JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 196.189.157.8

196.189.157.8 was found in our database!

This IP was reported 20 times. Confidence of Abuse is 3%: ?

ISP	Ethio Telecom
Usage Type	Fixed Line ISP
ASN	AS24757
Domain Name	ethiotelecom.et
Country	🇪🇹 Ethiopia
City	Addis Ababa, Addis Ababa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 196.189.157.8

Whois 196.189.157.8

IP Abuse Reports for 196.189.157.8:

This IP address has been reported a total of 20 times from 12 distinct sources. 196.189.157.8 was first reported on January 1st 2024, and the most recent report was 20 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 pltcldvlpr	2026-06-14 17:31:24 (20 hours ago)	Bogus Useragent: 196.189.157.8 - - [14/Jun/2026:14:16:48 +0200] "GET /mandate?id=rp_18_ind_bernhard- ... show more Bogus Useragent: 196.189.157.8 - - [14/Jun/2026:14:16:48 +0200] "GET /mandate?id=rp_18_ind_bernhard-alscher HTTP/1.1" 200 80096 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 4.0; Trident/4.1)" asn=24757 org="EthioNet" country=ET ... show less	Bad Web Bot
🇬🇧 Birdo	2026-03-27 09:24:14 (2 months ago)	[Birdo SMB Honeypot] SMB unauthorized attempt	Exploited Host Brute-Force Port Scan Hacking
🇺🇸 gui-ying233	2026-03-11 07:37:06 (3 months ago)	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Sa ... show more Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 show less	Bad Web Bot
Anonymous	2025-06-11 11:41:32 (1 year ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
Anonymous	2025-01-14 20:17:01 (1 year ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇬🇧 catalink.com	2024-12-13 13:06:13 (1 year ago)	Brute forcing Wordpress login	Exploited Host Web App Attack
🇺🇦 URAN Publishing Service	2024-11-28 14:58:45 (1 year ago)	196.189.157.8 - - [28/Nov/2024:16:58:43 +0200] "GET /wp-login.php HTTP/1.1" 404 2628 "-" "Mozilla/5. ... show more 196.189.157.8 - - [28/Nov/2024:16:58:43 +0200] "GET /wp-login.php HTTP/1.1" 404 2628 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 196.189.157.8 - - [28/Nov/2024:16:58:43 +0200] "GET /xmlrpc.php HTTP/1.1" 404 366 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" ... show less	Web App Attack
🇨🇦 polycoda	2024-11-24 12:40:18 (1 year ago)	🔑 Probes for xmlrpc.php everywhere	Hacking Web App Attack
🇺🇸 TPI-Abuse	2024-11-23 20:54:53 (1 year ago)	(mod_security) mod_security (id:225170) triggered by 196.189.157.8 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 196.189.157.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 23 15:54:49.097969 2024] [security2:error] [pid 26974:tid 26974] [client 196.189.157.8:19407] [client 196.189.157.8] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|salernospizza.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "salernospizza.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "Z0JBGUkTKYj0lr1rBG0A9gAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇷 diego	2024-07-25 07:44:00 (1 year ago)	Events: TCP SYN Discovery or Flooding, Seen 3 times in the last 10800 seconds	DDoS Attack
🇫🇷 Sklurk	2024-07-11 09:38:51 (1 year ago)	Web App Attack	Web App Attack
🇺🇦 URAN Publishing Service	2024-06-30 12:57:25 (1 year ago)	196.189.157.8 - - [30/Jun/2024:15:57:23 +0300] "GET /wp-login.php HTTP/1.1" 404 2968 "-" "Mozilla/5. ... show more 196.189.157.8 - - [30/Jun/2024:15:57:23 +0300] "GET /wp-login.php HTTP/1.1" 404 2968 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 196.189.157.8 - - [30/Jun/2024:15:57:24 +0300] "GET /xmlrpc.php HTTP/1.1" 404 366 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" ... show less	Web App Attack
🇺🇸 nationaleventpros.com	2024-06-16 01:47:37 (1 year ago)	WordPress login attempt	Brute-Force
🇺🇸 TPI-Abuse	2024-06-05 15:45:34 (2 years ago)	(mod_security) mod_security (id:225170) triggered by 196.189.157.8 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 196.189.157.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 05 11:45:26.493232 2024] [security2:error] [pid 4669] [client 196.189.157.8:9472] [client 196.189.157.8] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|salernospizza.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "salernospizza.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZmCIFnUj3iMCSPP-NSy2IAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-04-01 00:19:36 (2 years ago)	(mod_security) mod_security (id:225170) triggered by 196.189.157.8 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 196.189.157.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 31 20:19:32.092414 2024] [security2:error] [pid 29948] [client 196.189.157.8:11587] [client 196.189.157.8] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|laecovillage.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "laecovillage.org"] [uri "/wp-json/wp/v2/users/1"] [unique_id "Zgn9lCeO25KA73XTN8PNcgAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 20 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇿 146.158.94.16

🇧🇪 34.62.132.245

🇨🇳 27.21.31.238

🇨🇳 218.78.104.226

🇨🇳 118.145.111.33

🇧🇩 103.86.198.253

🇳🇱 45.148.10.151

🇬🇭 41.139.11.234

🇺🇸 35.234.181.7

🇧🇪 34.156.165.101

🇫🇷 173.249.63.49

🇨🇳 115.190.55.44

🇺🇸 104.206.128.62

🇳🇱 91.92.40.13

🇮🇷 2.180.178.81

🇨🇳 218.4.120.211

🇫🇷 217.113.196.27

🇵🇰 175.107.32.186

🇨🇳 175.6.13.102

🇮🇹 151.82.214.195