JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 196.39.13.31

196.39.13.31 was found in our database!

This IP was reported 11 times. Confidence of Abuse is 41%: ?

41%

ISP	Dimension Data
Usage Type	Fixed Line ISP
ASN	AS20011
Hostname(s)	196-39-13-31.ftth.web.africa
Domain Name	global.ntt
Country	🇿🇦 South Africa
City	Johannesburg, Gauteng

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 196.39.13.31

Whois 196.39.13.31

IP Abuse Reports for 196.39.13.31:

This IP address has been reported a total of 11 times from 6 distinct sources. 196.39.13.31 was first reported on June 22nd 2026, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-25 08:31:18 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 196.39.13.31 (196-39-13-31.ftth.web.africa): 1 ... show more (mod_security) mod_security (id:240335) triggered by 196.39.13.31 (196-39-13-31.ftth.web.africa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 04:31:11.874988 2026] [security2:error] [pid 11521:tid 11521] [client 196.39.13.31:62497] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.39.13.31 (+1 hits since last alert)\|illumoonatedtarot.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "illumoonatedtarot.com"] [uri "/xmlrpc.php"] [unique_id "ajznTxg6SXhUPuKkHcpZYAAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 17:20:54 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 196.39.13.31 (196-39-13-31.ftth.web.africa): 1 ... show more (mod_security) mod_security (id:240335) triggered by 196.39.13.31 (196-39-13-31.ftth.web.africa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 13:20:51.225868 2026] [security2:error] [pid 31354:tid 31354] [client 196.39.13.31:49333] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.39.13.31 (+1 hits since last alert)\|monogay.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "monogay.org"] [uri "/xmlrpc.php"] [unique_id "ajwR87ywZDYsq025mWFiqwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-24 10:50:36 (3 days ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇱🇻 garmtech.com	2026-06-24 10:32:58 (3 days ago)	IM360 WAF: Rate limit exceeded for XMLRPC DoS	Web App Attack
🇱🇻 garmtech.com	2026-06-24 10:31:43 (3 days ago)	IM360 WAF: Rate limit exceeded for XMLRPC DoS (fault code)	Web App Attack
Anonymous	2026-06-23 15:44:33 (4 days ago)	196.39.13.31 - - [23/Jun/2026:17:44:12 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by Wo ... show more 196.39.13.31 - - [23/Jun/2026:17:44:12 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.1)" 196.39.13.31 - - [23/Jun/2026:17:44:12 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.1)" 196.39.13.31 - - [23/Jun/2026:17:44:22 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "WordPress.com; https://wordpress.com" 196.39.13.31 - - [23/Jun/2026:17:44:22 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "WordPress.com; https://wordpress.com" 196.39.13.31 - - [23/Jun/2026:17:44:32 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com" ... show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 10:44:45 (4 days ago)	(mod_security) mod_security (id:240335) triggered by 196.39.13.31 (196-39-13-31.ftth.web.africa): 1 ... show more (mod_security) mod_security (id:240335) triggered by 196.39.13.31 (196-39-13-31.ftth.web.africa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 06:44:40.685785 2026] [security2:error] [pid 26785:tid 26785] [client 196.39.13.31:57165] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.39.13.31 (+1 hits since last alert)\|tarekshohaieb.online\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tarekshohaieb.online"] [uri "/xmlrpc.php"] [unique_id "ajpjmIsqx904jsVpd3k6qQAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 masterguru	2026-06-23 10:43:24 (4 days ago)	(xmlrpc) Failed xmlrpc access from 196.39.13.31 (ZA/South Africa/196-39-13-31.ftth.web.africa): 5 in ... show more (xmlrpc) Failed xmlrpc access from 196.39.13.31 (ZA/South Africa/196-39-13-31.ftth.web.africa): 5 in the last 3600 secs (0-122) show less	Hacking
Anonymous	2026-06-22 21:12:31 (4 days ago)	(wordpress) Failed wordpress login from 196.39.13.31 (ZA/South Africa/Gauteng/Johannesburg/196-39-13 ... show more (wordpress) Failed wordpress login from 196.39.13.31 (ZA/South Africa/Gauteng/Johannesburg/196-39-13-31.ftth.web.africa/[redacted]) show less	Brute-Force
🇺🇸 TPI-Abuse	2026-06-22 19:47:51 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 196.39.13.31 (196-39-13-31.ftth.web.africa): 1 ... show more (mod_security) mod_security (id:240335) triggered by 196.39.13.31 (196-39-13-31.ftth.web.africa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 15:47:47.356353 2026] [security2:error] [pid 29103:tid 29103] [client 196.39.13.31:53931] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.39.13.31 (+1 hits since last alert)\|proyectando.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "proyectando.com"] [uri "/xmlrpc.php"] [unique_id "ajmRY-Jwc9Pp24cS5jB2HgAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 16:11:34 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 196.39.13.31 (196-39-13-31.ftth.web.africa): 1 ... show more (mod_security) mod_security (id:240335) triggered by 196.39.13.31 (196-39-13-31.ftth.web.africa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 12:11:29.870770 2026] [security2:error] [pid 25727:tid 25727] [client 196.39.13.31:62455] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.39.13.31 (+1 hits since last alert)\|airdriedrivingschool.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "airdriedrivingschool.com"] [uri "/xmlrpc.php"] [unique_id "ajlescK5Vf-n5xzrKtbIcwAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 11 of 11 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.25.89.71

🇩🇪 213.209.159.227

🇩🇪 128.1.120.131

🇨🇳 112.0.140.68

🇳🇱 45.148.10.121

🇸🇪 20.91.188.128

🇭🇰 14.136.93.28

🇨🇳 8.138.104.235

🇬🇧 188.122.37.97

🇷🇺 178.47.132.168

🇵🇱 176.115.245.9

🇺🇸 162.216.149.52

🇩🇪 149.233.232.88

🇺🇸 147.185.132.79

🇺🇸 138.59.6.151

🇬🇧 123.58.207.81

🇨🇳 39.190.119.202

🇭🇰 8.217.224.175

🇹🇼 198.235.24.79

🇺🇸 170.106.74.215