JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 196.189.29.85

196.189.29.85 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 20%: ?

20%

ISP	Ethio Telecom
Usage Type	Fixed Line ISP
ASN	AS24757
Domain Name	ethiotelecom.et
Country	🇪🇹 Ethiopia
City	Addis Ababa, Addis Ababa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 196.189.29.85

Whois 196.189.29.85

IP Abuse Reports for 196.189.29.85:

This IP address has been reported a total of 14 times from 11 distinct sources. 196.189.29.85 was first reported on June 27th 2024, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 masterguru	2026-06-09 04:05:56 (2 weeks ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)	Hacking
🇩🇪 abdubhai	2026-06-09 01:19:38 (2 weeks ago)	196.189.29.85 - - [09/Jun/2026:0 ...	Brute-Force
🇺🇸 TPI-Abuse	2026-06-08 23:03:21 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 196.189.29.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 196.189.29.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 19:03:12.258222 2026] [security2:error] [pid 7621:tid 7621] [client 196.189.29.85:10966] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.189.29.85 (+1 hits since last alert)\|fattoria-rendena.it\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "fattoria-rendena.it"] [uri "/xmlrpc.php"] [unique_id "aidKMDKplAc49AII910MnQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 20:47:36 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 196.189.29.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 196.189.29.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 16:47:29.792969 2026] [security2:error] [pid 31995:tid 31995] [client 196.189.29.85:10905] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.189.29.85 (+1 hits since last alert)\|abilityengraving.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "abilityengraving.com"] [uri "/xmlrpc.php"] [unique_id "aicqYdbOPqA98Ls0NMRjugAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 18:49:03 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 196.189.29.85 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 196.189.29.85 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 14:48:52.785704 2026] [security2:error] [pid 20080:tid 20080] [client 196.189.29.85:31894] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.189.29.85 (+1 hits since last alert)\|fuentevictoria.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "fuentevictoria.com"] [uri "/xmlrpc.php"] [unique_id "aicOlIo409xsGxiYN_vCLQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 cybsecaoccol	2026-05-03 14:32:49 (1 month ago)	unauthorized connection or malicious port scan attempted on tcp port - corp	Port Scan Hacking
🇺🇸 cazae	2026-04-19 12:53:03 (2 months ago)	Unauthorized attempt on debian [9100/tcp] Source port: 4231 TTL: 44 Packet length: 60 TOS: 0x08 htt ... show more Unauthorized attempt on debian [9100/tcp] Source port: 4231 TTL: 44 Packet length: 60 TOS: 0x08 https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇸🇬 mypatricks	2026-03-07 23:46:14 (3 months ago)	196.189.29.85 \| Port: 13123 \| DNS: 196.189.29.85 2026-03-08T07:46:13+08:00 Africa/Addis_Ababa \| IPs ... show more 196.189.29.85 \| Port: 13123 \| DNS: 196.189.29.85 2026-03-08T07:46:13+08:00 Africa/Addis_Ababa \| IPs reserved list \| UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 HTTP/1.1 443 GET \| URL: /jelly-cakes-jelly-piggy/?33b2b91540cb45d2bc26e58d96240047=1772858538&4dd6187307bfb9981=enabled \| Ref: https://xxxxxx/jelly-cakes-jelly-piggy/?230e59fad002b591402f95e361b5e6dc=AUD&code=AUD \| Country: ET/Ethiopia/+02:00 IP City: Addis Ababa Windows 9d8d7a688dd85456-JIB/Djibouti City, Djibouti 1 hits/0 secs Robots 3 show less	Brute-Force Web App Attack Blog Spam Web Spam Exploited Host
Anonymous	2026-02-13 06:43:41 (4 months ago)	scanning http requests from known botnet	Web App Attack
🇬🇧 Nov	2026-01-08 20:01:10 (5 months ago)	Unauthorized Telnet access attempt (tcp/23)	Port Scan
🇮🇹 VHosting	2025-12-23 12:05:09 (6 months ago)	Detected attack and reported by a human	DDoS Attack Brute-Force Bad Web Bot Exploited Host Web App Attack SSH
🇳🇱 exxos	2025-07-29 01:07:58 (10 months ago)	HTTP1.x attacks	DDoS Attack
🇳🇱 exxos	2025-07-28 03:59:39 (10 months ago)	HTTP1.x attacks	DDoS Attack
🇬🇧 Steve	2024-06-27 16:05:15 (1 year ago)	Attempts against non-existent wordpress site	Brute-Force Web App Attack

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 69.5.169.16

🇺🇸 44.60.53.178

🇺🇸 173.247.255.22

🇺🇸 44.223.6.88

🇺🇸 44.221.50.249

🇳🇱 193.29.139.171

🇺🇸 147.185.132.13

🇷🇺 147.45.48.17

🇨🇳 101.126.155.86

🇳🇱 77.83.39.197

🇺🇸 66.132.195.22

🇳🇱 45.156.87.147

🇳🇱 45.148.10.157

🇳🇱 45.148.10.151

🇺🇸 44.194.27.64

🇳🇱 44.137.153.229

🇩🇪 37.114.50.27

🇨🇾 213.149.181.32

🇮🇩 103.78.105.189

🇩🇪 94.26.106.103