JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 41.89.99.5

41.89.99.5 was found in our database!

This IP was reported 82 times. Confidence of Abuse is 31%: ?

31%

ISP	Kabarak University Main campus
Usage Type	University/College/School
ASN	AS36914
Domain Name	kenet.or.ke
Country	🇰🇪 Kenya
City	Kampi Ya Moto, Nakuru County

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 41.89.99.5

Whois 41.89.99.5

IP Abuse Reports for 41.89.99.5:

This IP address has been reported a total of 82 times from 29 distinct sources. 41.89.99.5 was first reported on April 23rd 2022, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇷 Penguinehis	2026-06-27 12:52:35 (2 days ago)	SSH honeypot detected unauthorized SSH activity against a decoy SSH service.	Brute-Force SSH
🇩🇪 Vegascosmetics	2026-06-26 15:48:17 (3 days ago)	(Kingcopy.org-AI-IDS-Report):IP automatically blocked after obfuscated redirect. Vegas Security	DDoS Attack Hacking Exploited Host
🇨🇭 Origon	2026-06-24 10:11:00 (5 days ago)	NOQUEUE - IP: 41.89.99.5 - Jun 24 12:11:00 plesk postfix/smtpd[997003]: NOQUEUE: reject: RCPT from ... show more NOQUEUE - IP: 41.89.99.5 - Jun 24 12:11:00 plesk postfix/smtpd[997003]: NOQUEUE: reject: RCPT from unknown[41.89.99.5]: 554 5.7.1 Service unavailable; Client host [41.89.99.5] blocked using dnsbl-1.uceprotect.net; IP 41.89.99.5 is UCEPROTECT-Level 1 listed. See http://www.uceprotect.net/rblcheck.php?ipr=41.89.99.5; from=<REDACTED@REDACTED> to=<REDACTED@REDACTED> proto=ESMTP helo=<[41.89.99.5]> show less	Email Spam
🇵🇹 rnl	2026-06-17 07:00:28 (1 week ago)	postfix (unknown user, SPF fail or relay access denied)	Brute-Force
🇵🇹 rnl	2026-05-18 10:03:33 (1 month ago)	postfix	Brute-Force Email Spam
🇳🇿 Tripwire	2026-04-30 18:38:39 (1 month ago)	Probing for Wordpress - /xmlrpc.php	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-04-30 12:44:55 (1 month ago)	(mod_security) mod_security (id:225170) triggered by 41.89.99.5 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:225170) triggered by 41.89.99.5 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 30 08:44:50.139189 2026] [security2:error] [pid 23005:tid 23005] [client 41.89.99.5:53017] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|kmelson.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "kmelson.com"] [uri "/wp-json/wp/v2/users"] [unique_id "afNOwkd5DqBX02jZFmDN_wAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇩 Burayot	2026-04-29 18:16:13 (1 month ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 41.89.99.5 (KE/Kenya/-): 1 in the l ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 41.89.99.5 (KE/Kenya/-): 1 in the last 3600 secs show less	Web App Attack
Anonymous	2025-11-24 18:57:41 (7 months ago)	scanning http requests from known botnet	Web App Attack
🇳🇱 exxos	2025-08-28 22:03:01 (10 months ago)	Attacks with Bad user agents	Hacking
🇳🇱 exxos	2025-08-05 01:10:01 (10 months ago)	HTTP1.x attacks	DDoS Attack
🇵🇹 rnl	2025-05-27 07:39:38 (1 year ago)	postfix (unknown user, SPF fail or relay access denied)	Brute-Force
🇵🇹 rnl	2025-05-26 06:21:08 (1 year ago)	postfix (unknown user, SPF fail or relay access denied)	Brute-Force
🇨🇿 interconnect.cz	2025-05-20 09:08:56 (1 year ago)	[20/May/2025 11:08:55] IP address 41.89.99.5 found in DNS blacklist SpamHaus SBL-XBL, mail from <flo ... show more [20/May/2025 11:08:55] IP address 41.89.99.5 found in DNS blacklist SpamHaus SBL-XBL, mail from <[email protected]> to <[email protected]> [20/May/2025 11:08:55] IP address 41.89.99.5 found in DNS blacklist SpamHaus SBL-XBL, mail from <[email protected]> to <[email protected]> [20/May/2025 11:08:55] Attempt to deliver to unknown recipient <[email protected]>, from <[email protected]>, IP address 41.89.99.5 ... show less	Email Spam Brute-Force
🇳🇱 Linuxmalwarehuntingnl	2024-07-03 07:00:02 (1 year ago)	Unauthorized connection attempt	Brute-Force

Showing 1 to 15 of 82 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 118.81.205.233

🇫🇷 85.217.140.34

🇩🇪 69.5.169.173

🇩🇪 69.5.169.86

🇰🇷 59.12.160.91

🇵🇰 45.115.85.93

🇷🇺 45.91.64.6

🇺🇸 34.117.13.33

🇺🇸 20.221.68.159

🇨🇳 220.181.51.92

🇧🇷 205.210.31.208

🇲🇾 180.75.116.159

🇩🇪 172.71.172.54

🇺🇸 154.58.229.20

🇺🇸 118.26.109.7

🇺🇸 100.50.17.159

🇫🇷 91.196.152.37

🇳🇱 45.148.10.240

🇳🇱 45.148.10.151

🇮🇳 20.197.27.109