 178.128.32.203

🇨🇳 124.90.226.238

🇧🇩 103.112.59.254

🇧🇷 92.112.170.111

🇺🇸 64.62.197.224

🇹🇭 49.229.102.187

🇳🇱 45.148.10.152

🇬🇧 45.82.76.101

🇧🇷 205.210.31.178

🇩🇪 154.43.52.73

🇨🇳 106.54.10.68

🇺🇸 74.7.243.247

🇵🇰 39.63.168.236

🇺🇸 23.134.76.12

🇩🇪 8.211.47.19

🇺🇸 2607:f8b0:4004:c07::12e

🇨🇳 222.89.169.98

🇺🇿 213.230.87.46

🇺🇦 195.62.36.59