JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 195.201.89.239

195.201.89.239 was found in our database!

This IP was reported 70 times. Confidence of Abuse is 78%: ?

78%

ISP	Hetzner Online GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS24940
Hostname(s)	enterprise.zwopunkt0.de
Domain Name	hetzner.com
Country	🇩🇪 Germany
City	Nuremberg, Bavaria

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 195.201.89.239

Whois 195.201.89.239

IP Abuse Reports for 195.201.89.239:

This IP address has been reported a total of 70 times from 30 distinct sources. 195.201.89.239 was first reported on April 2nd 2026, and the most recent report was 6 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 netclix.gr	2026-06-21 07:13:55 (6 hours ago)	(wordpress) Failed wordpress login from 195.201.89.239 (DE/Germany/enterprise.zwopunkt0.de): (CF_EN ... show more (wordpress) Failed wordpress login from 195.201.89.239 (DE/Germany/enterprise.zwopunkt0.de): (CF_ENABLE) show less	Brute-Force
Anonymous	2026-06-19 18:08:40 (1 day ago)	Attac	Brute-Force
🇺🇸 TPI-Abuse	2026-06-19 10:00:25 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 195.201.89.239 (enterprise.zwopunkt0.de): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 195.201.89.239 (enterprise.zwopunkt0.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 06:00:19.741447 2026] [security2:error] [pid 3889:tid 3889] [client 195.201.89.239:54056] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.thingstodonude.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.thingstodonude.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajUTMxu4gognhLyDHBc9uwAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 debestelapp	2026-06-19 03:20:04 (2 days ago)		Exploited Host
🇺🇸 TPI-Abuse	2026-06-18 23:25:48 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 195.201.89.239 (enterprise.zwopunkt0.de): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 195.201.89.239 (enterprise.zwopunkt0.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 19:25:44.944765 2026] [security2:error] [pid 23118:tid 23118] [client 195.201.89.239:52342] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.justicehoward.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.justicehoward.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajR-eG5aNbkJUfKvZMy5kAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-18 04:14:15 (3 days ago)	Fail2ban filtered ...	Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 03:01:22 (3 days ago)	(mod_security) mod_security (id:225170) triggered by 195.201.89.239 (enterprise.zwopunkt0.de): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 195.201.89.239 (enterprise.zwopunkt0.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 23:01:17.704081 2026] [security2:error] [pid 7270:tid 7270] [client 195.201.89.239:36484] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.speedysremodeling.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.speedysremodeling.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajNfffcT3bJ1O4LGAL2k-QAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 04:45:53 (4 days ago)	(mod_security) mod_security (id:225170) triggered by 195.201.89.239 (enterprise.zwopunkt0.de): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 195.201.89.239 (enterprise.zwopunkt0.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 00:45:49.679322 2026] [security2:error] [pid 13186:tid 13186] [client 195.201.89.239:33848] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.earthtwoworkshop.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.earthtwoworkshop.com"] [uri "/wp/wp-json/wp/v2/users"] [unique_id "ajImfUqo1QON2sugBM5HuwAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 08:22:08 (5 days ago)	(mod_security) mod_security (id:225170) triggered by 195.201.89.239 (enterprise.zwopunkt0.de): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 195.201.89.239 (enterprise.zwopunkt0.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 04:22:01.061168 2026] [security2:error] [pid 15811:tid 15811] [client 195.201.89.239:35896] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|honigcpa.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "honigcpa.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajEHqdswjRaO2EvOujfegwAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 16:50:24 (5 days ago)	(mod_security) mod_security (id:225170) triggered by 195.201.89.239 (enterprise.zwopunkt0.de): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 195.201.89.239 (enterprise.zwopunkt0.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 12:50:17.568868 2026] [security2:error] [pid 28663:tid 28663] [client 195.201.89.239:49954] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.doctoredwinalvarez.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.doctoredwinalvarez.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajAtSdljcARsOEtYU6Hp9AAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-15 13:33:13 (6 days ago)	Attac	Brute-Force
Anonymous	2026-06-15 04:24:12 (6 days ago)	[redacted] 195.201.89.239 - - [15/Jun/2026:06:24:07 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" " ... show more [redacted] 195.201.89.239 - - [15/Jun/2026:06:24:07 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0" [redacted] 195.201.89.239 - - [15/Jun/2026:06:24:07 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0" [redacted] 195.201.89.239 - - [15/Jun/2026:06:24:07 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0" [redacted] 195.201.89.239 - - [15/Jun/2026:06:24:08 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0" [redacted] 195.201.89.239 - - [15/Jun/2026:06:24:08 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0" [redacted] 195.201.89.239 - - [15/Jun/2026:06:24:09 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Mozilla/5.0 ( ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 00:49:13 (6 days ago)	(mod_security) mod_security (id:225170) triggered by 195.201.89.239 (enterprise.zwopunkt0.de): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 195.201.89.239 (enterprise.zwopunkt0.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 20:49:08.348594 2026] [security2:error] [pid 25331:tid 25331] [client 195.201.89.239:59506] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.raintechgutters.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.raintechgutters.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ai9MBCB47xiQmakvyczlCAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-13 16:28:04 (1 week ago)	WordPress wp-login.php Brute Force Attack	Brute-Force Web App Attack
🇫🇷 dynamix	2026-06-13 12:57:49 (1 week ago)	Multiple WAF Violations	Web App Attack

Showing 1 to 15 of 70 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇷 62.171.169.75

🇦🇷 190.220.172.154

🇿🇦 147.136.66.84

🇭🇰 103.243.24.124

🇺🇸 98.92.203.33

🇺🇦 46.149.191.249

🇬🇧 35.203.211.238

🇭🇰 199.45.155.81

🇺🇸 185.223.152.201

🇮🇩 163.7.6.41

🇺🇸 162.216.150.237

🇺🇸 162.216.150.188

🇺🇸 161.35.188.231

🇫🇷 142.111.3.252

🇨🇳 139.170.72.149

🇳🇱 88.151.34.218

🇧🇬 78.128.113.46

🇨🇳 49.87.119.58

🇺🇸 45.156.129.153

🇳🇱 45.148.10.152