IP Address

212.89.15.132

IPv4 Public
ES ES
AS12946
R Cable y Telecable Telecomunicaciones, S.A.U.
237 Reports
This IP is on the Blacklist High confidence threat - blocking recommended
8/10 Threat
99% Confidence
237 Reports

Threat Intelligence Analysis

AI-generated security assessment based on aggregated threat data

Above Average Risk
ES
ES Location
R Cable y Telecable Telec... ASN 12946
237 Reports
Mixed Data Source

Notable Threat

IP 212.89.15.132, registered in Spain and operated by R Cable y Telecable Telecomunicaciones, S.A.U. under ASN AS12946, is a high-risk address with a threat level of 8/10 and 99% confidence based on 237 total abuse reports. The dominant activity involves automated attacks against WordPress installations, including XML-RPC brute force, login brute force, and system file probing, alongside credential stuffing attempts using common administrative credentials and reconnaissance port scanning. The concentration of reports within April 2026 and the one-in-ten activity frequency signal persistent, targeted exploitation rather than opportunistic scanning.

The detection data draws from 18 automated honeypot sensors and 2 community reports spanning the same reporting period, providing substantial corroboration. The IP exhibits a clear attack pattern: reconnaissance via port scanning and WordPress system file probes, followed by credential stuffing and brute force attempts against administrative endpoints and XML-RPC interfaces. Observed behaviors include the use of very old browser user agents, which is a known evasion technique, and systematic probing of WordPress paths. With 60 combined reports in the two most prevalent categories alone, the volume and consistency of malicious activity are significant.

The WordPress XML-RPC and login brute force activity poses a concrete risk to exposed sites because XML-RPC allows attackers to conduct authentication attempts with minimal request overhead, bypassing rate limits that might otherwise throttle direct login attempts. When combined with credential stuffing using common credential pairs, this approach dramatically increases the likelihood of unauthorized administrative access. Port scanning further indicates that the IP is performing infrastructure reconnaissance to identify additional attack surfaces. Organizations running WordPress deployments face the highest exposure, particularly if they have not disabled XML-RPC, enforced strong unique passwords, or implemented two-factor authentication on admin accounts.

Site operators should take the following defensive steps: disable or restrict access to XML-RPC if not required, or use a web application firewall to limit XML-RPC authentication calls; implement rate limiting and account lockout policies to mitigate brute force attempts; enforce strong, unique passwords and enable two-factor authentication for all administrative accounts; and monitor logs for the user agent patterns and scanning behavior associated with this IP. Blocking or challenging traffic from this address at the firewall level is also advisable given the persistent nature of the observed activity.

More threatening than 82% of monitored IPs

Threat Categories

Hacking 22
Port Scan 15
WP XML-RPC Brute Force 15
WP Login Brute Force 12
Brute-Force 7
Bad Web Bot 3

Technical Details

General hacking activity includes various intrusion attempts, exploitation of vulnerabilities, and unauthorized access attempts.

Recommended Mitigations

Keep systems patched, implement intrusion detection, and follow security best practices.

High-Risk Network Association

This IP belongs to a network (ASN 12946) with elevated threat levels. The ISP R Cable y Telecable Telecomunicaciones, S.A.U. hosts multiple reported malicious addresses, suggesting systemic security issues or permissive policies.

Network-wide patterns may indicate this is part of a larger malicious infrastructure.

Security Recommendations

Continue monitoring for emerging patterns.

This analysis is automatically generated from aggregated, anonymized threat intelligence data. No personal information is displayed or stored. Assessment accuracy depends on available data volume and diversity.

Reputation Summary

Threat Level 8/10 High
Critical
Activity Frequency 1/10 Very Low
Confidence Score 78% Verified

Confidence History

16. Apr 2026 - 24. Apr 2026
99% Current
Stable Trend

The confidence score shows the reliability of the threat assessment based on the number and quality of reports.

Security Reports (30)

