AbuseIPDB » 196.189.255.249

196.189.255.249 was found in our database!

This IP was reported 44 times. Confidence of Abuse is 0%: ?

ISP	IP_Pool_for_NAT_NZ_GER
Usage Type	Fixed Line ISP
ASN	AS24757
Domain Name	ethiotelecom.et
Country	Ethiopia
City	Nazret, Oromiya

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 196.189.255.249

Whois 196.189.255.249

IP Abuse Reports for 196.189.255.249:

This IP address has been reported a total of 44 times from 25 distinct sources. 196.189.255.249 was first reported on March 8th 2021, and the most recent report was 5 months ago.

Old Reports: The most recent abuse report for this IP address is from 5 months ago. It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
Birdo	2024-11-13 04:13:39 (7 months ago)	[SMB Honeypot Report] Timestamp: 2024-11-13 04:13:39 UTC Port: 30956 No credential ... show more[SMB Honeypot Report] Timestamp: 2024-11-13 04:13:39 UTC Port: 30956 No credentials captured Attack Type: Unauthorized SMB connection attempt show less	Port Scan Hacking Brute-Force
Bytemark	2024-11-11 08:58:10 (7 months ago)	196.189.255.249 - - [11/Nov/2024:08:58:10 +0000] "GET /wp-login.php HTTP/1.1" 404 27 "-" "Mozilla/5. ... show more196.189.255.249 - - [11/Nov/2024:08:58:10 +0000] "GET /wp-login.php HTTP/1.1" 404 27 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 196.189.255.249 - - [11/Nov/2024:08:58:10 +0000] "GET /xmlrpc.php HTTP/1.1" 404 27 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 196.189.255.249 - - [11/Nov/2024:08:58:10 +0000] "GET /wp-login.php HTTP/1.1" 404 27 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" show less	Brute-Force Web App Attack
bigorre.org	2024-10-31 13:56:38 (7 months ago)	Unidentified crawling: not a self-announced bot in user-agent	Bad Web Bot
Anonymous	2024-10-26 11:41:30 (7 months ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2024-10-25 08:29:40 (7 months ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
nationaleventpros.com	2024-10-19 08:33:00 (8 months ago)	WordPress login attempt	Brute-Force
JuicyJ	2024-10-15 15:24:05 (8 months ago)	Looking for WordPress vulnerabilities	Web App Attack
Anonymous	2024-10-11 19:07:00 (8 months ago)	Attack on xmlrpc.php.	Hacking Brute-Force Web App Attack
TPI-Abuse	2024-09-28 08:41:42 (8 months ago)	(mod_security) mod_security (id:225170) triggered by 196.189.255.249 (-): 1 in the last 300 secs; Po ... show more(mod_security) mod_security (id:225170) triggered by 196.189.255.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 28 04:41:36.507639 2024] [security2:error] [pid 409:tid 409] [client 196.189.255.249:27964] [client 196.189.255.249] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|chickiesbeef.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "chickiesbeef.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZvfBQPgatenZ4ZaOd_kuagAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2024-09-28 08:19:26 (8 months ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
URAN Publishing Service	2024-09-20 05:22:42 (9 months ago)	196.189.255.249 - - [20/Sep/2024:08:22:36 +0300] "GET /wp-login.php HTTP/1.1" 404 2618 "-" "Mozilla/ ... show more196.189.255.249 - - [20/Sep/2024:08:22:36 +0300] "GET /wp-login.php HTTP/1.1" 404 2618 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 196.189.255.249 - - [20/Sep/2024:08:22:38 +0300] "GET /xmlrpc.php HTTP/1.1" 404 366 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" ... show less	Web App Attack
TheMadBeaker	2024-09-11 05:28:04 (9 months ago)	Fail2Ban Ban Triggered Wordpress Attack Attempt	Brute-Force Web App Attack
deskpass.com	2024-09-07 11:48:07 (9 months ago)	GET /wp-login.php	Web App Attack
ps-center	2024-09-07 08:56:07 (9 months ago)	MYH: Web Attack GET /wp-login.php	Web Spam Hacking Bad Web Bot Web App Attack
TPI-Abuse	2024-09-04 07:42:56 (9 months ago)	(mod_security) mod_security (id:225170) triggered by 196.189.255.249 (-): 1 in the last 300 secs; Po ... show more(mod_security) mod_security (id:225170) triggered by 196.189.255.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 04 03:42:48.749108 2024] [security2:error] [pid 2556164:tid 2556266] [client 196.189.255.249:50267] [client 196.189.255.249] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.busybeerestaurant.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.busybeerestaurant.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZtgPeBre4UP155A9Attx0QAAAlE"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 16 to 30 of 44 reports

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩

Recently Reported IPs:

172.70.49.239

47.86.3.155

122.168.127.202

47.128.122.87

171.251.27.191

194.146.12.177

117.209.84.69

172.70.122.225

106.12.90.118

103.172.154.255

108.162.242.94

192.42.116.216

180.76.250.117

47.128.28.20

72.219.169.42

199.45.154.178

60.241.168.214

115.190.9.220

172.70.123.70

47.128.42.56