JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 197.148.40.111

197.148.40.111 was found in our database!

This IP was reported 58 times. Confidence of Abuse is 80%: ?

80%

ISP	TVCabo Angola, Lda
Usage Type	Fixed Line ISP
ASN	AS36907
Hostname(s)	cust111-40.148.197.tvcabo.ao
Domain Name	tvcabo.ao
Country	🇦🇴 Angola
City	Luanda, Luanda

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 197.148.40.111

Whois 197.148.40.111

IP Abuse Reports for 197.148.40.111:

This IP address has been reported a total of 58 times from 27 distinct sources. 197.148.40.111 was first reported on April 11th 2026, and the most recent report was 12 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇦 SoteriaCovenant	2026-06-15 22:10:56 (12 hours ago)	Automated probe: /xmlrpc.php on Soteria Global infrastructure. No vulnerable software present.	Brute-Force
🇺🇸 TPI-Abuse	2026-06-14 18:29:39 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 197.148.40.111 (cust111-40.148.197.tvcabo.ao): ... show more (mod_security) mod_security (id:240335) triggered by 197.148.40.111 (cust111-40.148.197.tvcabo.ao): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 14:29:32.611036 2026] [security2:error] [pid 916:tid 945] [client 197.148.40.111:62394] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.148.40.111 (+1 hits since last alert)\|rubenluis.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rubenluis.com"] [uri "/xmlrpc.php"] [unique_id "ai7zDCU5MMW3BmRt7PL3wwAAANc"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Tha_14	2026-06-14 16:56:36 (1 day ago)	Limit on login attempts is reached	Brute-Force
Anonymous	2026-06-14 15:55:57 (1 day ago)	[redacted] 197.148.40.111 - - [14/Jun/2026:17:55:13 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ... show more [redacted] 197.148.40.111 - - [14/Jun/2026:17:55:13 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.1; WordPress/6.1; http://site75122215.com" [redacted] 197.148.40.111 - - [14/Jun/2026:17:55:24 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 197.148.40.111 - - [14/Jun/2026:17:55:34 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 197.148.40.111 - - [14/Jun/2026:17:55:45 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 197.148.40.111 - - [14/Jun/2026:17:55:56 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" ... show less	Hacking Web App Attack
🇳🇱 Site.eu	2026-06-14 09:19:18 (2 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇺🇸 integrantservices.com	2026-06-11 19:20:28 (4 days ago)	(wordpress) Failed wordpress login from 197.148.40.111 (AO/Angola/cust111-40.148.197.tvcabo.ao)	Brute-Force
Anonymous	2026-06-09 18:50:31 (6 days ago)	[redacted] 197.148.40.111 - - [09/Jun/2026:20:49:49 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ... show more [redacted] 197.148.40.111 - - [09/Jun/2026:20:49:49 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.2)" [redacted] 197.148.40.111 - - [09/Jun/2026:20:49:58 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.4)" [redacted] 197.148.40.111 - - [09/Jun/2026:20:50:09 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 197.148.40.111 - - [09/Jun/2026:20:50:19 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.4)" [redacted] 197.148.40.111 - - [09/Jun/2026:20:50:30 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.5; WordPress/6.3; http://site37178723.com" ... show less	Hacking Web App Attack
🇳🇱 Site.eu	2026-06-08 21:52:18 (1 week ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇦🇺 QT	2026-06-08 20:27:11 (1 week ago)	Unauthorised WordPress admin login attempted at 2026-06-09 06:27:10 +1000	Web App Attack
🇫🇮 YF	2026-06-08 20:00:43 (1 week ago)	xmlrpc.php Potential DDoS or brute force	DDoS Attack Brute-Force
🇺🇸 TPI-Abuse	2026-06-08 16:56:13 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 197.148.40.111 (cust111-40.148.197.tvcabo.ao): ... show more (mod_security) mod_security (id:240335) triggered by 197.148.40.111 (cust111-40.148.197.tvcabo.ao): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 12:56:09.935240 2026] [security2:error] [pid 29893:tid 29893] [client 197.148.40.111:51090] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.148.40.111 (+1 hits since last alert)\|vintageamptubes.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "vintageamptubes.com"] [uri "/xmlrpc.php"] [unique_id "aib0KXpI3zXtt_WuDryovgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 21:43:51 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 197.148.40.111 (cust111-40.148.197.tvcabo.ao): ... show more (mod_security) mod_security (id:240335) triggered by 197.148.40.111 (cust111-40.148.197.tvcabo.ao): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 17:43:44.531249 2026] [security2:error] [pid 11644:tid 11644] [client 197.148.40.111:56077] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.148.40.111 (+1 hits since last alert)\|pharmaceuticalsalescareerhub.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "pharmaceuticalsalescareerhub.com"] [uri "/xmlrpc.php"] [unique_id "aiXmEMJPnP2NkrEi8kTHpwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-05 01:20:07 (1 week ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇺🇸 TPI-Abuse	2026-06-05 00:50:10 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 197.148.40.111 (cust111-40.148.197.tvcabo.ao): ... show more (mod_security) mod_security (id:240335) triggered by 197.148.40.111 (cust111-40.148.197.tvcabo.ao): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 20:50:03.877230 2026] [security2:error] [pid 29192:tid 29192] [client 197.148.40.111:54448] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 197.148.40.111 (+1 hits since last alert)\|seahattravel.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "seahattravel.com"] [uri "/xmlrpc.php"] [unique_id "aiIdO2nR-AyXmJYKpxKiPgAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 applemooz	2026-06-04 21:31:59 (1 week ago)	WordPress XMLRPC Brute Force Attacks ...	Brute-Force Web App Attack

Showing 1 to 15 of 58 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 208.84.100.240

🇦🇺 203.220.200.243

🇩🇴 200.88.135.160

🇬🇧 193.163.125.187

🇺🇸 162.243.138.30

🇹🇭 125.27.11.173

🇩🇪 104.194.157.233

🇮🇩 103.110.34.131

🇸🇬 47.128.54.19

🇸🇬 43.156.239.194

🇺🇸 43.153.77.90

🇩🇴 2803:e50:ff00:20cf:d048:5755:c0e:ef88

🇺🇸 209.92.184.4

🇳🇱 209.85.218.42

🇲🇦 196.206.98.142

🇬🇧 195.140.214.29

🇵🇾 190.128.241.2

🇱🇹 188.69.246.212

🇮🇩 182.253.58.106

🇮🇩 182.6.164.10