Date Categories Source Confidence
Hacking Brute-Force WP Login Brute Force Honeypot 75%
Port Scan Hacking WP XML-RPC Brute Force Honeypot 75%
Hacking DDoS Attack Community 75%
Brute-Force Community 75%
Port Scan Hacking WP XML-RPC Brute Force Honeypot 75%
Port Scan Hacking WP XML-RPC Brute Force Honeypot 75%
Port Scan WP XML-RPC Brute Force Honeypot 75%
Hacking Brute-Force WP Login Brute Force Honeypot 75%
Port Scan Hacking WP XML-RPC Brute Force Honeypot 75%
Port Scan Hacking WP XML-RPC Brute Force Honeypot 75%
Port Scan Hacking WP XML-RPC Brute Force Honeypot 75%
Port Scan Hacking WP XML-RPC Brute Force Honeypot 75%
Hacking Brute-Force WP Login Brute Force Honeypot 75%
Port Scan Hacking WP XML-RPC Brute Force Honeypot 75%
Port Scan Hacking WP XML-RPC Brute Force Honeypot 75%
Port Scan Hacking Bad Web Bot +2 Honeypot 75%
Hacking Brute-Force WP Login Brute Force Honeypot 75%
Port Scan Hacking WP XML-RPC Brute Force Honeypot 75%
Hacking Brute-Force WP Login Brute Force Honeypot 75%
Port Scan Hacking Bad Web Bot +2 Honeypot 75%
Port Scan Hacking Bad Web Bot +2 Honeypot 75%
Hacking DDoS Attack Community 75%
Port Scan Hacking WP XML-RPC Brute Force Honeypot 75%
WP Login Brute Force Honeypot 75%
WP Login Brute Force Honeypot 75%
WP Login Brute Force Hacking Brute-Force Honeypot x2 75%
WP Login Brute Force Honeypot 75%
WP Login Brute Force Honeypot 75%
WP Login Brute Force Honeypot 75%
WP Login Brute Force Honeypot 75%
10 of 237 shown

Technical Details

Basic Information

IP Address
212.89.15.132
IP Version
IPv4
Network Type
Public
Tor Network
No
Network Class
Class C

Geolocation

Country
ES ES
ASN
AS12946
ISP
R Cable y Telecable Telecomunicaciones, S.A.U.

DNS Information

Reverse DNS
ns4.llooltec.net
PTR Record
Yes
Connection Type
Static

Statistics

Total Reports
237
First Reported
3 Apr 2026
Last Reported
24 Apr 2026, 18:10

Network Reputation

Analysis of the entire network (ASN) that this IP address belongs to, providing context about the hosting provider and network-wide threat patterns.

Network Identity

AS12946
R Cable y Telecable Telecomunicaciones, S.A.U.
ES ES

Network Threat Assessment

9/10
This network has a high threat level with significant malicious activity reported across multiple IPs.

Network Statistics

2
Total IPs Monitored
389
Total Reports
194.5
Reports per IP

Network Context

This IP address belongs to R Cable y Telecable Telecomunicaciones, S.A.U. (AS12946), which manages 2 IP addresses in our monitoring system. Out of these, 389 have been reported for suspicious activities, resulting in a network-wide threat level of 9/10.

Network warning: This network has elevated threat levels. Exercise caution when interacting with IPs from this ASN.

Comparative Analysis

How this IP compares to others in our threat intelligence database

82 %

Global Threat Ranking

This IP is more threatening than 82% of all IPs in our database.

High Threat Percentile

Global Comparison

Compared against 199,347 reported IPs worldwide

Threat Level 8/10 avg: 5.3 ++
Total Reports 237 avg: 23 ++

Network Comparison

Compared against 3 IPs in ASN 12946

Threat Level 8/10 network avg: 8.3 =
Total Reports 237 network avg: 131 ++
Network R Cable y Telecable Telecomunicaciones, S.A.U. has overall threat level 9/10

Geographic Comparison

Compared against 660 IPs in ES

Threat Level 8/10 country avg: 5.3 ++
Total Reports 237 country avg: 15 ++
Indicators:
++ Much Higher + Higher = Similar - Lower -- Much Lower

Geographic Threat Distribution

187,017 threat incidents tracked globally • Last 24h: 18,967 Logs

FEED

Top Threat Sources

  1. 01
    US
    United States US
    38,426 20.5%
  2. 02
    IN
    India IN
    28,977 15.5%
  3. 03
    CN
    China CN
    26,016 13.9%
  4. 04
    BR
    Brazil BR
    10,249 5.5%
  5. 05
    DE
    Germany DE
    7,139 3.8%
  6. 06
    SG
    Singapore SG
    6,475 3.5%
  7. 07
    ID
    Indonesia ID
    5,533 3%
  8. 08
    RU
    Russia RU
    4,701 2.5%
  9. 09
    PK
    Pakistan PK
    4,647 2.5%
  10. 10
    NL
    Netherlands NL
    4,355 2.3%

+40 more countries

THREAT LEVEL
LOW MED HIGH

Geographic data is aggregated and anonymized. No personal information displayed.

Map: simplemaps.com (MIT License)

Related IPs

Other IPs associated with this address through network or behavioral similarity

IPs from the same Autonomous System (AS) network provider.

