JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 196.191.133.60

196.191.133.60 was found in our database!

This IP was reported 42 times. Confidence of Abuse is 74%: ?

74%

ISP	Ethio Telecom
Usage Type	Fixed Line ISP
ASN	AS24757
Domain Name	ethiotelecom.et
Country	🇪🇹 Ethiopia
City	Awasa, Sidama Region

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 196.191.133.60

Whois 196.191.133.60

IP Abuse Reports for 196.191.133.60:

This IP address has been reported a total of 42 times from 26 distinct sources. 196.191.133.60 was first reported on March 13th 2026, and the most recent report was 13 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-22 14:00:00 (13 hours ago)	(mod_security) mod_security (id:240335) triggered by 196.191.133.60 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 196.191.133.60 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 09:59:54.301241 2026] [security2:error] [pid 11493:tid 11493] [client 196.191.133.60:60806] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.191.133.60 (+1 hits since last alert)\|uphillfarmvt.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "uphillfarmvt.com"] [uri "/xmlrpc.php"] [unique_id "ajk_2mkslX7tnuj3ZVb3QgAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-22 12:52:19 (14 hours ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
Anonymous	2026-06-22 09:38:06 (17 hours ago)	196.191.133.60 - - [22/Jun/2026:11:37:45 +0200] "POST /xmlrpc.php HTTP/1.1" 200 624 "-" "Jetpack by ... show more 196.191.133.60 - - [22/Jun/2026:11:37:45 +0200] "POST /xmlrpc.php HTTP/1.1" 200 624 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.2)" 196.191.133.60 - - [22/Jun/2026:11:37:46 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.2)" 196.191.133.60 - - [22/Jun/2026:11:37:55 +0200] "POST /xmlrpc.php HTTP/1.1" 200 624 "-" "Jetpack/13.0; WordPress/6.1; http://site78339728.com" 196.191.133.60 - - [22/Jun/2026:11:37:55 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack/13.0; WordPress/6.1; http://site78339728.com" 196.191.133.60 - - [22/Jun/2026:11:38:06 +0200] "POST /xmlrpc.php HTTP/1.1" 200 624 "-" "Jetpack by WordPress.com" ... show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 09:08:46 (18 hours ago)	(mod_security) mod_security (id:240335) triggered by 196.191.133.60 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 196.191.133.60 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 05:08:39.765906 2026] [security2:error] [pid 10792:tid 10792] [client 196.191.133.60:51348] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.191.133.60 (+1 hits since last alert)\|avalderlaw.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "avalderlaw.com"] [uri "/xmlrpc.php"] [unique_id "ajj7l9Xa0UDPQckUS3O0xAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 alferez	2026-06-20 17:11:17 (2 days ago)	xmlrpc.php attack DOS	Hacking Exploited Host Web App Attack
🇳🇱 Site.eu	2026-06-20 14:19:13 (2 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
Anonymous	2026-06-20 12:23:35 (2 days ago)	[redacted] 196.191.133.60 - - [20/Jun/2026:14:22:52 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ... show more [redacted] 196.191.133.60 - - [20/Jun/2026:14:22:52 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 196.191.133.60 - - [20/Jun/2026:14:23:02 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.2)" [redacted] 196.191.133.60 - - [20/Jun/2026:14:23:13 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.3)" [redacted] 196.191.133.60 - - [20/Jun/2026:14:23:23 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 196.191.133.60 - - [20/Jun/2026:14:23:34 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.2)" ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 11:56:22 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 196.191.133.60 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 196.191.133.60 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 07:56:16.396153 2026] [security2:error] [pid 15181:tid 15181] [client 196.191.133.60:36227] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.191.133.60 (+1 hits since last alert)\|hollyndlaw.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "hollyndlaw.com"] [uri "/xmlrpc.php"] [unique_id "ajZ_4L8Pp2T48Yw0WXN1WAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-20 11:53:41 (2 days ago)	(wordpress) Failed wordpress login from 196.191.133.60 (ET/Ethiopia/-)	Brute-Force
🇫🇷 dynamix	2026-06-19 10:33:29 (3 days ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 08:15:24 (4 days ago)	(mod_security) mod_security (id:240335) triggered by 196.191.133.60 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 196.191.133.60 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 04:15:17.774328 2026] [security2:error] [pid 6737:tid 6737] [client 196.191.133.60:64154] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.191.133.60 (+1 hits since last alert)\|internetnameregistration.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "internetnameregistration.com"] [uri "/xmlrpc.php"] [unique_id "ajOpFRT5DZixt6cG_GTW-gAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 15:08:02 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 196.191.133.60 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 196.191.133.60 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 11:07:55.500625 2026] [security2:error] [pid 23893:tid 23893] [client 196.191.133.60:45508] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.191.133.60 (+1 hits since last alert)\|zacharypowers.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "zacharypowers.com"] [uri "/xmlrpc.php"] [unique_id "ajK4S70l-rtlHNNwZyLZIgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 09:59:43 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 196.191.133.60 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 196.191.133.60 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 05:59:36.240872 2026] [security2:error] [pid 9424:tid 9424] [client 196.191.133.60:62221] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.191.133.60 (+1 hits since last alert)\|somehand.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "somehand.com"] [uri "/xmlrpc.php"] [unique_id "ajJwCGGdGkWE1duu6FhCFQAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 06:22:19 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 196.191.133.60 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 196.191.133.60 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 02:22:14.802156 2026] [security2:error] [pid 29065:tid 29145] [client 196.191.133.60:22813] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.191.133.60 (+1 hits since last alert)\|mysticscon.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mysticscon.com"] [uri "/xmlrpc.php"] [unique_id "ajI9FvyuJBcBCeXFvRLnEgAAAcc"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-16 11:33:35 (6 days ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)	Hacking

Showing 1 to 15 of 42 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.131.83.77

🇺🇸 205.210.31.46

🇹🇼 198.235.24.75

🇺🇸 193.56.116.149

🇲🇽 189.165.18.248

🇬🇧 165.227.238.235

🇩🇪 159.89.22.233

🇭🇰 101.36.124.127

🇳🇱 45.156.128.43

🇳🇱 45.156.87.253

🇰🇷 27.35.60.161

🇺🇸 216.73.217.71

🇺🇸 205.210.31.39

🇨🇳 203.93.167.9

🇧🇷 191.37.16.226

🇦🇷 167.250.118.55

🇺🇸 162.216.150.55

🇵🇭 103.105.215.166

🇸🇬 43.160.200.19

🇮🇩 36.85.223.168