JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 189.50.197.85

189.50.197.85 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 83%: ?

83%

ISP	ATIVA TELECOM LTDA
Usage Type	Fixed Line ISP
ASN	AS268188
Domain Name	ativatelecom.net.br
Country	🇧🇷 Brazil
City	Belo Horizonte, Minas Gerais

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 189.50.197.85

Whois 189.50.197.85

IP Abuse Reports for 189.50.197.85:

This IP address has been reported a total of 21 times from 15 distinct sources. 189.50.197.85 was first reported on June 24th 2026, and the most recent report was 20 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 alferez	2026-06-29 01:46:18 (20 hours ago)	xmlrpc.php attack DOS	Hacking Exploited Host Web App Attack
🇳🇱 Site.eu	2026-06-28 23:23:42 (23 hours ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
Anonymous	2026-06-28 19:26:10 (1 day ago)	[server.tmg.gr] httpd-xmlrpc-post: sites=amli2018.com; logs=/var/log/httpd/domains/amli2018.com.log; ... show more [server.tmg.gr] httpd-xmlrpc-post: sites=amli2018.com; logs=/var/log/httpd/domains/amli2018.com.log; samples=/xmlrpc.php show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 16:41:02 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 189.50.197.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 189.50.197.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 12:40:54.011861 2026] [security2:error] [pid 6448:tid 6448] [client 189.50.197.85:62019] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 189.50.197.85 (+1 hits since last alert)\|mavikalem.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mavikalem.org"] [uri "/xmlrpc.php"] [unique_id "akFOlgC9MTSvD3fExWvLPQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 16:09:04 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 189.50.197.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 189.50.197.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 12:08:57.561667 2026] [security2:error] [pid 3950:tid 3950] [client 189.50.197.85:60786] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 189.50.197.85 (+1 hits since last alert)\|eftekharschool.ir\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "eftekharschool.ir"] [uri "/xmlrpc.php"] [unique_id "akFHGWztTD2bfREOAs0u0gAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-28 16:06:41 (1 day ago)	[redacted] 189.50.197.85 - - [28/Jun/2026:18:05:58 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "J ... show more [redacted] 189.50.197.85 - - [28/Jun/2026:18:05:58 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.5; WordPress/6.3; http://site76928445.com" [redacted] 189.50.197.85 - - [28/Jun/2026:18:06:08 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.3)" [redacted] 189.50.197.85 - - [28/Jun/2026:18:06:19 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/13.0; WordPress/6.3; http://site45373062.com" [redacted] 189.50.197.85 - - [28/Jun/2026:18:06:29 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 189.50.197.85 - - [28/Jun/2026:18:06:40 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 15:39:22 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 189.50.197.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 189.50.197.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 11:39:16.155258 2026] [security2:error] [pid 21490:tid 21490] [client 189.50.197.85:0] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 189.50.197.85 (+1 hits since last alert)\|upskirtcrazy.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "upskirtcrazy.com"] [uri "/xmlrpc.php"] [unique_id "akFAJBPUyqS1AjP33iBQAwAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-27 18:43:59 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 189.50.197.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 189.50.197.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 14:43:52.343824 2026] [security2:error] [pid 23553:tid 23553] [client 189.50.197.85:61822] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 189.50.197.85 (+1 hits since last alert)\|abeltours.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "abeltours.com"] [uri "/xmlrpc.php"] [unique_id "akAZ6Ax0b9ppHIbcTHhsDQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-27 18:38:10 (2 days ago)	Attac	Brute-Force
🇦🇺 screwlooseit.com.au	2026-06-27 15:11:44 (2 days ago)	Blocked by CSF 13 firewall - Rule: XMLRPC BR/Brazil/-	Web App Attack
🇧🇪 cmbplf	2026-06-27 00:37:00 (2 days ago)	3.343 requests with url.path */xmlrpc.php	Brute-Force Bad Web Bot
🇺🇸 cwytech	2026-06-26 23:40:59 (2 days ago)	Fleet-wide ban from the Ghostfleet 👻. Triggered by scenario: cwy/wp-us-login-only-high.	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 19:32:52 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 189.50.197.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 189.50.197.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 15:32:45.927106 2026] [security2:error] [pid 29025:tid 29049] [client 189.50.197.85:61415] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 189.50.197.85 (+1 hits since last alert)\|rawhabitat.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rawhabitat.com"] [uri "/xmlrpc.php"] [unique_id "aj7T3Tejv3gMJA7kSFSvZQAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-26 19:31:06 (3 days ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack
🇩🇪 pscriptos	2026-06-26 15:12:08 (3 days ago)	{"ClientAddr":"189.50.197.85:55565","ClientHost":"189.50.197.85","ClientPort":"55565","ClientUsernam ... show more {"ClientAddr":"189.50.197.85:55565","ClientHost":"189.50.197.85","ClientPort":"55565","ClientUsername":"-","DownstreamContentSize":418,"DownstreamStatus":403,"Duration":407983400,"OriginContentSize":418,"OriginDuration":404743949,"OriginStatus":403,"Overhead":3239451,"RequestAddr":"www.cleveradmin.de","RequestContentSize":719,"RequestCount":1516319,"RequestHost":"www.cleveradmin.de","RequestMethod":"POST","RequestPath":"/xmlrpc.php","RequestPort":"-","RequestProtocol":"HTTP/1.1","RequestScheme":"https","RetryAttempts":0,"RouterName":"cleveradmin-www-websecure@file","ServiceAddr":"172.16.80.10:80","ServiceName":"cleveradmin-www@file","ServiceURL":"http://172.16.80.10:80","StartLocal":"2026-06-26T17:11:47.331346202+02:00","StartUTC":"2026-06-26T15:11:47.331346202Z","TLSCipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLSVersion":"1.2","entryPointName":"websecure","level":"info","msg":"","time":"2026-06-26T17:11:47+02:00"} {"ClientAddr":"189.50.197.85:55565","ClientHost":"189.50.197.85"," ... show less	Brute-Force Web App Attack

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 195.206.182.207

🇦🇷 181.1.175.80

🇵🇱 178.219.102.18

🇲🇽 177.241.234.59

🇺🇸 108.165.146.11

🇨🇳 106.117.111.142

🇨🇳 106.117.109.100

🇨🇳 106.117.107.211

🇩🇪 104.207.51.106

🇺🇸 103.196.9.146

🇫🇷 91.231.89.161

🇳🇱 68.66.251.43

🇮🇩 43.157.243.191

🇧🇷 191.36.154.175

🇮🇩 180.252.255.109

🇲🇾 180.75.235.57

🇲🇾 180.73.10.160

🇫🇮 147.185.133.245

🇮🇳 125.22.249.36

🇲🇦 105.158.141.249