JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 196.189.152.204

196.189.152.204 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 31%: ?

31%

ISP	Ethio Telecom
Usage Type	Fixed Line ISP
ASN	AS24757
Domain Name	ethiotelecom.et
Country	🇪🇹 Ethiopia
City	Addis Ababa, Addis Ababa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 196.189.152.204

Whois 196.189.152.204

IP Abuse Reports for 196.189.152.204:

This IP address has been reported a total of 16 times from 13 distinct sources. 196.189.152.204 was first reported on December 26th 2023, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 ghostwarriors	2026-06-27 10:20:25 (1 day ago)	Webpage scraping	Brute-Force Bad Web Bot Web App Attack
🇺🇸 integrantservices.com	2026-06-21 06:01:41 (1 week ago)	(wordpress) Failed wordpress login from 196.189.152.204 (ET/Ethiopia/-)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-21 04:02:51 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 196.189.152.204 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 196.189.152.204 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 00:02:44.056545 2026] [security2:error] [pid 26199:tid 26199] [client 196.189.152.204:16759] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.189.152.204 (+1 hits since last alert)\|tomartsmedia.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tomartsmedia.org"] [uri "/xmlrpc.php"] [unique_id "ajdiZAbg_4BNGCh9sPo4MAAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 03:31:56 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 196.189.152.204 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 196.189.152.204 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 23:31:51.660927 2026] [security2:error] [pid 12627:tid 12627] [client 196.189.152.204:4704] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.189.152.204 (+1 hits since last alert)\|roguetechink.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "roguetechink.com"] [uri "/xmlrpc.php"] [unique_id "ajdbJ2MOKdi19OXX04iELgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 SMARTNET	2026-05-27 06:03:53 (1 month ago)	Aisuru(Mirai variant) DDoS \| Incident ID: 8969aafa-3f20-493f-8883-3bda65a2b909	DDoS Attack
🇨🇳 ThreatBook.io	2026-05-11 00:59:43 (1 month ago)	ThreatBook Intelligence: Zombie,Dynamic IP more details on https://threatbook.io/ip/196.189.152.204	SSH
🇲🇳 Public CSIRT/CC of Mongolia	2026-04-30 12:03:55 (1 month ago)	Honeypot hit: Unauthorized connection attempt detected on 23/TELNET	Hacking IoT Targeted Port Scan
🇸🇬 mypatricks	2026-04-24 00:16:09 (2 months ago)	196.189.152.204 \| Port: 11413 \| DNS: 196.189.152.204 2026-04-24T08:16:08+08:00 Africa/Addis_Ababa \| ... show more 196.189.152.204 \| Port: 11413 \| DNS: 196.189.152.204 2026-04-24T08:16:08+08:00 Africa/Addis_Ababa \| IPs reserved list \| UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 HTTP/1.1 443 GET \| URL: /customer-self-service/place-an-order-at-the-cakedeliver/?377a96b13ec9adffc7740=zh-cn \| Ref: https://xxxxxx/customer-self-service/place-an-order-at-the-cakedeliver/?6220f228e4e34495c8461edd90=enabled&6d09c4654e91f4095dd907ae3c4a99db=1776861403 \| Country: ET/Ethiopia/+02:00 IP City: Addis Ababa Windows 9f10eade88577893-ADD/ADD 1 hits/0 secs Robots 2 show less	Brute-Force Web App Attack Blog Spam Web Spam Exploited Host
🇺🇸 TPI-Abuse	2025-12-10 14:52:11 (6 months ago)	"Participant in large-scale DDoS Attack in which data injection was attmpted to gain unauthorized ac ... show more "Participant in large-scale DDoS Attack in which data injection was attmpted to gain unauthorized access" show less	DDoS Attack SQL Injection Exploited Host
🇺🇸 Psycho Solutions LLC	2025-11-20 14:17:10 (7 months ago)	Detected Wordpress Scanning. - Request Method: GET - Target: {PC} wp-login.php - User Agent: N ... show more Detected Wordpress Scanning. - Request Method: GET - Target: {PC} wp-login.php - User Agent: N/A - Timestamp: 11/20/2025 2:17 pm (UTC-6) show less	Web Spam Hacking Bad Web Bot Web App Attack
🇬🇧 Bytemark	2025-11-20 11:59:10 (7 months ago)	Nov 20 11:59:10 lnx1 postfix/smtps/smtpd[903886]: warning: unknown[196.189.152.204]: SASL PLAIN auth ... show more Nov 20 11:59:10 lnx1 postfix/smtps/smtpd[903886]: warning: unknown[196.189.152.204]: SASL PLAIN authentication failed: (reason unavailable), [email protected] show less	Email Spam Spoofing Exploited Host
🇳🇱 maxxsense	2025-11-20 09:59:20 (7 months ago)	(postfix-unknown) Failed postfix unknown login with username [redacted] from 196.189.152.204 (ET/Eth ... show more (postfix-unknown) Failed postfix unknown login with username [redacted] from 196.189.152.204 (ET/Ethiopia/-) show less	Hacking
🇮🇹 VHosting	2025-11-20 09:52:32 (7 months ago)	Detected mail brute force attack from 4 different servers	Brute-Force
Anonymous	2025-11-18 09:48:59 (7 months ago)	scanning http requests from known botnet	Web App Attack
Anonymous	2025-11-15 15:32:54 (7 months ago)	scanning http requests from known botnet	Web App Attack

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇯🇵 104.46.228.53

🇭🇰 103.30.40.129

🇳🇬 102.88.137.213

🇧🇬 5.53.240.36

🇰🇷 210.217.42.139

🇹🇼 198.235.24.77

🇳🇱 193.176.31.222

🇺🇸 185.191.171.8

🇩🇪 154.217.199.13

🇧🇩 103.127.86.27

🇻🇳 103.20.97.192

🇨🇳 42.49.255.51

🇺🇸 20.163.27.102

🇺🇸 20.29.56.192

🇨🇳 218.0.63.25

🇺🇸 205.210.31.97

🇹🇭 182.52.236.235

🇳🇱 176.65.149.27

🇳🇱 176.65.139.216

🇨🇳 123.139.214.218