JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 191.156.52.48

191.156.52.48 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 29%: ?

29%

ISP	COMUNICACIÓN CELULAR S.A. COMCEL S.A.
Usage Type	Mobile ISP
ASN	AS26611
Domain Name	claro.com.co
Country	🇨🇴 Colombia
City	Bogota, Bogota D.C.

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 191.156.52.48

Whois 191.156.52.48

IP Abuse Reports for 191.156.52.48:

This IP address has been reported a total of 10 times from 9 distinct sources. 191.156.52.48 was first reported on April 28th 2026, and the most recent report was 14 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇴 JN	2026-06-19 19:45:36 (14 hours ago)	Reporte automatizado de actividad sospechosa	DDoS Attack
🇨🇴 AF	2026-06-19 17:52:20 (16 hours ago)	Reporte automatizado de actividad sospechosa	DDoS Attack
🇨🇴 Dricci	2026-06-19 17:29:22 (16 hours ago)	Reporte automatizado de actividad sospechosa	Port Scan
🇩🇪 EGP Abuse Dept	2026-06-11 01:14:35 (1 week ago)	Scanning for port/service exploits on tpc-005.mach3builders.nl	Port Scan Hacking
🇫🇷 TheHoneyPotter	2026-06-09 20:18:32 (1 week ago)	Honeypot [fc-honeypot]: SMB traffic on port 445 Reported by: https://github.com/sefinek/T-Pot-To-Abu ... show more Honeypot [fc-honeypot]: SMB traffic on port 445 Reported by: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Hacking
🇮🇩 hermawan	2026-06-02 01:51:21 (2 weeks ago)	1780365070.448988 191.156.52.48 103.166.156.58 65535_2-4-8-1-3_1339_6 2026-06-02 08:51:10 WIB ...	Email Spam Hacking
🇬🇧 PeravixGroup	2026-05-25 14:16:54 (3 weeks ago)	Honeypot detection: SMB / Windows file sharing exploitation attempt on port 445. Severity: HIGH. Aar ... show more Honeypot detection: SMB / Windows file sharing exploitation attempt on port 445. Severity: HIGH. Aaran.cloud show less	Hacking Exploited Host
🇺🇸 TPI-Abuse	2026-05-03 21:25:46 (1 month ago)	(mod_security) mod_security (id:225170) triggered by 191.156.52.48 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 191.156.52.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 03 17:25:39.819281 2026] [security2:error] [pid 29102:tid 29102] [client 191.156.52.48:64171] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|advantagept.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "advantagept.org"] [uri "/wp-json/wp/v2/users"] [unique_id "afe9UwYSETBKMGu8sC1ITwAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-28 06:18:50 (1 month ago)	(mod_security) mod_security (id:225170) triggered by 191.156.52.48 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 191.156.52.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 28 02:18:42.961006 2026] [security2:error] [pid 31508:tid 31569] [client 191.156.52.48:61704] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|ianajewellery.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ianajewellery.com"] [uri "/wp-json/wp/v2/users"] [unique_id "afBRQsO-iN4C6R56nJTQIAAAAZI"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 screwlooseit.com.au	2026-04-28 05:30:33 (1 month ago)	Blocked by CSF 13 firewall - Rule: XMLRPC CO/Colombia/-	Web App Attack

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 172.190.51.254

🇺🇸 154.83.197.125

🇨🇳 116.179.32.106

🇳🇱 91.92.40.7

🇨🇳 220.178.246.43

🇹🇭 203.154.158.195

🇿🇦 196.31.199.132

🇧🇷 187.111.28.131

🇺🇸 172.253.209.154

🇸🇪 130.49.114.186

🇵🇭 122.3.142.156

🇵🇰 103.72.0.13

🇮🇳 103.26.111.138

🇺🇸 71.71.250.77

🇳🇱 45.148.10.152

🇪🇸 212.227.235.203

🇹🇼 111.70.23.253

🇺🇸 74.74.90.229

🇧🇷 45.179.22.57

🇬🇧 35.203.211.153