JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 196.46.97.209

196.46.97.209 was found in our database!

This IP was reported 7 times. Confidence of Abuse is 30%: ?

30%

ISP	TTCL GROUP I INFRASTRUCTURE
Usage Type	Fixed Line ISP
ASN	AS33765
Hostname(s)	so-1-0.core-mbeya.core-dsm.ttcldata.net
Domain Name	ttcl.co.tz
Country	🇹🇿 Tanzania, the United Republic of
City	Mwanza, Mwanza

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 196.46.97.209

Whois 196.46.97.209

IP Abuse Reports for 196.46.97.209:

This IP address has been reported a total of 7 times from 4 distinct sources. 196.46.97.209 was first reported on June 23rd 2026, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 rh24	2026-06-24 06:01:04 (3 days ago)	(xmlrpc_405) XMLRPC-Bot 405 196.46.97.209 (TZ/Tanzania/so-1-0.core-mbeya.core-dsm.ttcldata.net)	Hacking
🇺🇸 TPI-Abuse	2026-06-24 04:52:19 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 196.46.97.209 (so-1-0.core-mbeya.core-dsm.ttcld ... show more (mod_security) mod_security (id:240335) triggered by 196.46.97.209 (so-1-0.core-mbeya.core-dsm.ttcldata.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 00:52:14.656643 2026] [security2:error] [pid 12190:tid 12215] [client 196.46.97.209:61418] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.46.97.209 (+1 hits since last alert)\|supercyprus.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "supercyprus.com"] [uri "/xmlrpc.php"] [unique_id "ajtifqTmReV2qNgHRfeKwgAAAFc"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-24 04:48:55 (3 days ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)	Hacking
🇩🇪 big-cloud.nl	2026-06-23 15:39:28 (4 days ago)	Try to access /xmlrpc.php	Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 14:26:37 (4 days ago)	(mod_security) mod_security (id:240335) triggered by 196.46.97.209 (so-1-0.core-mbeya.core-dsm.ttcld ... show more (mod_security) mod_security (id:240335) triggered by 196.46.97.209 (so-1-0.core-mbeya.core-dsm.ttcldata.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 10:26:32.457023 2026] [security2:error] [pid 10688:tid 10688] [client 196.46.97.209:62318] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.46.97.209 (+1 hits since last alert)\|anthonyanimalclinic.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "anthonyanimalclinic.net"] [uri "/xmlrpc.php"] [unique_id "ajqXmMMBwXlZzPdXAE_RrQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 13:31:54 (4 days ago)	(mod_security) mod_security (id:240335) triggered by 196.46.97.209 (so-1-0.core-mbeya.core-dsm.ttcld ... show more (mod_security) mod_security (id:240335) triggered by 196.46.97.209 (so-1-0.core-mbeya.core-dsm.ttcldata.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 09:31:48.350899 2026] [security2:error] [pid 26727:tid 26727] [client 196.46.97.209:59085] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.46.97.209 (+1 hits since last alert)\|designingdestinynow.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "designingdestinynow.com"] [uri "/xmlrpc.php"] [unique_id "ajqKxPIjuzxTPraSx9qTqAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 11:51:04 (4 days ago)	(mod_security) mod_security (id:240335) triggered by 196.46.97.209 (so-1-0.core-mbeya.core-dsm.ttcld ... show more (mod_security) mod_security (id:240335) triggered by 196.46.97.209 (so-1-0.core-mbeya.core-dsm.ttcldata.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 07:50:59.348090 2026] [security2:error] [pid 7959:tid 7959] [client 196.46.97.209:62684] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.46.97.209 (+1 hits since last alert)\|airtechconsulting.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "airtechconsulting.com"] [uri "/xmlrpc.php"] [unique_id "ajpzI7aHiKbjzuoMMW6bgAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 7 of 7 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 218.13.26.42

🇵🇰 153.117.15.57

🇭🇰 119.28.9.170

🇧🇬 79.124.56.246

🇮🇷 78.109.200.147

🇹🇼 61.223.110.66

🇳🇱 45.148.10.152

🇬🇧 35.179.155.80

🇳🇴 20.100.178.199

🇩🇪 213.209.159.227

🇬🇪 212.58.120.212

🇹🇭 202.183.141.189

🇭🇰 199.45.154.188

🇧🇷 191.53.179.133

🇨🇴 190.251.99.167

🇩🇴 152.0.36.188

🇺🇸 147.185.132.14

🇹🇭 124.120.204.220

🇧🇩 103.135.252.3

🇬🇧 81.19.219.237