JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 89.42.136.2

89.42.136.2 was found in our database!

This IP was reported 39 times. Confidence of Abuse is 82%: ?

82%

ISP	Sepehr Ava Data Processing Company (LTD)
Usage Type	University/College/School
ASN	AS48147
Domain Name	aminidc.com
Country	🇮🇷 Iran (Islamic Republic of)
City	Tehran, Tehran

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 89.42.136.2

Whois 89.42.136.2

IP Abuse Reports for 89.42.136.2:

This IP address has been reported a total of 39 times from 17 distinct sources. 89.42.136.2 was first reported on May 20th 2026, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 nationaleventpros.com	2026-06-18 18:29:14 (1 hour ago)	WordPress login attempt	Brute-Force
🇺🇸 TPI-Abuse	2026-06-18 16:53:37 (2 hours ago)	(mod_security) mod_security (id:225170) triggered by 89.42.136.2 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:225170) triggered by 89.42.136.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 12:53:28.858820 2026] [security2:error] [pid 6058:tid 6058] [client 89.42.136.2:58990] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|gilgoinn.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "gilgoinn.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "ajQiiAL5YAXfbiwPudkCSgAAACE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 12:56:59 (6 hours ago)	(mod_security) mod_security (id:225170) triggered by 89.42.136.2 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:225170) triggered by 89.42.136.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 08:56:52.046545 2026] [security2:error] [pid 8853:tid 8853] [client 89.42.136.2:54924] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|kompareiq.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "kompareiq.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "ajPrFC19Rd94vtlUrLRvWwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇿 huginet	2026-06-18 09:31:06 (10 hours ago)	89.42.136.2 - - [18/Jun/2026:11:31:00 +0200] "GET /wp-login.php HTTP/1.1" 200 9112 "-" "Mozilla/5.0 ... show more 89.42.136.2 - - [18/Jun/2026:11:31:00 +0200] "GET /wp-login.php HTTP/1.1" 200 9112 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15" 89.42.136.2 - - [18/Jun/2026:11:31:06 +0200] "POST /wp-login.php HTTP/1.1" 200 9549 "https://centrum-eko-likvidace.org/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15" ... show less	Web Spam Blog Spam Hacking Bad Web Bot Web App Attack
🇺🇸 xxkodedxx	2026-06-17 20:04:50 (23 hours ago)	[Zorvexus edge-defense] GET .env / WordPress honeypot probe Trigger: 1× honeypot-get in 10m window. ... show more [Zorvexus edge-defense] GET .env / WordPress honeypot probe Trigger: 1× honeypot-get in 10m window. Active: 20:04:01→20:04:02 UTC Volume: 2 honeypot probe(s) Bait taken: /wp-login.php UA: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" Auto-banned 30d. zorvexus-banner. show less	Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-17 13:26:57 (1 day ago)	(modsec_5040) ModSec 5040: API Basic Auth blocked from 89.42.136.2 (IR/Iran/-): 1 in the last 3600 s ... show more (modsec_5040) ModSec 5040: API Basic Auth blocked from 89.42.136.2 (IR/Iran/-): 1 in the last 3600 secs (0-196) show less	Hacking
🇺🇸 TPI-Abuse	2026-06-16 23:16:23 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 89.42.136.2 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:225170) triggered by 89.42.136.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 19:16:18.773104 2026] [security2:error] [pid 18318:tid 18318] [client 89.42.136.2:46316] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|yerevanpress.am\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "yerevanpress.am"] [uri "/wp-json/wp/v2/users/me"] [unique_id "ajHZQg8YjuZRd6odrMktpgAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 polycoda	2026-06-16 17:43:55 (2 days ago)	📄 Probes for wp-login.php and other inexistent URLs	Hacking Web App Attack
🇲🇽 octageeks.com	2026-06-16 04:19:36 (2 days ago)	Wordpress malicious attack:[octaflood]	Web App Attack
🇺🇸 cwytech	2026-06-16 01:17:58 (2 days ago)	Fleet-wide ban from the Ghostfleet 👻. Triggered by scenario: cwy/wordpress-login-lockdown-high.	Bad Web Bot Web App Attack
🇫🇷 ELYAZ	2026-06-15 18:58:33 (3 days ago)	(y4) Failed scan -byebye- from 89.42.136.2 (IR/Iran/-): (CF_ENABLE)	Hacking
🇲🇽 octageeks.com	2026-06-09 04:09:17 (1 week ago)	Wordpress malicious attack:[octaflood]	Web App Attack
🇺🇸 lostswordfish.com	2026-06-08 15:08:05 (1 week ago)	Wordfence waf block on parsol	Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 23:32:22 (1 week ago)	(mod_security) mod_security (id:225170) triggered by 89.42.136.2 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:225170) triggered by 89.42.136.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 19:32:14.869342 2026] [security2:error] [pid 31139:tid 31154] [client 89.42.136.2:0] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|mindgardens.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mindgardens.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "aiX_fkFiBiO9Pz-9usI0BAAAAIY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 19:37:06 (1 week ago)	(mod_security) mod_security (id:225170) triggered by 89.42.136.2 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:225170) triggered by 89.42.136.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 15:36:56.977958 2026] [security2:error] [pid 827:tid 827] [client 89.42.136.2:44020] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|wild-goose.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "wild-goose.net"] [uri "/wp-json/wp/v2/users/me"] [unique_id "aiXIWOKXWafmSTiaavdcGwAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 39 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 66.132.172.141

🇬🇧 35.203.211.97

🇺🇸 12.79.116.210

🇳🇱 176.65.139.102

🇹🇷 131.222.231.162

🇫🇷 91.196.152.185

🇺🇸 44.203.212.47

🇺🇸 18.221.109.109

🇬🇧 2a06:4880:8000::96

🇺🇸 162.216.150.118

🇻🇳 113.161.92.127

🇳🇱 91.92.42.61

🇳🇱 91.92.40.10

🇺🇸 52.180.146.145

🇳🇱 45.198.224.115

🇮🇩 180.252.131.48

🇸🇪 171.25.158.74

🇪🇬 156.208.162.5

🇨🇳 116.133.85.140

🇰🇷 112.216.108.62