JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 89.46.223.61

89.46.223.61 was found in our database!

This IP was reported 133 times. Confidence of Abuse is 74%: ?

74%

ISP	Hydra Communications Ltd
Usage Type	Fixed Line ISP
ASN	AS25369
Hostname(s)	61.223.46.89.baremetal.zare.com
Domain Name	zare.com
Country	🇳🇱 Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 89.46.223.61

Whois 89.46.223.61

IP Abuse Reports for 89.46.223.61:

This IP address has been reported a total of 133 times from 67 distinct sources. 89.46.223.61 was first reported on December 8th 2020, and the most recent report was 13 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 LRob.fr	2026-06-19 14:15:04 (13 hours ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
Anonymous	2026-06-18 23:47:53 (1 day ago)	Web probing activity	Hacking Web App Attack
Anonymous	2026-06-18 21:58:55 (1 day ago)	Multiple, malicious web requests detected	Port Scan Hacking
🇺🇸 xmission.com	2026-06-17 06:26:19 (2 days ago)	Blocked by UFW (TCP on 1) Source port: 43598 TTL: 45 Packet length: 60 TOS: 0x08 This report (for 8 ... show more Blocked by UFW (TCP on 1) Source port: 43598 TTL: 45 Packet length: 60 TOS: 0x08 This report (for 89.46.223.61) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇩🇪 LRob.fr	2026-06-16 20:45:06 (3 days ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
🇫🇮 YF	2026-06-15 12:01:20 (4 days ago)	WordPress directory enumeration	Web App Attack
🇫🇷 Baking333	2026-06-15 10:54:32 (4 days ago)	[redacted] 89.46.223.61 - - [15/Jun/2026:11:54:31 +0100] "GET /wp-includes/block-supports/ HTTP/1.1" ... show more [redacted] 89.46.223.61 - - [15/Jun/2026:11:54:31 +0100] "GET /wp-includes/block-supports/ HTTP/1.1" 301 660 0/319 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" [redacted] 89.46.223.61 - - [15/Jun/2026:11:54:31 +0100] "GET /wp-includes/block-supports/ HTTP/1.1" 301 648 0/293 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 08:42:54 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 89.46.223.61 (61.223.46.89.baremetal.zare.com): ... show more (mod_security) mod_security (id:210492) triggered by 89.46.223.61 (61.223.46.89.baremetal.zare.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 04:42:47.646365 2026] [security2:error] [pid 27843:tid 27843] [client 89.46.223.61:55860] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.samanthasomers.com"] [uri "/wp-config.php"] [unique_id "aikjhxjUlohRvJ3hedUFhgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 4server	2026-06-10 08:39:11 (1 week ago)	[WedJun1010:39:09.0411832026][security2:error][pid62083:tid62176][client89.46.223.61:0]ModSecurity:A ... show more [WedJun1010:39:09.0411832026][security2:error][pid62083:tid62176][client89.46.223.61:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"\^/wp-content/$uploads\\|cache\\|backup\\|backups\\|upgrade\\|ai1wm-backups$/.\*\\\\\\\\.ph$p[0-9]\?\\|tml\\|ar$\$\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"317\"][id\"990070\"][msg\"PHPexecutionblockedinstoragedirectory\"][hostname\"ppinvestment.ch\"][uri\"/wp-content/upgrade/about.php\"][unique_id\"aikirQqe5Yl7fZ8MmJAHzAAAAMA\"] show less	Port Scan Brute-Force Web App Attack
🇫🇷 dynamix	2026-06-10 08:34:37 (1 week ago)	Multiple WAF Violations	Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 08:27:21 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 89.46.223.61 (61.223.46.89.baremetal.zare.com): ... show more (mod_security) mod_security (id:210492) triggered by 89.46.223.61 (61.223.46.89.baremetal.zare.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 04:27:13.801154 2026] [security2:error] [pid 5325:tid 5325] [client 89.46.223.61:59214] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.nolenelam.com"] [uri "/wp-config.php"] [unique_id "aikf4StcG5O036jR71E8_wAAACU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 helios.live	2026-06-10 08:24:20 (1 week ago)	2026/06/10 08:24:19 [error] 3966165#3966165: 372944 FastCGI sent in stderr: "Primary script unknown ... show more 2026/06/10 08:24:19 [error] 3966165#3966165: 372944 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 89.46.223.61, server: kocerroxy.com, request: "GET /wp-load.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php8.4-fpm-betakocerroxycom.sock:", host: "app.kocerroxy.com" 89.46.223.61 - - [10/Jun/2026:08:24:19 +0000] "GET /wp-load.php HTTP/1.1" 404 47 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 2026/06/10 08:24:20 [error] 3966165#3966165: *372944 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 89.46.223.61, server: kocerroxy.com, request: "GET /wp-content/themes/pridmag/db.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php8.4-fpm-betakocerroxycom.sock:", host: "app.kocerroxy.com" 89.46.223.61 - - [10/Jun/2026:08:24:20 +0000] "GET /wp-content/themes/pridmag/db.php HTTP/1.1" 404 47 "-" "Mozilla/5.0 ... show less	Web App Attack
🇱🇻 garmtech.com	2026-06-10 08:23:01 (1 week ago)	IM360 WAF: Block access to the shell MV:/wp-content/themes/seotheme/mar.php	Hacking
🇮🇹 VHosting	2026-06-10 08:15:04 (1 week ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 08:10:43 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 89.46.223.61 (61.223.46.89.baremetal.zare.com): ... show more (mod_security) mod_security (id:210492) triggered by 89.46.223.61 (61.223.46.89.baremetal.zare.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 04:10:38.042398 2026] [security2:error] [pid 2913:tid 2913] [client 89.46.223.61:57772] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.hydrogenplus.net"] [uri "/wp-config.php"] [unique_id "aikb_tvo1xrlXhnpGr229gAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 133 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2607:f8b0:4003:c07::121

🇺🇸 216.25.89.74

🇳🇱 195.178.110.30

🇧🇷 189.50.142.78

🇮🇩 163.7.3.154

🇷🇸 95.180.94.239

🇫🇷 85.217.140.52

🇺🇸 65.111.9.33

🇻🇪 200.82.188.129

🇳🇱 185.93.89.132

🇨🇳 116.228.233.93

🇨🇳 116.147.40.93

🇬🇧 94.2.214.89

🇫🇷 90.3.206.159

🇨🇦 85.217.149.26

🇨🇦 85.217.149.19

🇨🇦 85.217.149.1

🇬🇧 80.176.98.44

🇳🇱 45.148.10.152

🇺🇸 34.16.243.85