JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 196.189.29.248

196.189.29.248 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 13%: ?

13%

ISP	Ethio Telecom
Usage Type	Fixed Line ISP
ASN	AS24757
Domain Name	ethiotelecom.et
Country	🇪🇹 Ethiopia
City	Addis Ababa, Addis Ababa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 196.189.29.248

Whois 196.189.29.248

IP Abuse Reports for 196.189.29.248:

This IP address has been reported a total of 16 times from 12 distinct sources. 196.189.29.248 was first reported on May 1st 2022, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-20 08:29:37 (2 hours ago)	Unauthorized VPN login attempts	Hacking Brute-Force
🇩🇪 SMARTNET	2026-05-27 06:03:53 (3 weeks ago)	Aisuru(Mirai variant) DDoS \| Incident ID: 8969aafa-3f20-493f-8883-3bda65a2b909	DDoS Attack
🇺🇸 TPI-Abuse	2026-02-28 18:01:17 (3 months ago)	(mod_security) mod_security (id:211030) triggered by 196.189.29.248 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:211030) triggered by 196.189.29.248 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 28 13:01:11.373217 2026] [security2:error] [pid 11100:tid 11100] [client 196.189.29.248:5320] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at ARGS. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf"] [line "17"] [id "211030"] [rev "3"] [msg "COMODO WAF: LDAP Injection Attack\|\|www.salinabible.org\|F\|2"] [data "Matched Data: ('~'\|\|( found within ARGS: 0"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.salinabible.org"] [uri "/index.php"] [unique_id "aaMtZ1SRO5vjePei7zR0KAAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-18 11:57:07 (4 months ago)	(mod_security) mod_security (id:211030) triggered by 196.189.29.248 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:211030) triggered by 196.189.29.248 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 06:56:58.784465 2026] [security2:error] [pid 28717:tid 28717] [client 196.189.29.248:8544] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at ARGS. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf"] [line "17"] [id "211030"] [rev "3"] [msg "COMODO WAF: LDAP Injection Attack\|\|psdinnersready.com\|F\|2"] [data "Matched Data: (('~'\|\|( found within ARGS: 0"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "psdinnersready.com"] [uri "/index.php"] [unique_id "aZWpCtWubad7G_pAmTLKQAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 MPL	2026-01-07 19:06:38 (5 months ago)	tcp/2323 (2 or more attempts)	Port Scan
🇩🇪 SMARTNET	2025-11-26 07:00:13 (6 months ago)	Aisuru(Mirai variant) DDoS	DDoS Attack
Anonymous	2025-11-25 08:45:18 (6 months ago)	scanning http requests from known botnet	Web App Attack
Anonymous	2025-11-17 16:24:35 (7 months ago)	scanning http requests from known botnet	Web App Attack
🇺🇸 TPI-Abuse	2025-10-13 18:17:04 (8 months ago)	(mod_security) mod_security (id:225170) triggered by 196.189.29.248 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 196.189.29.248 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 13 14:16:59.430137 2025] [security2:error] [pid 19676:tid 19676] [client 196.189.29.248:9419] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|theopinionatedowl.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "theopinionatedowl.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aO1CG80VkpZ1BRu9eNcTeQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 exxos	2025-08-22 16:03:01 (9 months ago)	Attacks with Bad user agents	Hacking
🇺🇦 URAN Publishing Service	2025-01-14 06:58:52 (1 year ago)	196.189.29.248 - - [14/Jan/2025:08:58:50 +0200] "GET /wp-login.php HTTP/1.1" 404 2613 "-" "Mozilla/5 ... show more 196.189.29.248 - - [14/Jan/2025:08:58:50 +0200] "GET /wp-login.php HTTP/1.1" 404 2613 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 196.189.29.248 - - [14/Jan/2025:08:58:51 +0200] "GET /xmlrpc.php HTTP/1.1" 404 366 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" ... show less	Web App Attack
🇺🇸 ph	2024-03-27 11:02:22 (2 years ago)	Bad web bot attempting to run wp-login.php on non-WP site	Hacking Bad Web Bot Web App Attack
Anonymous	2024-03-13 02:28:41 (2 years ago)	Malicious activity detected Trawling for 3rd-party CMS installations	Hacking Brute-Force Web App Attack
🇫🇷 Sklurk	2023-11-04 06:03:09 (2 years ago)	Web App Attack	Web App Attack
Anonymous	2022-05-17 09:34:20 (4 years ago)	May 17 15:34:20 ns3104219 postfix/smtpd[17571]: NOQUEUE: reject: RCPT from unknown[196.189.29.248]: ... show more May 17 15:34:20 ns3104219 postfix/smtpd[17571]: NOQUEUE: reject: RCPT from unknown[196.189.29.248]: 450 4.7.1 Client host rejected: cannot find your reverse hostname, [196.189.29.248]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[196.189.29.248]> ... show less	Email Spam Web App Attack

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇷 213.128.70.19

🇧🇷 177.11.196.84

🇭🇰 103.100.208.168

🇳🇱 103.69.224.23

🇦🇺 2620:171:75:f003:9999::244

🇦🇷 200.80.43.223

🇺🇸 193.33.236.160

🇺🇸 147.182.196.204

🇧🇩 103.183.62.1

🇧🇩 103.86.198.162

🇰🇭 103.30.198.130

🇺🇸 91.230.168.168

🇬🇧 89.37.172.147

🇧🇷 20.226.88.145

🇺🇸 20.169.49.231

🇺🇸 162.216.150.51

🇨🇳 113.221.98.191

🇧🇩 103.149.56.17

🇬🇷 62.1.254.49

🇳🇱 45.148.10.157