JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 189.124.19.1

189.124.19.1 was found in our database!

This IP was reported 28 times. Confidence of Abuse is 35%: ?

35%

ISP	Net Rosas Telecomunicações Ltda.
Usage Type	Fixed Line ISP
ASN	AS28219
Domain Name	net-rosas.com.br
Country	🇧🇷 Brazil
City	Barbacena, Minas Gerais

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 189.124.19.1

Whois 189.124.19.1

IP Abuse Reports for 189.124.19.1:

This IP address has been reported a total of 28 times from 17 distinct sources. 189.124.19.1 was first reported on March 3rd 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-19 16:30:44 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 189.124.19.1 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 189.124.19.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 12:30:40.820960 2026] [security2:error] [pid 428:tid 428] [client 189.124.19.1:58537] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 189.124.19.1 (+1 hits since last alert)\|warpedweed.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "warpedweed.com"] [uri "/xmlrpc.php"] [unique_id "ajVusJXeoadsR0ocOTthIwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-18 18:08:47 (2 days ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)	Hacking
🇺🇸 TPI-Abuse	2026-06-17 15:54:11 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 189.124.19.1 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 189.124.19.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 11:54:06.195974 2026] [security2:error] [pid 25868:tid 25868] [client 189.124.19.1:58290] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 189.124.19.1 (+1 hits since last alert)\|honigcpa.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "honigcpa.com"] [uri "/xmlrpc.php"] [unique_id "ajLDHkQ_AmwGwHK6G6qD9QAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 12:38:31 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 189.124.19.1 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 189.124.19.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 08:38:25.420653 2026] [security2:error] [pid 27787:tid 27787] [client 189.124.19.1:54106] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 189.124.19.1 (+1 hits since last alert)\|ubuciko.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "ubuciko.com"] [uri "/xmlrpc.php"] [unique_id "ai_yQScrxhwR-cJ-pj3EnAAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 12:05:44 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 189.124.19.1 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 189.124.19.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 08:05:40.646466 2026] [security2:error] [pid 22314:tid 22314] [client 189.124.19.1:65441] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 189.124.19.1 (+1 hits since last alert)\|grasslakepizzatime.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "grasslakepizzatime.com"] [uri "/xmlrpc.php"] [unique_id "ai_qlMl3_3pAMUG2O6ddbgAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 12:13:56 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 189.124.19.1 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 189.124.19.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 08:13:50.242769 2026] [security2:error] [pid 27936:tid 27936] [client 189.124.19.1:51754] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 189.124.19.1 (+1 hits since last alert)\|kildarafarms.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kildarafarms.com"] [uri "/xmlrpc.php"] [unique_id "aiAafgXT5zgd1gujQj-trgAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-31 15:34:40 (2 weeks ago)		Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 15:05:38 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 189.124.19.1 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 189.124.19.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 11:05:32.417711 2026] [security2:error] [pid 27348:tid 27348] [client 189.124.19.1:60080] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 189.124.19.1 (+1 hits since last alert)\|mfleetservice.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mfleetservice.com"] [uri "/xmlrpc.php"] [unique_id "ahxOPAHAc5bHPLcd80Nt8wAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-30 21:25:01 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 189.124.19.1 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 189.124.19.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 30 17:24:54.710182 2026] [security2:error] [pid 27760:tid 27777] [client 189.124.19.1:49642] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 189.124.19.1 (+1 hits since last alert)\|coloradomountain.homes\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "coloradomountain.homes"] [uri "/xmlrpc.php"] [unique_id "ahtVpp-FNhJAiAsY9d6NWwAAAU4"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 cmbplf	2026-05-30 19:32:59 (2 weeks ago)	2.551 requests with url.path */xmlrpc.php	Brute-Force Bad Web Bot
🇱🇻 garmtech.com	2026-05-30 17:15:48 (3 weeks ago)	IM360 WAF: Rate limit exceeded for XMLRPC DoS (fault code)	Web App Attack
Anonymous	2026-05-30 17:10:15 (3 weeks ago)	Attac	Brute-Force
🇺🇸 TPI-Abuse	2026-04-13 18:09:44 (2 months ago)	(mod_security) mod_security (id:225170) triggered by 189.124.19.1 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 189.124.19.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 13 14:09:38.770598 2026] [security2:error] [pid 235860:tid 235860] [client 189.124.19.1:57065] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|bigheartskitchen.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "bigheartskitchen.net"] [uri "/wp-json/wp/v2/users"] [unique_id "ad0xYuSaJWCEN6WGPz7u6QAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 big-cloud.nl	2026-04-13 17:39:36 (2 months ago)	Try to access /xmlrpc.php	Web App Attack
🇩🇪 betternews.app	2026-04-09 19:25:20 (2 months ago)	"a web request contained keyword "xmlrpc.php"; Suspicious URL: /xmlrpc.php"	Web Spam Blog Spam Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 28 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇿 185.233.3.95

🇷🇴 80.94.92.187

🇺🇸 34.181.181.246

🇳🇱 192.42.116.143

🇰🇷 112.168.121.39

🇻🇳 103.75.182.132

🇮🇳 103.39.245.69

🇨🇳 101.126.53.14

🇳🇱 89.21.67.179

🇺🇸 64.207.185.5

🇳🇱 45.198.224.244

🇭🇰 45.142.154.42

🇭🇰 45.142.154.31

🇬🇹 190.151.130.5

🇲🇽 187.191.48.23

🇺🇸 147.185.132.191

🇭🇰 118.193.38.178

🇺🇸 104.21.88.126

🇺🇸 69.164.217.245

🇩🇪 69.5.169.8