JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 132.191.1.249

132.191.1.249 was found in our database!

This IP was reported 20 times. Confidence of Abuse is 37%: ?

37%

ISP	ENTEL PERU S.A.
Usage Type	Mobile ISP
ASN	AS21575
Domain Name	entel.pe
Country	🇵🇪 Peru
City	Lima, Lima Province

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 132.191.1.249

Whois 132.191.1.249

IP Abuse Reports for 132.191.1.249:

This IP address has been reported a total of 20 times from 8 distinct sources. 132.191.1.249 was first reported on June 1st 2026, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-06 19:23:57 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 132.191.1.249 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 132.191.1.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 15:23:51.184674 2026] [security2:error] [pid 10523:tid 10523] [client 132.191.1.249:28447] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 132.191.1.249 (+1 hits since last alert)\|airtechconsulting.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "airtechconsulting.com"] [uri "/xmlrpc.php"] [unique_id "aiRzx5idNdNHJA2y_9xhUgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-06 01:45:13 (2 weeks ago)	Attac	Brute-Force
🇫🇷 dynamix	2026-06-05 19:22:27 (2 weeks ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 03:36:37 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 132.191.1.249 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 132.191.1.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 23:36:31.916705 2026] [security2:error] [pid 19360:tid 19360] [client 132.191.1.249:58374] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 132.191.1.249 (+1 hits since last alert)\|tomartsmedia.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tomartsmedia.org"] [uri "/xmlrpc.php"] [unique_id "aiDyvx0dzysvMOlNcen_6QAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 00:34:08 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 132.191.1.249 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 132.191.1.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 20:34:03.810272 2026] [security2:error] [pid 18854:tid 18854] [client 132.191.1.249:36096] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 132.191.1.249 (+1 hits since last alert)\|oshadega.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "oshadega.com"] [uri "/xmlrpc.php"] [unique_id "aiDH-5-VdGTaRYXz7fzCFQAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 konseptit	2026-06-03 22:06:00 (2 weeks ago)	(wordpress) Failed wordpress login from 132.191.1.249 (PE/Peru/-)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-03 21:34:58 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 132.191.1.249 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 132.191.1.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 17:34:51.770959 2026] [security2:error] [pid 1272:tid 1272] [client 132.191.1.249:9295] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 132.191.1.249 (+1 hits since last alert)\|verdeprofundo.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "verdeprofundo.net"] [uri "/xmlrpc.php"] [unique_id "aiCd-xDhusML9_rY2SckQwAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 screwlooseit.com.au	2026-06-03 19:33:14 (2 weeks ago)	Blocked by CSF 13 firewall - Rule: XMLRPC PE/Peru/-	Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 03:12:01 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 132.191.1.249 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 132.191.1.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 23:11:55.363112 2026] [security2:error] [pid 11559:tid 11559] [client 132.191.1.249:40755] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 132.191.1.249 (+1 hits since last alert)\|dymesich.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "dymesich.com"] [uri "/xmlrpc.php"] [unique_id "ah-bewzvE5dypU9ptyXA1wAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 00:41:04 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 132.191.1.249 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 132.191.1.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 20:40:58.567304 2026] [security2:error] [pid 5405:tid 5415] [client 132.191.1.249:25622] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 132.191.1.249 (+1 hits since last alert)\|reghay.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "reghay.com"] [uri "/xmlrpc.php"] [unique_id "ah94GudCmhL9oVti23i8ZgAAAIg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 21:35:06 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 132.191.1.249 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 132.191.1.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 17:34:55.879681 2026] [security2:error] [pid 26173:tid 26173] [client 132.191.1.249:37856] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 132.191.1.249 (+1 hits since last alert)\|univey.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "univey.com"] [uri "/xmlrpc.php"] [unique_id "ah9Mf5RtTTvqeV6sAJJgQQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-02 06:26:23 (2 weeks ago)	Attac	Brute-Force
🇺🇸 TPI-Abuse	2026-06-02 04:22:56 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 132.191.1.249 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 132.191.1.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 00:22:52.111348 2026] [security2:error] [pid 2892:tid 2892] [client 132.191.1.249:34745] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 132.191.1.249 (+1 hits since last alert)\|lowkeytiki.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lowkeytiki.com"] [uri "/xmlrpc.php"] [unique_id "ah5anAqVoCKcxl6dH9s4GQAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 cmbplf	2026-06-02 03:27:29 (2 weeks ago)	2.490 requests with url.path */xmlrpc.php	Brute-Force Bad Web Bot
🇩🇪 rh24	2026-06-02 02:06:56 (2 weeks ago)	(xmlrpc_405) XMLRPC-Bot 405 132.191.1.249 (PE/Peru/-)	Hacking

Showing 1 to 15 of 20 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 183.233.187.138

🇧🇷 177.12.2.132

🇩🇰 158.173.74.16

🇷🇴 80.94.92.182

🇺🇸 74.67.177.146

🇨🇳 8.142.178.141

🇰🇷 221.163.22.86

🇩🇪 213.209.159.238

🇵🇱 194.180.49.220

🇷🇺 178.46.118.130

🇳🇿 121.73.169.63

🇵🇭 118.193.73.8

🇻🇳 118.71.20.55

🇺🇸 107.155.88.70

🇵🇰 103.79.19.120

🇸🇬 20.6.35.235

🇻🇳 171.244.143.209

🇺🇸 145.223.7.44

🇪🇸 136.226.214.120

🇨🇳 111.8.83.23