2 Related IPs
8.5/10 Avg Threat
51% Avg Confidence
2 High Threat
High-risk network: Majority of related IPs are flagged
212.89.27.205 10/10
Confidence 59%
Reports 152
Location ES ES
20 Aug 2025
85.152.57.60 7/10
Confidence 43%
Reports 4
Location ES ES
29 May 2026

IPs from the same country with similar threat profiles.

15 Related IPs
9.3/10 Avg Threat
99% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
31.24.155.180 8/10
Confidence 100%
Reports 140
ISP Axarnet Comunic...
8 Jun 2026
82.223.24.195 8/10
Confidence 100%
Reports 117
ISP IONOS SE
5 Jun 2026
158.179.210.22 10/10
Confidence 100%
Reports 87
ISP ORACLE-BMC-31898
5 Jun 2026
31.24.44.107 8/10
Confidence 100%
Reports 85
ISP Axarnet Comunic...
8 Jun 2026
84.246.215.129 10/10
Confidence 100%
Reports 38
ISP Axarnet Comunic...
9 Jun 2026
82.165.2.98 8/10
Confidence 100%
Reports 26
ISP IONOS SE
9 Jun 2026
185.167.90.252 10/10
Confidence 100%
Reports 25
ISP Dimatica Servic...
9 Jun 2026
217.76.158.60 10/10
Confidence 100%
Reports 23
ISP IONOS SE
5 Jun 2026
81.60.209.168 10/10
Confidence 99%
Reports 101
ISP Vodafone Spain
8 Jun 2026
46.24.47.94 10/10
Confidence 99%
Reports 74
ISP Vodafone Spain
2 Jun 2026
77.74.229.158 8/10
Confidence 99%
Reports 60
ISP Istqrar for Ser...
2 Mar 2026
217.160.226.51 10/10
Confidence 99%
Reports 37
ISP IONOS SE
8 Jun 2026
94.143.141.37 10/10
Confidence 99%
Reports 29
ISP IONOS SE
10 May 2026
185.9.193.111 10/10
Confidence 98%
Reports 33
ISP Nunsys SA
26 May 2026
79.116.52.1 10/10
Confidence 98%
Reports 26
ISP Digi Spain Tele...
2 Jun 2026

IPs with similar threat level and confidence scores.

15 Related IPs
8.8/10 Avg Threat
99% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
103.61.123.221 8/10
Confidence 99%
Reports 337
Location VN VN
23 Feb 2026
103.8.59.250 10/10
Confidence 99%
Reports 206
Location ID ID
7 Jun 2026
77.90.185.37 8/10
Confidence 99%
Reports 202
Location DE DE
9 Jun 2026
103.216.117.42 8/10
Confidence 99%
Reports 191
Location VN VN
11 May 2026
121.200.217.27 8/10
Confidence 99%
Reports 169
Location VN VN
12 May 2026
103.213.127.100 8/10
Confidence 99%
Reports 158
Location NP NP
2 Mar 2026
220.71.199.64 10/10
Confidence 99%
Reports 155
Location KR KR
7 Jun 2026
87.121.84.81 8/10
Confidence 99%
Reports 152
Location US US
20 Apr 2026
121.200.217.28 8/10
Confidence 99%
Reports 151
Location VN VN
8 Jun 2026
121.168.139.251 10/10
Confidence 99%
Reports 146
Location KR KR
1 Jun 2026
38.95.35.85 8/10
Confidence 99%
Reports 133
Location US US
8 May 2026
196.189.237.92 10/10
Confidence 99%
Reports 111
Location ET ET
18 May 2026
34.39.58.191 8/10
Confidence 99%
Reports 108
Location GB GB
3 May 2026
141.148.33.145 10/10
Confidence 99%
Reports 104
Location US US
8 Jun 2026
93.14.117.117 10/10
Confidence 99%
Reports 103
Location FR FR
9 Jun 2026

Export & Firewall Rules

Download threat data or generate firewall rules to block this IP

JSON Report

Structured data format for integration with security tools and SIEM systems.

{
    "ip_address": "212.89.15.132",
    "threat_level": 8,
    "confidence_score": 99,
    "total_reports": 237,
    "country_code": "ES",
    "isp_name": "R Cable y Telecable Telecomunicaciones, S.A.U.",
    "asn": "12946",
    "first_reported": "2026-04-03 18:44:39",
    "last_reported": "2026-04-24 18:10:44",
    "exported_at": "2026-06-09T08:01:52+02:00",
    "source": "https://reportedip.de/ip/212.89.15.132/"
}
Download JSON

GDPR Compliant: Exports contain only IP-related threat data. No personal information or reporter details are included.

Analyzed high-risk IP addresses