JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 196.191.184.252

196.191.184.252 was found in our database!

This IP was reported 73 times. Confidence of Abuse is 72%: ?

72%

ISP	Ethio Telecom
Usage Type	Fixed Line ISP
ASN	AS24757
Domain Name	ethiotelecom.et
Country	🇪🇹 Ethiopia
City	Shashamane, Oromiya

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 196.191.184.252

Whois 196.191.184.252

IP Abuse Reports for 196.191.184.252:

This IP address has been reported a total of 73 times from 29 distinct sources. 196.191.184.252 was first reported on March 3rd 2026, and the most recent report was 18 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-29 13:10:14 (18 hours ago)	(mod_security) mod_security (id:240335) triggered by 196.191.184.252 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 196.191.184.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 09:10:09.653681 2026] [security2:error] [pid 9297:tid 9297] [client 196.191.184.252:53620] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.191.184.252 (+1 hits since last alert)\|bickleton.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bickleton.org"] [uri "/xmlrpc.php"] [unique_id "akJusfQtlsD4TGNGajxcnwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Lunix	2026-06-29 10:32:45 (21 hours ago)		Brute-Force Web App Attack
🇫🇷 dynamix	2026-06-29 10:32:33 (21 hours ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇪🇸 masterguru	2026-06-29 07:31:05 (1 day ago)	(xmlrpc) Failed xmlrpc access from 196.191.184.252 (ET/Ethiopia/-): 5 in the last 3600 secs (0-122)	Hacking
🇺🇸 TPI-Abuse	2026-06-26 13:26:26 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 196.191.184.252 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 196.191.184.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 09:26:23.070932 2026] [security2:error] [pid 29144:tid 29144] [client 196.191.184.252:8970] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.191.184.252 (+1 hits since last alert)\|superzilla.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "superzilla.com"] [uri "/xmlrpc.php"] [unique_id "aj59_xk0TB9u4x7qAlww5AAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 12:57:14 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 196.191.184.252 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 196.191.184.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 08:57:07.602548 2026] [security2:error] [pid 16749:tid 16779] [client 196.191.184.252:46141] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.191.184.252 (+1 hits since last alert)\|cynosureinternetservices.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cynosureinternetservices.com"] [uri "/xmlrpc.php"] [unique_id "aj53I-FlliUPKA8-l4uaqwAAAJY"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-26 12:53:57 (3 days ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 11:55:13 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 196.191.184.252 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 196.191.184.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 07:55:05.673555 2026] [security2:error] [pid 6857:tid 6857] [client 196.191.184.252:13177] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.191.184.252 (+1 hits since last alert)\|legacy-insight.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "legacy-insight.com"] [uri "/xmlrpc.php"] [unique_id "aj5omV3Zklhej1jmlAASQgAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 06:16:20 (4 days ago)	(mod_security) mod_security (id:225170) triggered by 196.191.184.252 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:225170) triggered by 196.191.184.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 02:16:16.344677 2026] [security2:error] [pid 24042:tid 24042] [client 196.191.184.252:23328] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|lakependoreillemobility.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "lakependoreillemobility.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aj4ZMBsiWBtUIalmJmbDfAAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-23 07:09:48 (1 week ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇩🇪 konseptit	2026-06-19 13:29:36 (1 week ago)	(wordpress) Failed wordpress login from 196.191.184.252 (ET/Ethiopia/-)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-19 11:27:54 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 196.191.184.252 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 196.191.184.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 07:27:47.472697 2026] [security2:error] [pid 22022:tid 22022] [client 196.191.184.252:9302] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.191.184.252 (+1 hits since last alert)\|yogawithbubba.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "yogawithbubba.com"] [uri "/xmlrpc.php"] [unique_id "ajUnsy1ujyZf56H4kwKSrQAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-19 07:09:51 (1 week ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇫🇷 masterguru	2026-06-19 06:40:03 (1 week ago)	(xmlrpc) Apache: Failed xmlrpc access from 196.191.184.252 (ET/Ethiopia/-): 10 in the last 3600 secs ... show more (xmlrpc) Apache: Failed xmlrpc access from 196.191.184.252 (ET/Ethiopia/-): 10 in the last 3600 secs (0-201) show less	Hacking
🇪🇸 masterguru	2026-06-19 05:42:09 (1 week ago)	(xmlrpc) Failed xmlrpc access from 196.191.184.252 (ET/Ethiopia/-): 5 in the last 3600 secs (0-122)	Hacking

Showing 1 to 15 of 73 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 185.242.3.195

🇬🇧 172.68.205.90

🇬🇧 167.99.88.130

🇧🇬 79.124.62.230

🇺🇸 50.6.228.32

🇹🇹 2803:1500:c00:81b7:4d73:fecc:20c5:4e86

🇦🇹 209.242.201.79

🇫🇷 195.154.118.29

🇧🇷 177.85.68.218

🇦🇺 170.64.206.118

🇬🇧 167.99.86.233

🇺🇸 167.99.53.200

🇳🇱 167.99.46.113

🇧🇷 152.67.46.203

🇺🇸 142.93.67.225

🇩🇪 139.59.208.225

🇨🇳 114.244.78.166

🇳🇵 110.34.12.168

🇧🇩 103.225.218.1

🇸🇬 103.187.147.165