JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 195.208.188.153

195.208.188.153 was found in our database!

This IP was reported 157 times. Confidence of Abuse is 100%: ?

100%

ISP	Progress Technology LLC
Usage Type	Fixed Line ISP
ASN	AS49954
Domain Name	zextel.ru
Country	🇷🇺 Russian Federation
City	Vsevolozhsk, Leningradskaya Oblast'

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 195.208.188.153

Whois 195.208.188.153

IP Abuse Reports for 195.208.188.153:

This IP address has been reported a total of 157 times from 70 distinct sources. 195.208.188.153 was first reported on April 30th 2025, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-05-12 19:14:12 (3 weeks ago)	(mod_security) mod_security (id:240335) triggered by 195.208.188.153 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 195.208.188.153 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 12 15:14:06.335576 2026] [security2:error] [pid 17995:tid 17995] [client 195.208.188.153:63616] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 195.208.188.153 (+1 hits since last alert)\|alhill.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "alhill.com"] [uri "/xmlrpc.php"] [unique_id "agN7_lyPuoZUmzF4qYssBgAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 screwlooseit.com.au	2026-05-12 12:18:35 (3 weeks ago)	Blocked by CSF 13 firewall - Rule: XMLRPC RU/Russia/-	Web App Attack
🇸🇪 vaia.cloud	2026-05-12 11:31:04 (3 weeks ago)	trying wp-login.php/xmlrpc.php 34 times in 1 minutes	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-12 01:15:08 (3 weeks ago)	(mod_security) mod_security (id:240335) triggered by 195.208.188.153 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 195.208.188.153 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 11 21:15:00.456460 2026] [security2:error] [pid 13472:tid 13472] [client 195.208.188.153:53514] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 195.208.188.153 (+1 hits since last alert)\|jolankagroup.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "jolankagroup.com"] [uri "/xmlrpc.php"] [unique_id "agJ_FDrDvJEj8P4UwKG60AAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-12 00:44:20 (3 weeks ago)	(mod_security) mod_security (id:240335) triggered by 195.208.188.153 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 195.208.188.153 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 11 20:44:12.998612 2026] [security2:error] [pid 19160:tid 19160] [client 195.208.188.153:57687] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 195.208.188.153 (+1 hits since last alert)\|comobarbershop.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "comobarbershop.com"] [uri "/xmlrpc.php"] [unique_id "agJ33HnhFaxDn5op-JvJigAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-11 15:11:23 (3 weeks ago)	(mod_security) mod_security (id:240335) triggered by 195.208.188.153 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 195.208.188.153 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 11 11:11:16.359173 2026] [security2:error] [pid 17580:tid 17580] [client 195.208.188.153:63980] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 195.208.188.153 (+1 hits since last alert)\|rajabarber.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rajabarber.com"] [uri "/xmlrpc.php"] [unique_id "agHxlNWquFziGgRSQDhgBwAAACA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-11 10:33:19 (3 weeks ago)	(mod_security) mod_security (id:240335) triggered by 195.208.188.153 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 195.208.188.153 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 11 06:33:12.359545 2026] [security2:error] [pid 11601:tid 11601] [client 195.208.188.153:60221] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 195.208.188.153 (+1 hits since last alert)\|iconconstructors.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "iconconstructors.com"] [uri "/xmlrpc.php"] [unique_id "agGwaD963lTRCYllLIKVRgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-11 06:26:35 (3 weeks ago)	(mod_security) mod_security (id:240335) triggered by 195.208.188.153 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 195.208.188.153 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 11 02:26:32.105168 2026] [security2:error] [pid 11458:tid 11458] [client 195.208.188.153:49333] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 195.208.188.153 (+1 hits since last alert)\|bonesband.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bonesband.com"] [uri "/xmlrpc.php"] [unique_id "agF2mAv41nbM1w0wtMCrjwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-11 05:56:02 (3 weeks ago)	(mod_security) mod_security (id:240335) triggered by 195.208.188.153 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 195.208.188.153 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 11 01:55:55.207825 2026] [security2:error] [pid 29638:tid 29638] [client 195.208.188.153:56756] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 195.208.188.153 (+1 hits since last alert)\|famagustacyprus.eu\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "famagustacyprus.eu"] [uri "/xmlrpc.php"] [unique_id "agFvayxhNTEmVR_XSLGKGwAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-10 22:17:00 (3 weeks ago)	(mod_security) mod_security (id:240335) triggered by 195.208.188.153 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 195.208.188.153 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 10 18:16:52.206318 2026] [security2:error] [pid 19180:tid 19180] [client 195.208.188.153:52247] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 195.208.188.153 (+1 hits since last alert)\|athletefirst.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "athletefirst.org"] [uri "/xmlrpc.php"] [unique_id "agED1IZxy0miM52ANH5vQAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 WeekendWeb	2026-05-10 21:45:38 (3 weeks ago)	Wordpress Vunerability attack	Web App Attack
🇺🇸 TPI-Abuse	2026-05-10 21:08:57 (3 weeks ago)	(mod_security) mod_security (id:225170) triggered by 195.208.188.153 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 195.208.188.153 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 10 17:08:50.938406 2026] [security2:error] [pid 13512:tid 13512] [client 195.208.188.153:53426] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|nancyscafeandcatering.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "nancyscafeandcatering.com"] [uri "/wp-json/wp/v2/users"] [unique_id "agDz4ouR1IQ2nTl_2KOn8QAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇲🇾 Rizzy	2026-05-10 08:55:20 (3 weeks ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇩🇪 rh24	2026-05-10 08:55:09 (3 weeks ago)	(xmlrpc_405) XMLRPC-Bot 405 195.208.188.153 (RU/Russia/-)	Hacking
🇧🇪 cmbplf	2026-05-10 07:32:27 (3 weeks ago)	2.513 requests with url.path */xmlrpc.php	Brute-Force Bad Web Bot

Showing 61 to 75 of 157 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇵🇰 182.176.172.4

🇺🇸 172.58.49.134

🇧🇷 168.196.206.14

🇧🇪 130.211.95.194

🇺🇸 91.230.168.67

🇺🇸 162.216.150.134

🇺🇸 157.245.85.225

🇸🇪 155.4.244.169

🇸🇬 134.185.86.134

🇧🇩 103.239.252.132

🇧🇩 103.77.60.106

🇭🇰 103.43.8.71

🇨🇳 101.26.28.30

🇳🇱 89.21.67.152

🇳🇱 81.19.216.68

🇺🇸 76.31.21.210

🇺🇸 65.49.1.142

🇧🇪 34.14.117.241

🇺🇸 20.64.105.20

🇺🇸 17.246.15.228